1. Introduction
 
RISE SMS, LLC (“RISE SMS,” “we,” “our,” or “us”) provides a Safety Management System platform designed to support aviation safety, compliance, and operational risk management.
 
This Privacy Policy describes how we collect, use, process, and protect personal data and other information when you:
 

• Visit our website (risesms.com)

• Use our software platform and services (the “Service”)

• Interact with us for sales, support, or marketing purposes

 
By using our Service, you agree to the terms of this Privacy Policy.
 
 
2. Key Definitions
 
Personal Data
Information that identifies or can be used to identify an individual (e.g., name, email, phone number).
 
Usage Data
Information collected automatically (e.g., IP address, browser type, pages visited).
 
Customer Data (Safety Data)
Data submitted by customers within the platform, including hazard reports, incident reports, risk assessments, and operational safety information.
 
Data Controller
The entity that determines how and why personal data is processed.
 
Data Processor
An entity that processes data on behalf of a Data Controller.
 
3. Our Role: Controller vs. Processor
 
RISE SMS acts in different roles depending on the data:
 
As a Data Controller
 
We act as a Data Controller for:
 

• Website visitors

• Marketing contacts

• Account registration and billing data

 
As a Data Processor
 
We act as a Data Processor for Customer Data (Safety Data) submitted into the platform.
 
In this case:
 

• Our customers (operators) are the Data Controllers

• We process data only on their instructions
   

4. Types of Data We Collect
 
4.1 Personal Data
 
You may provide:
 

• Name

• Email address

• Phone number

• Company/organization information

• Billing and payment details
   

4.2 Usage Data
 
Collected automatically:
 

• IP address

• Browser and device information

• Pages visited and session duration

• System activity logs
  
   

4.3 Customer Data (Safety Data)
 
Submitted within the platform by customers, including:
 

• Hazard and incident reports

• Risk assessments

• Safety investigations and corrective actions

• Operational and compliance-related records
   

Some of this data may include:
 

• Employee-submitted reports

• Anonymous safety reports

• Operational safety information
   

5. Anonymous Reporting
 
RISE SMS supports anonymous safety reporting.
 

• Users may submit reports without identifying information

• We do not attempt to re-identify anonymous submissions

• Customers control how anonymous data is handled within their organization
   

6. How We Use Data
 
We use data to:
 

• Provide and maintain the Service

• Process transactions and manage accounts

• Deliver customer support

• Improve platform performance and usability

• Monitor system security and integrity

• Communicate product updates and relevant services

• Comply with legal and regulatory obligations
   

We do not sell personal data.
 
7. Legal Basis for Processing (GDPR)
 
For individuals in the European Economic Area (EEA), we process data under:
 

• Contractual necessity

• Consent (e.g., marketing communications)

• Legitimate interests (e.g., improving services)

• Legal obligations
   

8. Cookies and Tracking Technologies
 
We use cookies and similar technologies to:
 

• Operate the website

• Analyze usage (e.g., Google Analytics, Microsoft Clarity)

• Support marketing efforts (e.g., HubSpot)
   

Consent Management
 
We use a consent management platform to manage cookie preferences:

• Non-essential cookies require consent

• Users can choose to accept or decline non-essential cookies

• Consent can be withdrawn at any time
   

9. Data Retention
 
We retain data only as long as necessary:
 

• Account and billing data: retained for the duration of the relationship and as required by law

• Usage data: retained for analytics and security purposes

• Customer Data: retained according to customer instructions and system configuration
   

Customers are responsible for defining retention policies for their operational safety data where applicable.
 
10. Data Security
 
We implement industry-standard security measures, including:
 

• Encryption of data in transit (TLS)

• Encryption of data at rest (where applicable)

• Role-based access controls

• Authentication and authorization controls

• System monitoring and audit logging

• Secure infrastructure and hosting environments
   

While no system is completely secure, we continuously work to protect data against unauthorized access, loss, or misuse.
 
11. Data Breach Notification
 
In the event of a data breach affecting personal data, RISE SMS will:
 

• Investigate and mitigate the issue promptly

• Notify affected customers and/or users as required by applicable law

• Provide relevant details and recommended actions
   

12. Data Sharing and Disclosure
 
We may share data in the following circumstances:
 
Service Providers (Subprocessors)
 
We use trusted third-party providers to support our operations, including:
 

• Analytics providers (e.g., Google Analytics, Microsoft Clarity)

• Payment processors (e.g., Stripe)

• CRM and communication tools (e.g., HubSpot)

• Logging and monitoring tools
   

These providers:
 

• Are contractually bound to protect data

• May only process data on our instructions
   

Legal Requirements
 
We may disclose data if required by:
 

• Law

• Court order

• Government authority
   

Business Transfers
 
If RISE SMS is involved in a merger, acquisition, or asset sale, data may be transferred with notice provided.
 
13. International Data Transfers
 
Data may be processed outside your jurisdiction, including in the United States.
 
Where required, we implement appropriate safeguards, such as:
 

• Standard Contractual Clauses (SCCs)

• Equivalent legal mechanisms
   

14. Your Privacy Rights
 
GDPR (EEA Users)
 
You have the right to:
 

• Access your data

• Correct inaccurate data

• Request deletion

• Restrict processing

• Object to processing

• Request data portability
   

California Privacy Rights (CCPA/CPRA)
 
California residents have the right to:
 

• Know what personal data is collected

• Request deletion of personal data

• Correct inaccurate data

• Opt out of the sale of personal data
   

RISE SMS does not sell personal data.
 
15. Data Ownership
 
Customers retain ownership of all Customer Data submitted to the platform.
 
RISE SMS processes this data solely to provide the Service and in accordance with customer instructions.
 
16. Data Processing Agreement (DPA)
 
RISE SMS offers a Data Processing Agreement (DPA) to customers where required for compliance with GDPR and other data protection laws.
 
17. Third-Party Links
 
Our Service may contain links to external websites. We are not responsible for their privacy practices.
 
18. Children’s Privacy
 
Our Service is not intended for individuals under 18. We do not knowingly collect data from children.
 
19. Changes to This Policy
 
We may update this Privacy Policy periodically. Updates will be posted with a revised “Last Updated” date.
 
20. Contact Us
 
If you have questions about this Privacy Policy or your data, contact:
 
RISE SMS, LLC
Email: support@risesms.com