Privacy Policy

Last updated July 2026

This Privacy Policy explains how ObserveReport collects, uses, and protects information when you use the ObserveReport platform. ObserveReport is provided to security companies for use by their personnel and clients.

1. Who We Are

ObserveReport is a product of BAH Ventures LLC, a Nevada limited liability company doing business as ObserveReport ("BAH Ventures LLC," "ObserveReport," "we," "us," or "our"). We operate the ObserveReport security-workforce management platform, accessible at app.observereport.com and associated mobile applications. This Privacy Policy explains how we collect, use, store, and protect information about users of the platform, including security officers, administrative staff, and client contacts.

Who controls your information. ObserveReport is a tool that security companies use to manage their own workforce and operations. If you access ObserveReport because a security company (your "Company") gave you an account, that Company controls your information and its own policies and employment agreements also apply to you. ObserveReport processes that information on the Company's behalf. Questions about how your Company uses your information should be directed to that Company.

2. Information We Collect

Account information: When an account is created for you by an administrator, we collect your name, email address, phone number, job title, and role within the platform. For personnel, a Company may also record employment-related details such as pay rate and licensing/permit information (for example, guard license or permit numbers).

Location data (precise GPS): When you clock in, clock out, complete a tour checkpoint, or while you are on an active shift, we collect your device's precise GPS coordinates and accuracy together with the time and the associated shift and site. This confirms presence at an assigned post and creates an auditable patrol record. Location collection starts when you clock in and stops when you clock out; we do not collect location when you are off shift. While you are clocked in, location may be collected in the background, including when the app is not in the foreground or your device is locked, so the live map your supervisor sees stays accurate while you patrol. On iOS this background collection requires granting "Always" location permission, which you can change or revoke at any time in your device settings.

Photos and reports: Photographs taken for incident, activity, patrol, and checkpoint documentation, along with the report content you submit (incident details, notes, visitor logs, and signatures).

Device information for notifications: If you enable push notifications, we store a device push token and basic device identifier (such as platform and device name) so we can deliver alerts.

Usage and security logs: We log IP addresses, device/browser type, and actions taken in the platform for security auditing and accountability.

3. How We Use Your Information

  • To operate the platform and provide security-workforce management services
  • To verify presence at assigned posts during clock-in, clock-out, and checkpoint scans
  • To generate reports, timesheets, and activity records for clients and administrators
  • To send notifications by email or push about shift status, tour alerts, and operational updates (only if you have opted in)
  • To maintain an audit log of account changes and login activity for security purposes
  • To calculate hours worked for timesheet processing

We do not sell personal information, and we do not use your information for third-party advertising.

4. Notifications

If you opt in to notifications, we will send operational alerts about your shifts, tours, and reports by email and/or push notification. Frequency varies based on your preferences and shift activity.

You can opt out at any time by updating your notification preferences in the app or your device settings. We do not sell or share your contact information with third parties for marketing purposes.

5. Who Can See Your Information

Your Company's administrators can view user profiles, shift records, clock-in times, GPS coordinates, tour records, and reports for the sites they manage.

Client contacts can view reports, tour records, and shift schedules for the sites they are assigned to. They cannot see payroll information, GPS coordinates, or other personnel's personal details.

Security officers can view their own shift records, tour history, and reports. They cannot see other personnel's information.

6. How Information Is Shared

We share information with your Company and, for assigned sites, with that Company's authorized client contacts (for their own sites only). We use a small number of infrastructure providers to run the platform, each processing information only to provide their service to us:

  • Cloudflare — application hosting, database, and file storage
  • Resend — transactional email such as alerts and password resets
  • Apple Push Notification service / Firebase Cloud Messaging — delivery of mobile push notifications to your device
  • Google Maps Platform — site geocoding and map display

We may also disclose information if required by law or to protect the rights, safety, and security of users, the Company, or the public, and as part of a merger, acquisition, or sale of assets (subject to this Policy). We do not sell your data to any third party.

7. Data Storage and Security

Data is stored in Cloudflare infrastructure hosted in secure data centers. All data is transmitted over encrypted HTTPS/TLS connections, passwords are hashed and salted, and access is controlled by role-based and object-level authorization so users can only reach records for their assigned sites. We retain shift and activity records for as long as the Company's account is active. Upon account deactivation, records are retained as needed to comply with legal obligations and for business purposes.

Photos are stored in Cloudflare R2 object storage. GPS coordinates are stored as part of shift and report records.

8. Your Rights

Because your Company controls your information, requests to access, correct, or delete your information should generally be made to your Company; we will assist the Company in fulfilling valid requests. Depending on where you live, you may have additional rights under laws such as the California Consumer Privacy Act (CCPA/CPRA) or the EU/UK GDPR, including rights to access, correct, delete, or restrict processing of your information. We honor these rights as required by law.

Some records (such as completed shift and audit logs) may be retained even after a deletion request for legal and business purposes.

9. State Privacy Laws (Colorado, Utah, Nevada, California)

ObserveReport is workplace software. Nearly all personal information we process is employment-context data that a Company (your employer) submits and controls. Several comprehensive state privacy laws expressly exclude information about individuals acting in a commercial or employment context from their definition of "consumer," which materially narrows how they apply to this platform.

  • Colorado (Colorado Privacy Act, C.R.S. 6-1-1301 et seq.): The CPA defines "consumer" to exclude individuals acting in a commercial or employment context. Data about a Company's security officers and administrators, processed for employment purposes, is therefore generally outside the CPA's consumer-rights provisions. Where the CPA does apply, we act as a processor on the Company's instructions, and we support the Company in responding to rights requests.
  • Utah (Utah Consumer Privacy Act, Utah Code 13-61-101 et seq.): The UCPA likewise excludes individuals acting in an employment or commercial context, and applies only to entities meeting statutory revenue and volume thresholds. The same processor relationship applies.
  • Nevada (NRS 603A): We do not sell covered information as defined by Nevada law. Nevada residents may direct opt-out requests to the contact address below.
  • California (CCPA/CPRA): California is different. Since January 1, 2023, the CCPA as amended by the CPRA covers employee and business-contact personal information. It also treats precise geolocation as "sensitive personal information," and this platform collects precise geolocation for clock-in verification and patrol tours. Companies operating in California should evaluate their own obligations, including notices at collection, the right to limit the use of sensitive personal information, and California-specific rules governing employee monitoring, before deploying location tracking.

In every case, the Company that employs you is the controller of your information and decides what is collected and for how long. We act as a service provider or processor. Requests to access, correct, or delete information should be directed to your Company first.

This section is a summary of how we handle information under these laws. It is not legal advice. Each Company is responsible for its own compliance obligations, which depend on where it operates, how many people it employs, and how it configures the platform.

10. Children's Privacy

The platform is intended for use by working adults in a professional security context and is not directed to children under 16. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide additional notice through the platform.

12. Contact

For privacy questions or requests, contact us at privacy@observereport.com. If you are a security officer, administrator, or client contact, you may also contact the security company that provided your access.

← Back to home