Last updated: January 1, 2025
HardHat Pulse, Inc. ("HardHat Pulse," "we," "us," or "our") operates the website hardhatpulse.com and provides AI-powered construction site safety monitoring services using computer vision and wearable sensor technology (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect information about our users, customers, and the individuals whose data is processed through our platform in connection with construction site safety monitoring.
This policy applies to information collected through our website, mobile applications, edge computing hardware, wearable sensor devices, and any other interfaces through which you interact with HardHat Pulse. By accessing our website or using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our website and Services.
HardHat Pulse is headquartered at 1200 Smith St, Houston, TX 77002, United States. Our primary contact for privacy matters is contact@hardhatpulse.com.
Account registration: When you create an account or request a product demonstration, we collect your name, email address, company name, job title, phone number, and the nature of your inquiry. We use this information to provision your account, respond to your request, and communicate about our Services.
Contact form submissions: When you submit a contact form on our website, we collect your name, email address, company name, and message content. We retain contact form submissions for up to 24 months.
Payment information: If you purchase a subscription to HardHat Pulse Services, payment is processed through our payment processor (Stripe, Inc.). We do not store full credit card numbers or payment account details on our systems. We retain billing address information, transaction records, and subscription history for 7 years as required for tax and accounting compliance.
Support communications: When you contact our support team, we collect the content of your communications, associated account information, and any diagnostic data you provide. Support correspondence is retained for 3 years.
Camera and video data: Our platform processes RTSP video streams from cameras installed at customer jobsites. Video data is processed on the on-site edge server and is not transmitted to our cloud infrastructure in full-resolution form. We retain detection event thumbnail images — individual frames associated with a detection event — in our cloud infrastructure for up to 12 months from the detection date. Full-resolution video footage remains on the edge server hardware under the customer's control; retention periods for full footage are set by the customer organization in accordance with their data retention policies.
Wearable sensor data: Our BLE wearable sensor devices collect position data (derived from BLE trilateration), accelerometer/IMU data, barometric pressure readings, and where applicable, heart rate data from compatible vest badge models. This biometric data is processed on the edge server and transmitted to our cloud infrastructure as summarized event records and alert logs. Raw 500ms position samples are retained for 30 days; aggregated daily position summaries are retained for 12 months; alert and incident event records are retained for 7 years.
System usage data: When you use our supervisor dashboard or mobile application, we collect usage events including login timestamps, features accessed, alert acknowledgment times, and dashboard configuration changes. We use this data to improve the product and for customer success monitoring.
Website analytics: We use analytics tools to understand how visitors interact with our website. This includes pages visited, referral sources, session duration, device type, browser type, and general geographic region (country/state level). We do not use analytics data to identify individual visitors by name.
Cookies and similar technologies: We use cookies for website functionality, analytics, and to improve user experience. Please see our Cookie Policy for a complete description of the cookies we use and how to manage them.
IP address and device information: Server logs automatically collect IP addresses, browser user-agent strings, and request timestamps for security monitoring and fraud prevention purposes. Server log data is retained for 90 days.
Service delivery: We use customer and end-user data to operate, maintain, and improve our construction site safety monitoring Services. This includes processing detection events, generating alerts, producing safety reports, and maintaining the platform infrastructure.
Safety documentation: Detection event data, wearable sensor data, and incident records are used to generate OSHA 300 log drafts, near-miss documentation, and safety analytics reports on behalf of our customers. This use is the primary purpose for which construction site worker data is processed.
Account management: We use account information to authenticate users, manage subscription access, process payments, and provide customer support.
Product improvement: Aggregated and anonymized usage data, detection event statistics, and performance metrics from deployed sites are used to improve detection algorithms, identify product defects, and prioritize development efforts. We do not use identifiable worker data for model training without explicit customer consent.
Legal compliance: We process data as required to comply with applicable law, including retaining financial records for tax purposes, responding to lawful legal process, and meeting our obligations under safety regulations applicable to our business operations.
Marketing communications: If you have opted into marketing communications, we use your contact information to send product updates, industry analysis, and company news. You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us at contact@hardhatpulse.com.
Customer organizations: Safety detection data, worker positioning data, incident records, and OSHA 300 log drafts are shared with the customer organization's authorized administrators and safety officers. The customer organization is the data controller for worker data processed at their jobsites; HardHat Pulse acts as a data processor on the customer's behalf.
