Privacy Policy
Last updated: May 2025
Who we are
NOETA is an SSIP accreditation facilitation service operated by [Company Name], registered in England and Wales.
What data we collect
- Company information provided during intake (company name, address, CH number, workforce details)
- Contact details (email address used for sign-in)
- Documents you upload (H&S policies, insurance certificates, risk assessments, training records)
- Information derived from document analysis
How we use your data
- To assess your company's evidence against SSIP Core Criteria
- To prepare missing or deficient documents
- To generate your submission-ready accreditation pack
- To improve the accuracy of our document analysis over time
Data retention
Your data is retained for 24 months from the date your application is created. After this period, your documents and personal information are deleted automatically. You can request deletion at any time from your dashboard.
Third-party services
- Supabase — database and file storage (EU data centre)
- Anthropic — document analysis (data not used for model training per Anthropic API terms)
Your rights
Under UK GDPR you have the right to access, correct, or delete your personal data. Contact us at [email] to exercise any of these rights.
This is a draft privacy policy. A legally reviewed version will be published before NOETA accepts paying customers.