Privacy Policy

Last updated: 5/2/2026

Somewhere · Host Training (the "App") is an internal staff training tool. We collect only the information needed to deliver training and track progress.

What we collect

• Account data: your full name, branch, role label, and a hashed 4-digit PIN you choose.
• Training data: which modules you've started, your quiz answers, scores, and trainer sign-offs.
• Session data: a random session token stored on your device and on our server, used to keep you signed in.

We do not collect contact details, payment information, location, or device identifiers.

How we use it

• To show you your training plan and progress.
• To let trainers and admins score and approve your floor readiness.
• To prevent unauthorized access (PIN hashing, lockout after repeated failed attempts).

How it's stored

Data is stored in our managed backend (Lovable Cloud / Supabase). PINs are stored only as bcrypt hashes — we cannot read your PIN. Sessions expire after 30 days of inactivity.

Sharing

We do not sell or share your data with third parties. Your data is visible only to:

• You (your own progress and account).
• Your trainers and admins (training records, sign-offs, roster).

Your rights

• Access: see your data at any time on your Account page in the app.
• Correction: ask your admin to update your name or branch.
• Deletion: request account deletion from the Account page in the app — your training records and account will be permanently removed.

Contact

For privacy questions or to request data deletion outside the app, contact support@somewhere.example.