Integration partners: When you use our Procore, Autodesk Construction Cloud, Trimble Connect, or Fieldwire integrations, safety event data is transmitted to those platforms in accordance with your integration configuration. You control which data is shared and with which integration partners through the HardHat Pulse platform settings.
Service providers: We share data with service providers who help us operate the platform, including cloud infrastructure providers (Amazon Web Services), payment processors (Stripe), customer support software providers, and analytics tool operators. These providers are contractually bound to process data only for the purposes specified in our agreements with them and are not permitted to use the data for their own marketing or analytics purposes.
Legal requirements: We may disclose data when required by law, court order, regulatory inquiry, or other legal process. We will provide notice to affected customers of such disclosures where legally permissible.
Business transfers: In the event of a merger, acquisition, or sale of HardHat Pulse or its assets, customer data may be transferred to the acquiring entity. We will provide notice of such transfers and, where required by applicable law, offer affected individuals the opportunity to exercise their data rights before the transfer is complete.
We do not sell personal data to third parties for marketing purposes. We do not share construction worker data with insurance companies, government agencies, or other parties except as described in this policy or as required by law.
HardHat Pulse processes data about construction workers (including position, PPE compliance status, and biometric data from wearable sensors) on behalf of the employing organization. The following special considerations apply to this data:
Employer responsibility: The customer organization is responsible for notifying workers about the monitoring program, obtaining required consents where applicable under local law, and complying with applicable labor and employment laws governing workplace monitoring. HardHat Pulse provides the technical tools; the employer determines the appropriate use of those tools within their specific legal context.
Biometric data: Heart rate data collected by compatible vest badge sensors constitutes biometric health data under certain jurisdictions' privacy laws (including Illinois BIPA, Texas CUBI, and other state biometric privacy statutes). HardHat Pulse processes this data solely for the safety monitoring purpose specified in the customer agreement. Biometric data is not used for any purpose other than real-time heat stress detection and fall event verification. Biometric data is deleted within 90 days of contract termination.
Data minimization: We process only the data necessary for the safety monitoring function. We do not use jobsite monitoring data for worker performance evaluation, productivity tracking, or any purpose outside the safety monitoring use case without explicit customer authorization and appropriate worker notification.
We retain data for different periods depending on the data type and its purpose:
Upon contract termination, we will delete or anonymize customer data within 90 days, except data we are required to retain by applicable law or that is needed to resolve disputes or enforce our agreements.
If you are a resident of the European Economic Area, you have the following rights under the General Data Protection Regulation:
To exercise any of these rights, contact us at contact@hardhatpulse.com. We will respond to rights requests within 30 days. You also have the right to lodge a complaint with your national data protection authority.
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with the following rights:
To submit a CCPA rights request, contact us at contact@hardhatpulse.com or by mail at 1200 Smith St, Houston, TX 77002.
HardHat Pulse implements technical and organizational security measures appropriate to the sensitivity of the data we process. These measures include:
No security program is complete against all possible threats. In the event of a data security incident affecting personal data, we will notify affected customers within 72 hours of discovery, as required by GDPR and applicable state breach notification laws.
Our website uses cookies and similar tracking technologies for functional and analytical purposes. A complete description of the cookies we use, their purposes, and how to manage your cookie preferences is available in our Cookie Policy.
Our website and platform may contain links to third-party websites or integrate with third-party services (such as Procore, Autodesk Construction Cloud, and Stripe). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you use in connection with our platform.
Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from individuals under 18. If you believe we have inadvertently collected information from a minor, contact us at contact@hardhatpulse.com and we will delete the information promptly.
HardHat Pulse is based in the United States. If you access our Services from outside the United States, your data may be transferred to, stored in, and processed in the United States, where privacy laws may differ from those in your country. Where we transfer personal data from the EEA or UK to the United States, we rely on the EU-US Data Privacy Framework or Standard Contractual Clauses as the legal mechanism for the transfer.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or product capabilities. We will notify active customers of material changes by email at least 30 days before the changes take effect. The "last updated" date at the top of this policy reflects the most recent revision. Continued use of our Services after the effective date constitutes acceptance of the revised policy.
For privacy-related inquiries, rights requests, or to report a data security concern, contact us at:
HardHat Pulse, Inc.
Attn: Privacy
1200 Smith St
Houston, TX 77002
United States
Email: contact@hardhatpulse.com
Phone: +1 (713) 482-9376