1. The Principle of Data Minimisation
Data minimisation is the practice of collecting and processing only the data that is strictly necessary for a defined purpose. It is one of the seven data protection principles under GDPR (Article 5(1)(c)) and is central to responsible data governance.
SafetyMeter was designed from the ground up with data minimisation as a core architectural principle — not an afterthought. We believe the best way to protect your data is to avoid handling it in the first place.
2. What We Do Not Collect or Store
SafetyMeter does not collect, store, or process the following:
- User accounts, profiles, or credentials
- Assessment results, risk scores, or harm modeling outputs after your session ends
- Product descriptions or form inputs you enter into our tools
- IP addresses linked to individual identities
- Device fingerprints or persistent tracking identifiers
- Behavioural data (which buttons you clicked, how long you spent on a page)
- Personal data about your end users, customers, or employees
- Financial, health, or other regulated categories of data
We also do not use advertising networks, retargeting pixels, or third-party analytics platforms that track individual users across sessions or sites.
3. What We Do Collect (Minimal)
A small amount of data is necessarily processed for the platform to function:
| Data | Why | Retained? |
|---|---|---|
| Form inputs (product name, description, answers) | To generate your assessment within the session | No — processed transiently, not stored |
| Structured assessment scores | To pass to the AI narrative layer and to render your report | No — in-session only |
| Contact form submissions (via the consultation form) | To deliver your message to info@trustedtechafrica.com | No — forwarded by email, not stored in a database |
| Server function request logs (timestamp, status code, anonymised IP) | Debugging and abuse detection | 30 days maximum, then auto-deleted |
| Strictly necessary cookies (session management) | Platform functionality | Session-scoped; expire on browser close or per our Cookie Policy |
4. How Processing Works
Browser-Side Processing
The majority of SafetyMeter's deterministic scoring engine runs entirely within your browser (client-side JavaScript). Your form inputs are processed locally and never need to leave your device for the base scoring to complete. Results are held in browser memory for the duration of your session.
Server-Side Processing (AI Narrative Only)
When AI narrative generation is triggered, structured data (scores and a summary of your product inputs) is transmitted to our server-side API function, which forwards it to Anthropic's Claude API. The server function processes the response and returns the narrative to your browser. This data is not written to any database at any point in this flow.
Session-Scoped Storage
SafetyMeter may use browser sessionStorage to temporarily hold assessment state while you navigate between pages in a single session. This data is automatically cleared when you close the browser tab or window. We do not use localStorage or persistent cookies to store assessment data.
5. PDF and Report Downloads
When you download a PDF report, it is generated entirely client-side using your browser's resources. The PDF is not generated on our servers, not stored anywhere, and not associated with your identity. Once downloaded, the file is entirely under your control.
6. Right to Erasure — Not Applicable
Because we do not retain your data, a formal erasure request (GDPR Article 17 "right to be forgotten") is effectively already satisfied by default. If you are concerned that any residual data may exist (for example, from a contact form submission), please contact us at info@trustedtechafrica.com and we will confirm what, if anything, is held.
7. Future Features
If we introduce features that require persistent data storage (such as saved assessments, user accounts, or longitudinal tracking), we will:
- Update this policy before launching such features
- Make opt-in storage explicit and clearly communicated at the point of collection
- Provide easy mechanisms to delete stored data at any time
- Not retroactively apply new data collection to existing sessions
8. Contact
For questions about how we handle your data, contact info@trustedtechafrica.com.