RiskASMRiskASM
Privacy policy

How RiskASM handles privacy

Learn how RiskASM handles privacy when you browse the site, use a generator, create a draft PDF, contact us, or interact with cookies and analytics technologies.

Last updated July 15, 2026

1. Who we are and what this policy covers

RiskASM is the operator of this website and is the controller for personal information collected through the public website.

This Privacy Policy applies to the RiskASM website, including the assessment library, individual risk assessment generator pages, source map, blog, help center, contact page, privacy policy page, terms page, cookie policy page, disclaimer page, and other public pages.

RiskASM is intended for professional and business use. You do not need to create an account to browse the public site or use the public generators.

2. What RiskASM provides

RiskASM provides public risk assessment generator pages that help users create draft risk assessment content for internal review. A generator may include preloaded hazards, suggested controls, risk scoring fields, optional action plan details, and a draft PDF export feature.

RiskASM does not provide legal, safety, compliance, engineering, medical, regulatory, or professional advice. Generated assessments are draft documents only. Users are responsible for reviewing, validating, adapting, and approving any output before operational use.

The public generator can be used without creating an account. Information entered into the generator is used to display and prepare the draft assessment in the browser. We do not intentionally store completed assessments, hazard entries, notes, owner names, target dates, or generated PDF content on our servers unless you choose to send that information to us, for example by email or through a contact request.

Users should avoid entering unnecessary personal, sensitive, health, confidential, or production business information into the public generator.

3. Information we collect

We collect information in several ways.

Information you choose to send us.

If you contact us by email, contact form, or another communication channel, we may receive your name, email address, organization name, and the content of your message. If you include other information in your message, we will receive that information too.

Generator inputs.

RiskASM's public generators allow users to enter assessment information such as hazards, controls, notes, owners, target dates, and other draft assessment details.

The generator is designed to use this information in the browser so you can review the draft assessment and generate a draft PDF. We do not intentionally store completed assessment drafts or generated PDF content on our servers unless you choose to send that information to us.

Technical and operational information.

When you visit the website, we and our infrastructure providers may receive technical information such as IP address, browser type, device information, pages viewed, approximate timestamps, error information, request metadata, security events, and similar log data.

We use this information to operate, secure, debug, protect, and improve the website.

Cloudflare.

RiskASM uses Cloudflare for website hosting, delivery, performance, and security. Cloudflare may process limited technical information, including IP addresses, request metadata, traffic routing data, security events, and similar operational information to help deliver and protect the website.

Google Search Console.

RiskASM uses Google Search Console to review aggregated search performance and indexing information for the site, such as impressions, clicks, search queries, indexing status, and technical search issues.

Google Analytics.

RiskASM uses Google Analytics to understand how visitors use the website and to improve public content and website performance.

Google Analytics may collect usage information such as page views, events, approximate location, device type, browser information, referrer information, and interaction data. Google Analytics may use cookies or similar technologies depending on your location and consent choices.

4. What we do not currently do

We do not require users to create an account to use the public website.

We do not intentionally store completed assessment drafts or generated PDF content on our servers unless you choose to send that information to us.

We do not intentionally use public generator inputs to train artificial intelligence models.

We do not currently sell personal information.

We do not currently share personal information for cross-context behavioral advertising.

We do not currently use advertising cookies, retargeting pixels, or personalized advertising technologies.

If we introduce advertising, sponsored placements, affiliate links, retargeting, or ad network technologies in the future, we will update this Privacy Policy and provide any required notice, consent controls, or opt-out choices.

5. How we use information

We use information for the following purposes:

  • to operate, maintain, secure, and improve the website
  • to provide public generator functionality
  • to allow users to review and generate draft PDF assessments in the browser
  • to respond to messages, questions, or requests
  • to diagnose technical problems and fix errors
  • to understand which public pages are being used
  • to measure website traffic and content performance
  • to review search performance and indexing status
  • to protect the site from spam, abuse, security threats, or misuse
  • to maintain reasonable business, legal, and operational records
  • to comply with legal obligations where applicable

We do not use the public generator to make automated decisions that produce legal or similarly significant effects about users.

6. Legal bases for UK and EU users

If you are in the United Kingdom or the European Economic Area, we process personal data only where we have a lawful basis.

Depending on the situation, the lawful basis may be legitimate interests, consent, contract-related steps, or legal obligation.

Legitimate interests - to operate, secure, maintain, troubleshoot, and improve the website; respond to messages; keep reasonable records; understand site performance; review search performance; and protect against misuse.

Consent - where consent is required for analytics cookies, advertising cookies, similar technologies, or other optional processing.

Contract-related steps - where you ask us to take steps before entering into a contract or provide information connected with a requested service.

