PlantOps AI

Privacy Policy

Last updated: March 2026

What this policy covers

This privacy policy explains what data PlantOps AI collects, why we collect it, who we share it with, and what rights you have. We wrote it in plain language because you shouldn't need a lawyer to understand how your data is handled.

PlantOps AI is a SaaS platform that helps food processing plants generate compliance and safety documents using AI. This policy applies to all users of plantopsai.com.

What we collect

We collect only what we need to provide the service:

  • Account information: Your name, email address, and password. Passwords are hashed using bcrypt before storage — we never store your password in plain text and cannot read it.
  • Plant information: Details about your plant operations that you enter, including plant name, location, departments, equipment, and processes. This is used to generate accurate, plant-specific documents.
  • Employee names and roles: Names and job titles of employees you add, used to populate generated documents such as training materials and safety procedures.
  • Generated documents: The JSA, SOP, LOTO, and training documents that PlantOps AI creates for you. These are stored so you can access, edit, and export them.
  • Payment information: Billing is handled entirely by Stripe. We do not store your credit card number, CVC, or full card details on our servers. We receive only a Stripe customer ID and subscription status.

How we use your data

  • Document generation: Your plant information, employee details, and document requests are sent to the Anthropic Claude API to generate safety and compliance documents. Anthropic processes this data according to their privacy policy. Under Anthropic's API terms, data sent through their API is not used to train their models.
  • Authentication: Your email and hashed password are used to verify your identity when you log in.
  • Transactional email: We use Resend to send you account-related emails such as welcome messages and password reset links. We do not send marketing emails without your consent.
  • Payments: Stripe processes your payments and manages your subscription. We use your Stripe customer ID to track your subscription status.

Third-party services

We use the following third-party services to operate PlantOps AI:

  • Anthropic (Claude API): AI document generation. Your plant data and document prompts are sent to Anthropic's API. Anthropic does not use API data to train models.
  • Stripe: Payment processing. Stripe handles all credit card data directly — it never touches our servers.
  • Resend: Transactional email delivery. Resend receives your email address to deliver account-related messages.
  • Hetzner: Server hosting. Our application and database are hosted on Hetzner servers in Helsinki, Finland (EU).

We do not use advertising trackers, analytics scripts, or any third-party services beyond those listed above.

Cookies

We use a single cookie for authentication. When you log in, we set an HTTP-only session cookie containing a signed JWT token. This cookie is used solely to keep you logged in — it is not used for tracking or advertising. The cookie expires after 7 days.

We do not use third-party cookies, advertising cookies, or tracking pixels.

Data storage and security

Your data is stored in a PostgreSQL database on a Hetzner server in Helsinki, Finland, within the European Union. This means your data is subject to EU data protection regulations, including GDPR.

We protect your data with encrypted connections (TLS), hashed passwords (bcrypt), HTTP-only secure cookies, and restricted database access. We do not guarantee that security measures are impenetrable — no one honestly can — but we take reasonable steps to protect your data.

Data selling and sharing

We do not sell your data. We do not share your data with third parties for advertising or marketing purposes. Your data is shared only with the third-party services listed above, only to the extent necessary to provide the service.

Your rights

You have the right to:

  • Access your data: Request a copy of all data we hold about you.
  • Correct your data: Update or fix any inaccurate information.
  • Delete your data: Request deletion of your account and all associated data. We will delete your data within 30 days of your request.
  • Export your data: Download your plant information and generated documents at any time.
  • Withdraw consent: You can stop using the service and request account deletion at any time.

To exercise any of these rights, email us at support@plantopsai.com.

Data retention

We retain your data for as long as your account is active. If you delete your account, we delete all your data within 30 days. Backups that include your data are rotated and deleted within 90 days.

Children's privacy

PlantOps AI is a business tool for industrial plant operations. It is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

Changes to this policy

If we make significant changes to this policy, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of PlantOps AI after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or how we handle your data, contact us at support@plantopsai.com.

PlantOps AI