Formerly SiteTrack
SiteTrack Solutions Inc.
NEXO is built for workers first. Your data belongs to you. We collect only what we need to run the app, we never sell your personal information, and we never will. This policy explains what we collect, how we use it, and what rights you have under Canadian law.
NEXO is operated by SiteTrack Solutions Inc., a company incorporated in British Columbia, Canada. Our registered address is in Vancouver, BC. You can reach us at [email protected].
This Privacy Policy applies to the NEXO mobile app, web application, and the thenexo.ca website. It is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation in Canada.
We collect only the information necessary to provide NEXO's features.
| Data Type | What It Includes | Purpose | Linked to You |
|---|---|---|---|
| Name | Your full name as entered at registration | App Functionality | Yes |
| Email Address | Used for account login and communications | App Functionality | Yes |
| User ID | A unique identifier assigned to your account | App Functionality | Yes |
| Photos | Images of safety tickets and certifications you upload; photos attached to FLHA submissions; attendance photos taken by CSOs during site check-in | App Functionality | Yes |
| User Content | Safety certifications and ticket numbers entered manually; expiry dates; emergency contact information; health and fitness-to-work declarations; medical disclosures relevant to site safety | App Functionality | Yes |
| Product Interaction | Actions taken within the app such as completing FLHAs, checking in, and using the Safety Passport | App Functionality | Yes |
We do not collect your location via GPS. Site selection in the app is manual input only. We do not store audio recordings. Voice-to-text features process audio on-device or through your device's operating system; only the resulting text is saved. We do not collect payment card details directly — payment processing is handled by Stripe, whose privacy policy governs that data.
Some information you enter in NEXO may be sensitive by nature — including emergency contact details, health or fitness-to-work declarations, and any medical disclosures relevant to site safety. You provide this information voluntarily. We treat it with extra care, limit access to it, and never use it for any purpose beyond operating the app for you.
Account and authentication — to verify your identity, secure your account, and display your profile across the app.
Safety Passport — to build your portable credential record and generate the QR code that foremen and site supervisors scan to verify your certifications.
FLHAs and site documentation — to store your daily hazard assessments, associate them with your account, and make them available to authorized site personnel.
Certification tracking — to display your tickets, monitor expiry dates, and notify you when certifications are approaching expiry.
Attendance and check-in — to record site check-ins and support foreman roll call and crew management features.
Payment processing — if you or your organization subscribes to a paid NEXO plan, payment is processed by Stripe. We receive confirmation of payment status but do not handle or store card details.
App improvements — we may use aggregated, anonymized usage patterns to understand how the app is used and improve it. This data cannot be traced back to you individually.
Your Safety Passport is yours. Your certifications, FLHAs, and work history follow you from job to job. When you leave a company or a project, you keep your record. Employers do not own your credential data.
You control what you share. Sharing your Safety Passport is always an action you initiate. No employer, foreman, or third party can access your Passport without you presenting it or generating a share link.
Employers see what they need, nothing more. When a foreman scans your QR code, they see your name, credential status, and relevant certifications. They do not get access to your full account, work history across other employers, or any data you have not chosen to share.
This is not just a privacy stance. It is how the product is designed. The credential network only works if workers trust it.
We will never sell your personal data. We will never share it with insurers, employers, recruiters, or any third party without your explicit consent. We will never use your individual data for advertising. We will never monetize your credentials in a way that works against your interests.
If this ever changes, we will tell you clearly, in plain language, before it happens — and you will have the right to delete your account and all associated data.
Foremen and site supervisors — when you share your Safety Passport QR code, the recipient can view your name, certifications, and credential status. You control when and with whom you share your Passport.
Your employer or GC (if applicable) — if your company has a NEXO account, authorized administrators can access FLHA submissions and check-in records associated with their projects. They cannot access your credential history from other employers.
Service providers — we use third-party infrastructure providers to operate NEXO, including Supabase (database hosting), Cloudflare (content delivery), Vercel (application hosting), and Stripe (payment processing). These providers process data on our behalf and are contractually required to protect it. They do not use your data for their own purposes.
Legal requirements — we may disclose information if required by law, court order, or to protect the safety of our users or the public.
We do not sell personal information. We do not share personal information with advertisers or data brokers.
Your data is stored on servers located in Canada and the United States via our infrastructure providers. We use industry-standard encryption for data in transit (TLS) and at rest.
Access to your data within NEXO is role-based. Workers see their own records. Foremen see crew data for their active projects. No role has blanket access to all user data.
No system is completely secure. If we become aware of a data breach that affects your personal information, we will notify you in accordance with applicable Canadian privacy law.
Account deletion — if you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law.
Safety records — FLHA records and site safety documentation may be subject to retention obligations under applicable occupational health and safety legislation in Canada. Where required, we retain these records for the legally mandated period. We will inform you if your deletion request is limited by a legal retention requirement.
Anonymized data — we may retain anonymized, aggregated data indefinitely for product improvement and safety research. Anonymized records cannot be linked back to you.
The NEXO web application uses browser local storage to support offline functionality — allowing you to complete FLHAs and access your Safety Passport without an active internet connection. This data is stored on your device only and is not transmitted to our servers until you reconnect.
Our website (thenexo.ca) uses cookies for analytics (Google Analytics) to understand how visitors use the site. These are analytics cookies only. We do not use advertising or tracking cookies. When you first visit, we ask for your consent before any analytics cookies are set, and analytics stays disabled until you accept. You can decline, and you can change your choice at any time by clearing this site's data in your browser; you may also disable cookies in your browser settings.
The NEXO mobile app does not use cookies.
Under PIPEDA and applicable Canadian privacy legislation, you have the right to:
Access — request a copy of the personal information we hold about you.
Correction — request that we correct inaccurate or incomplete information.
Withdrawal of consent — withdraw consent for the collection or use of your personal information, subject to legal or contractual restrictions. Note that withdrawing consent may limit your ability to use NEXO.
Deletion — request deletion of your account and associated personal information, subject to legal retention requirements described in Section 7.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
NEXO is intended for use by adults in the construction industry. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email or through an in-app notice before the change takes effect. Your continued use of NEXO after any change constitutes acceptance of the updated policy.
Contact SiteTrack Solutions Inc. at [email protected]. We respond within 30 days. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.