Outwise

Field manual · seven chapters

The boring stuff that matters when something goes wrong.

Outwise is operated by LAS SAFETY LTD (Reg. No. SC449606, Scotland) from 9 Middleton Drive, Largs, KA30 9JN, Scotland. Effective 2026-05-07. Read these before you sign up — particularly the AI Disclaimer.

Privacy

Privacy Policy

Effective 2026-05-07

LAS SAFETY LTD (“we”, “us”) operates Outwise at lassafety.com. We are the data controller for personal data processed in connection with the service. This policy describes what we collect, why, who we share it with, and the rights you have under the UK GDPR, EU GDPR, and the California Consumer Privacy Act (CCPA).

1. Categories of personal data we collect

  • Account data: email address, password hash, account preferences.
  • Trip context you submit: free-text trip descriptions, optional uploads (route screenshots, gear photos, forecast captures).
  • Outputs: generated briefings, risk maps, gear lists, and video reels associated with your account.
  • Billing data: handled by Stripe — we receive transaction metadata (customer ID, subscription status) but never store full card data.
  • Operational telemetry: IP address, user-agent, language, timestamps, error logs (used to operate the service securely).
  • Optional analytics: aggregated usage events, only if you consent through the cookie banner.

2. Purposes & legal bases (UK / EU GDPR)

  • Provide the service (contractual necessity) — processing your input to render briefings and storing outputs you ask us to keep.
  • Secure the service (legitimate interest) — fraud/abuse detection, rate limiting, audit logs.
  • Comply with law (legal obligation) — accounting records, response to lawful requests.
  • Improve the product (consent, withdrawable any time) — optional analytics; aggregated, never used to identify individuals.
  • Communicate with you (legitimate interest / consent) — transactional and, if you opt in, product-update emails.

We do not train AI models on your trip data. Inputs and outputs are not used to fine-tune our models or third-party models. They are retained solely so you can revisit and download them.

3. Recipients

  • Stripe, our payments processor (subject to Stripe's own privacy policy at stripe.com/privacy).
  • Supabase (our database and authentication provider) as a processor under standard contractual terms.
  • Vercel for application hosting, edge delivery, and logs.
  • AI inference providers for briefing/video generation. Inputs are routed through providers under processing agreements that prohibit training on user data.
  • Authorities when required by law, valid legal process, or to protect the safety of any person.

4. International transfers

Where personal data is transferred outside the UK or EEA, we rely on UK International Data Transfer Addendum and EU Standard Contractual Clauses, and where relevant, Data Privacy Framework certification of our processors. A summary of transfer mechanisms per processor is available on request.

5. Retention

  • Account & trip data: retained while your account is active. On deletion request: erased within 30 days unless retention is required by law.
  • Billing records: retained for the period required by UK accounting law (currently 6 years).
  • Operational logs: retained up to 30 days then aggregated.

6. Your rights

Depending on your jurisdiction, you may have the right to:

  • access, port, correct, or delete your personal data;
  • object to or restrict processing based on legitimate interest;
  • withdraw consent (without affecting prior lawful processing);
  • opt out of the “sale” or “sharing” of personal information (CCPA — note: we do not sell personal information);
  • lodge a complaint with the UK ICO (ico.org.uk), your local EU supervisory authority, or the California Attorney General.

To exercise rights, email support@lassafety.com from your account email. We respond within one calendar month.

Global Privacy Control (GPC).We honour the GPC signal sent by your browser as a valid opt-out of any sale or sharing of personal information under the CCPA. We do not currently honour the legacy “Do Not Track” header because there is no agreed industry standard, but if you set GPC the same intent applies. We do not, in any case, sell personal information.

7. Security

We use TLS in transit, encryption at rest for production stores, scoped access controls, audit logging, and dependency review. No internet service is immune to risk; please pick a unique password and consider a password manager.

8. Children

Outwise is not directed to children under 16. We do not knowingly collect their data. If you believe we have, contact us and we will delete it.

9. Changes

Material changes to this policy will be announced on this page and (where appropriate) by email at least seven (7) days before they take effect.

10. Contact & data protection

LAS SAFETY LTD, 9 Middleton Drive, Largs, KA30 9JN, Scotland. support@lassafety.com. We do not currently have a statutory DPO; the founder is the privacy contact.