Legal obligation - where processing is necessary to comply with applicable law, legal requests, recordkeeping duties, or regulatory obligations.

Our legitimate interests are balanced against the rights and freedoms of users. We aim to collect only information that is relevant and proportionate for the purposes described in this policy.

7. Cookies, analytics, and similar technologies

RiskASM uses cookies and similar technologies for website operation, security, analytics, and measurement.

We use Google Analytics to understand site traffic and performance. Where required by law, analytics cookies or similar technologies are only used after consent.

RiskASM does not currently use advertising cookies, retargeting pixels, or cookies for cross-context behavioral advertising. However, we may introduce advertising, sponsored placements, affiliate tracking, or ad network technologies in the future. If we do, we will update this policy and provide any required notice, consent controls, or opt-out options before or when those technologies are enabled.

You can learn more in our Cookie Policy.

8. Sharing and service providers

We do not sell personal information.

We may share limited information with service providers that help us host, deliver, secure, measure, maintain, or improve the website. These providers may include Cloudflare, Google Analytics, Google Search Console, hosting providers, email providers, analytics providers, security tools, and other technical infrastructure providers.

Google may process information in connection with Google Analytics and Google Search Console under Google's own privacy and service terms.

Cloudflare may process technical request data and security-related information to deliver and protect the website.

If we introduce advertising or sponsored placements in the future, advertising partners or ad technology providers may process cookie, device, usage, or interaction information where allowed by law and subject to any required consent or opt-out choices.

We may also disclose information if necessary to comply with law, respond to lawful requests, enforce our rights, protect users, investigate abuse, prevent fraud, or address security issues.

9. International transfers

Because the website may be accessed globally and may use service providers in different countries, personal information may be processed outside your country or region.

Where UK or EU personal data is transferred internationally, including through service providers such as Google, Cloudflare, hosting providers, or analytics providers, we use appropriate safeguards where required by law. These safeguards may include adequacy decisions, standard contractual clauses, data processing agreements, or other legally recognized transfer mechanisms.

You can contact us if you want more information about international transfers relevant to your information.

10. How long we keep information

We keep information only for as long as reasonably necessary for the purposes described in this Privacy Policy.

Contact messages are kept for as long as needed to respond to the request and maintain reasonable business records.

Operational logs are normally kept for a limited period needed for security, debugging, abuse prevention, and site operation, unless a longer period is required to investigate misuse, resolve disputes, enforce agreements, or comply with legal obligations.

Analytics and aggregated search performance data may be kept according to the settings and retention options available in the relevant analytics or search tools.

When information is no longer needed, we delete it, anonymize it, or aggregate it where appropriate and reasonable.

11. Security

We use reasonable administrative and technical safeguards to protect the information we handle. These measures are designed to reduce risk, including risks of unauthorized access, misuse, loss, or disclosure.

No website, internet transmission, browser-based tool, or storage system can be guaranteed to be completely secure. Users should avoid entering unnecessary personal, sensitive, confidential, health, or production business information into public generator fields.

If we become aware of a security issue affecting personal information, we will take appropriate steps in line with applicable law and the circumstances of the incident.

12. Your rights and choices

Depending on where you live, you may have rights to request access to personal information, correction, deletion, restriction, objection, portability, or withdrawal of consent where consent is the basis for processing.

You may also have the right to complain to a data protection authority.

If analytics cookies or similar technologies are used and consent is required, you can withdraw consent using the controls we provide or through your browser settings.

California residents may have additional rights under state privacy law, including rights to know, access, delete, correct, and opt out of the sale or sharing of personal information. We do not currently sell personal information or share personal information for cross-context behavioral advertising.

To make a privacy request, contact us using the details at the end of this policy. We may need to verify your request before responding.

13. Children's privacy

The website is intended for business and professional use and is not directed to children.

We do not knowingly collect personal information from children under 13.

If you believe a child has sent us personal information, contact us so we can review the matter and take appropriate steps.

14. Third-party links

The website may contain links to third-party websites, resources, tools, or references. We are not responsible for the privacy practices, content, or security of third-party websites.

If you follow a third-party link, you should review the privacy policy and terms of that third-party site.

15. Changes to this policy

We may update this Privacy Policy from time to time if our website, services, legal obligations, analytics setup, cookie usage, service providers, or privacy practices change.

When we update the policy, we will revise the Last updated date at the top of the page.

Material changes may be highlighted on the website where appropriate.

16. How to contact us

For privacy questions, requests, or concerns, contact us at support@riskasm.com or use the contact page.

Please avoid sending sensitive, confidential, health, or unnecessary personal information unless it is necessary for the request you are making.

Questions about privacy?

If you need help with a privacy request or want to ask a question about data use on the site, reach out to the team and we will review it.