Legal

Privacy Policy

Last updated: June 21, 2026

This Privacy Policy explains how Toolbox Minute (“Toolbox Minute,” “we,” “us”), operated by [Company Legal Name], collects, uses, and shares information when you use our website and the Toolbox Minute admin application (together, the “Service”). Toolbox Minute is a business-to-business safety-training service: an employer (our “Customer”) subscribes and we deliver short daily safety lessons to that Customer’s workers and keep a record of completions.

Our role: controller vs. processor

For account and billing data of the administrators who sign up, we act as a data controller. For worker rosters and training-completion records that a Customer loads into or generates through the Service, we act as a data processor on that Customer’s behalf — the employer is the controller of that data. If you are a worker and want to access or correct your training records, please contact your employer.

Information we collect

  • Account information — administrator name, email address, display name, role, and a securely hashed password.
  • Customer & company information — company name, locations, time zone, and subscription settings.
  • Worker & training data — the employee roster a Customer provides (such as name or employee identifier) and the record of which lessons were watched and answered, including timestamps, for compliance and audit purposes.
  • Payment information — subscriptions are billed through Stripe. We do not store full card numbers; Stripe processes payment details and returns only limited identifiers and status to us.
  • Usage & device data — log data such as IP address, browser type, pages viewed, and timestamps, used for security and to operate the Service.
  • Cookies — we use strictly necessary cookies to keep you signed in. See “Cookies” below.

How we use information

  • To provide, maintain, and secure the Service and deliver lessons and quizzes.
  • To record training completions and produce audit-ready compliance reports for the Customer.
  • To process subscriptions, trials, and payments, and to send service-related communications.
  • To provide support, prevent fraud and abuse, and comply with legal obligations.
  • To improve the Service. We do not sell personal information.

Service providers & sub-processors

We share information only with providers that help us run the Service, under contracts that limit their use of it:

  • Stripe — subscription billing and payment processing.
  • Cloudflare — secure hosting, delivery, and storage of lesson video and images.
  • Microsoft Azure — cloud infrastructure and text-to-speech narration.
  • Google — automated review and generation of training visuals.

We may also disclose information if required by law, to protect our rights or users’ safety, or in connection with a merger or sale of assets (subject to this Policy).

Cookies

We use essential, first-party cookies to authenticate your session and remember your sign-in. These are required for the Service to function; we do not use advertising or third-party tracking cookies.

Data retention

We retain account data for as long as an account is active. Training-completion records are retained according to the Customer’s instructions and compliance needs, and may be kept for the period required to demonstrate regulatory compliance. We delete or anonymize data when it is no longer needed for these purposes or as required by law.

Security

We protect information with encryption in transit, hashed passwords, role-based access controls, and tenant isolation so that one company’s data is not accessible to another. No method of transmission or storage is completely secure, but we work to protect your information and to notify affected parties of incidents as required by law.

Your choices & rights

Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to or restrict certain processing. Administrators can update account details or change a password in Account settings. For worker training records, contact the employer that operates the account. To exercise a right we control, contact us using the details below; we will respond as required by applicable law.

Children’s privacy

The Service is intended for workplace use by adults and is not directed to children under 16. We do not knowingly collect personal information from children.

International users

We operate in the United States and process information there. If you access the Service from outside the United States, you understand your information may be transferred to and processed in the United States.

Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, provide additional notice.

Contact us

Questions about this Policy or our privacy practices? Email [email protected] or write to [Company Legal Name], [Mailing Address].