OSHA 300A Filing Service — Privacy Policy
How we collect, use, and protect your information
Privacy at a Glance
| Who We Are | NaviraTech (Navira Solutions, LLC) - an OSHA filing service based in Ohio. |
| What We Collect | Business info, contact details, OSHA 300A summary data, payment info. |
| Why We Collect It | To file your OSHA Form 300A, process payment, and communicate with you. |
| Payment Processing | Handled by Stripe. We never see or store your card number. |
| Who We Share With | OSHA (for filing), Stripe (for payment). We do NOT sell your data. |
| How Long We Keep It | 7 years (tax/legal compliance), then securely deleted. |
| Your Rights | Access, correct, or delete your data anytime. |
| Contact | admin@naviratech.online |
Scroll down for complete details.
1. Who We Are
NaviraTech (operated by Navira Solutions, LLC) provides an online OSHA Form 300A electronic filing service. We help employers submit their annual injury and illness summary data to OSHA's Injury Tracking Application (ITA) portal.
Important: We are an independent service company. We are NOT affiliated with, endorsed by, or part of OSHA or any government agency. You can always file directly through OSHA's free portal at osha.gov/injuryreporting.
We're a private company that helps you file OSHA paperwork. We're not the government.
2. Information We Collect
2.1 Business Information
- Company/establishment name
- Business address
- NAICS industry code
- Employer Identification Number (EIN)
- Number of employees
- Total hours worked
2.2 Contact Information
- Your name (certifying official)
- Business email address
- Business phone number
2.3 OSHA Form 300A Data
- Total number of deaths
- Total cases with days away from work
- Total cases with job transfer or restriction
- Total other recordable cases
- Total days away from work
- Total days of job transfer or restriction
- Injury and illness types (category counts)
Note: Form 300A contains only aggregate summary data. It does NOT contain individual employee names, medical details, or personally identifiable health information.
2.4 Payment Information
- Billing name and address
- Payment method (card type, last 4 digits)
Important: We use Stripe to process all payments. Your full credit card number is sent directly to Stripe and is never seen or stored by NaviraTech. Stripe is PCI-DSS Level 1 certified.
2.5 Technical Information
- IP address
- Browser type and version
- Device information
- Timestamps of form submissions
- Consent records (when you agreed to Terms/Privacy)
We collect your business info, contact details, OSHA summary numbers, and payment info. We never see your actual credit card number - Stripe handles that.
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| File your OSHA Form 300A | Business info, OSHA data, contact info |
| Process your payment | Billing info (via Stripe) |
| Communicate with you | Email, phone - for filing status, confirmations, support |
| Provide customer support | Contact info, service records |
| Comply with legal obligations | All data as required by law |
| Prevent fraud | Technical info, payment patterns |
| Improve our service | Aggregated, anonymized usage data |
We will never use your information to:
- Sell to third parties
- Send unrelated marketing
- Share with advertisers
- Create marketing profiles
We use your info to file your OSHA form, charge your card, and communicate about your filing. That's it.
4. Who We Share Your Information With
4.1 OSHA (Required for Service)
Your Form 300A data is submitted to OSHA's Injury Tracking Application portal. This is the entire purpose of our service. OSHA is a federal agency and handles your data according to federal privacy requirements.
4.2 Stripe (Payment Processing)
We use Stripe to securely process payments. Stripe receives your payment information directly. See Stripe's Privacy Policy.
4.3 Service Providers
We may use trusted service providers for:
- Cloud hosting and data storage
- Email delivery
- Customer support tools
All service providers are bound by confidentiality agreements and may only use your data to provide services to us.
4.4 Legal Requirements
We may disclose your information if required by:
- Court order or subpoena
- Government investigation
- To protect our legal rights
- In emergencies involving safety
4.5 We Do NOT
- Sell your personal information
- Share your information with advertisers
- Rent your contact list to third parties
- Use your data for purposes unrelated to our service
We share your info with OSHA (to file your form) and Stripe (to charge your card). We don't sell it. Ever.
