Privacy Policy

Updated: April 01, 2026  | 
GDPR / CCPA ready  | 
Safety Instruct LLC (dba Capability)

Transparency & trust — how Capability handles personal data across workforce, compliance, and training.

01 Introduction

This Privacy Policy outlines how Safety Instruct LLC (dba Capability) collects, processes, and safeguards personal data when you use our workforce training and compliance platform (“Services”). Capability helps organisations manage employee development, safety workflows, and operational oversight.

By accessing the platform, you acknowledge the practices described. If you are an employee using Capability via your employer, your organisation acts as the primary data controller for employment-related records.

02 Our Role & Identity

Safety Instruct LLC, doing business as Capability — we define our role depending on context.

📀 Data Processor

For employee training, safety logs, certifications, performance records: we process under the instruction of your organisation.

🎛️ Data Controller

For account management, access logs, security metadata, platform notifications, and direct communications.

⚠️ Tenant administrators (employers) control core employee data. For any employment-related inquiries, please contact your organisation’s admin.

03 What Capability Does

We empower organizations with modern tools for workforce excellence:

  • Assign & track training courses, certifications, and compliance deadlines
  • Record safety observations, incidents, and corrective actions
  • Manage performance assessments and development notes
  • Centralise operational files and team communications
  • Provide dashboards & analytics for informed decision-making

All data is used solely for professional, operational, and compliance purposes.

04 Information We Process

Controller scope — Account & profile data: name, email, job role, phone (for internal tenant collaboration), credentials, permissions, audit logs.

Processor scope — Employee & operational records: training history, incident reports, uploaded evidence, messages, assessments.

Photo & media: Camera or library access only when user explicitly uploads media for profile pictures or incident attachments — no automatic scanning.

Technical data: device info, IP, session logs, error reports — strictly used for platform stability and security.

05 How We Use Your Data

  • Deliver training, compliance workflows & certification tracking
  • Manage user access and tenant organisation structures
  • Enable safety, quality, and operational reviews
  • Provide support, security, and platform updates
  • Process subscriptions and billing for organisations
We never use your personal data for advertising, automated profiling, or any unrelated commercial purpose.

06 What We Do NOT Do

  • Sell or rent personal data to third parties
  • Cross-app tracking for behavioral ads
  • Unauthorized access across tenant boundaries
  • Use personal data for marketing without explicit consent
Your data remains confidential within your organisation’s tenant and our trusted subprocessors.

07 Legal Bases (GDPR & Global)

  • Contractual necessity — provide services to the subscribing organisation
  • Legitimate interests — secure, reliable workforce platform
  • Legal compliance — regulatory obligations for safety & training
  • Consent — where required for optional cookies or direct marketing

08 International Data Transfers

Data may be processed in the United States or other regions where our subprocessors operate. For EU/UK individuals, we implement Standard Contractual Clauses (SCCs) and maintain adequate safeguards. Internal administrative access is strictly controlled with MFA and zero-trust policies.

09 Sharing & Disclosure

  • With your tenant organisation and authorised users
  • With trusted vendors (cloud hosting, analytics, payment) under confidentiality agreements
  • If required by law or to protect legal rights
  • In case of merger/acquisition, with notice

We never share personal data for third-party marketing.

10 Retention

Data is retained based on the active subscription term, contractual obligations, and legal retention requirements. After termination, data is securely deleted or returned to the organisation, unless mandatory retention applies (e.g., tax, compliance).

11 Your Privacy Rights

Depending on jurisdiction you may have rights to: access, rectification, erasure, restriction, objection, and portability.

For employees: Contact your employer (tenant controller) regarding training, safety, or performance data.

For platform-level data (e.g., account metadata): Email help@capability.work.

12 Account Deletion

Tenant-managed deletion: Accounts are owned by the organisation. Individual users cannot self-delete without admin approval to ensure data integrity. Use the “Request Account Deletion” feature in Settings/Profile, or email help@capability.work. The tenant admin will review and process the request. Upon deletion, personal data is removed except where legal retention applies.

13 Cookies & Tracking

We use essential cookies for authentication, preferences, and session security. Optional analytics cookies help improve performance. You may control preferences via browser settings or by contacting us.

14 Children’s Data

Capability is not intended for individuals under 16. We do not knowingly collect data from minors. If we become aware, we delete promptly. Organisations using the platform for minors bear responsibility for obtaining parental consent where required.

15 Policy Updates

We may revise this policy to reflect legal or operational updates. The “last updated” date indicates the latest revision. Continued use of the Services after changes signifies acceptance.

16 Contact & Support

✉️ Get in touch

For privacy inquiries, data subject requests, or questions about how we protect your information, reach our team.

Safety Instruct LLC (Capability)
help@capability.work
capability.work
Contact privacy team: help@capability.work