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| OSHA filing records | 7 years | Tax/legal compliance, audit trail |
| Payment/billing records | 7 years | IRS requirements, accounting |
| Contact information | Duration of relationship + 7 years | Service delivery, legal compliance |
| Consent records | 7 years | Legal proof of consent |
| Support communications | 3 years | Customer service quality |
| Technical logs | 1 year | Security, troubleshooting |
After the retention period, data is securely deleted or anonymized.
We keep your filing records for 7 years (IRS and legal requirements), then delete them.
6. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your information, including:
- Encryption: All data transmitted via SSL/TLS encryption (HTTPS)
- Access Controls: Limited to authorized personnel only
- Payment Security: Stripe handles all payment data (PCI-DSS Level 1 certified)
- Secure Storage: Data stored on protected cloud infrastructure
Data Breach Notification
In the unlikely event of a data breach affecting your information, we will notify you within 45 days as required by Ohio law (ORC 1349.19), including:
- Description of the incident
- Types of information involved
- Steps we're taking
- Steps you can take to protect yourself
- Contact information for questions
We use encryption, limit access, and let Stripe handle payment security. If there's ever a breach, we'll tell you within 45 days.
7. Your Rights
You have the right to:
7.1 Access Your Data
Request a copy of the personal information we hold about you.
7.2 Correct Your Data
Request correction of inaccurate or incomplete information.
7.3 Delete Your Data
Request deletion of your personal information, subject to legal retention requirements (we may need to keep some records for tax/legal purposes).
7.4 Opt Out of Communications
Unsubscribe from marketing emails (you'll still receive transactional emails about your filings).
How to Exercise Your Rights
Email us at admin@naviratech.online with:
- Your name and email address
- Which right you're exercising
- Any details to help us locate your records
We will respond within 30 days. We may need to verify your identity before processing requests.
You can see, fix, or delete your data anytime. Just email us.
8. Cookies and Tracking
8.1 Essential Cookies
We use essential cookies to:
- Keep you logged in during your session
- Remember your form progress
- Process payments securely
These are necessary for our service to function and cannot be disabled.
8.2 Analytics
We may use basic analytics to understand how visitors use our site (page views, traffic sources). This data is aggregated and does not identify you personally.
8.3 Do Not Track
We do not currently respond to "Do Not Track" browser signals, as there is no industry standard for compliance.
We use basic cookies to make the site work. We don't track you across other websites.
9. HIPAA Clarification
NaviraTech is not a "covered entity" under HIPAA. The Health Insurance Portability and Accountability Act applies to healthcare providers, health plans, and healthcare clearinghouses - not to OSHA compliance services.
Additionally, OSHA injury and illness records are specifically exempt from HIPAA's Privacy Rule under 45 CFR 164.512(b)(1)(v).
The Form 300A data you provide contains only aggregate counts (total injuries, total days away, etc.) - not individual employee names, medical diagnoses, or treatment information.
HIPAA doesn't apply here. We only handle summary numbers, not individual medical records.
10. California Residents
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including:
- Right to know what personal information we collect
- Right to delete your personal information
- Right to opt out of the sale of personal information
- Right to non-discrimination for exercising your rights
We do not sell personal information. To exercise any rights, email admin@naviratech.online.
11. Children's Privacy
Our service is designed for businesses and is not directed at individuals under 18. We do not knowingly collect information from children. If you believe we have inadvertently collected such information, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will post the updated policy on this page
- We will update the "Effective Date" at the top
- For significant changes, we will notify you via email
We encourage you to review this policy periodically.
13. Contact Us
NaviraTech Privacy Inquiries
Navira Solutions, LLC
Columbus, OH 43085
Email: admin@naviratech.online
We aim to respond within two (2) business days.
This Privacy Policy was prepared with reference to CalOPPA, CCPA, Ohio privacy law, and industry best practices for B2B service companies.