Tellus EHSTELLUS EHS

Privacy Policy

Last updated: May 2, 2026

1. Introduction

Tellus EHS ("we," "us," or "our") operates the tellusehs.com website and the Tellus EHS platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our free tools (including the GHS Label Generator), or use our paid services. It also describes the rights you have over your personal information and how to exercise them.

2. Information We Collect

Information You Provide

  • Account information: name, email address, company name, phone number
  • Company data: chemical inventories, Safety Data Sheets (SDSs), training records, site information
  • Communications: messages sent through our contact form or support channels
  • Payment information: billing details processed through our third-party payment processor
  • Free tool inputs: information you type into the GHS Label Generator or similar utilities (e.g. product name, hazard statements, supplier info), and your email address if you provide one to download a label

Information Collected Automatically

  • Usage data: pages visited, features used, time spent on the platform
  • Device information: browser type, operating system, IP address
  • Cookies and similar technologies for authentication, analytics, and (with your consent) advertising — see Section 7
  • Free tool event log: when you accept the disclaimer or download a label from the GHS Label Generator, we record the event server-side — see Section 4

3. How We Use Your Information

  • To provide, maintain, and improve our services
  • To process your chemical safety data and generate compliance reports
  • To send you training assignments, compliance alerts, and notifications
  • To respond to your inquiries and provide customer support
  • To process payments and manage your subscription
  • To send you marketing communications (with your consent, and you can opt out at any time)
  • To build sales lead lists from email addresses and email domains submitted through our free tools, so we can reach out to organizations that may benefit from Tellus EHS
  • To measure the effectiveness of our marketing — including running retargeting and lookalike audience campaigns on third-party advertising platforms (with your consent where required) — see Sections 7 and 8
  • To comply with legal obligations, including OSHA recordkeeping requirements, and to maintain a record of disclaimer acceptance for our free tools

4. Free Tool Event Log (GHS Label Generator)

When you use the free GHS Label Generator (or any similar publicly accessible utility on tellusehs.com), we keep a server-side event log. We record an event in two situations: (a) when you accept the disclaimer before generating a label, and (b) when you download a generated label. For each event we log:

  • Timestamp of the event
  • Your IP address
  • Your browser user-agent string
  • The referrer URL (the page you came from, if any)
  • The email address you provided, if you chose to provide one
  • A content hash (a one-way fingerprint) of the generated label — we use this to identify duplicates and to prove which version of a label was downloaded, but it does not let us reconstruct the full label content

We use this log for two purposes:

  • Disclaimer acceptance record. The free tools are offered "as is" under the terms in our Terms of Service, Section 9. The log establishes that a user accepted those terms before downloading output.
  • Sales lead lists. If you submit a work email address, we may add you and/or your organization (identified by email domain) to our sales lead list and reach out about Tellus EHS. You can ask us to remove you at any time — see Section 9.

Free tool event log records are retained for 18 months from the date of the event, after which they are automatically purged. If you ask us to delete your records sooner, we will do so unless we are required to retain them to defend a legal claim.

5. Data Security

We implement appropriate technical and organizational security measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments. Your chemical safety data is stored in isolated, multi-tenant environments to prevent unauthorized cross-company access.

6. Data Sharing

We do not sell your personal information for money. (Note: under some U.S. state privacy laws, sharing data with advertising partners for cross-context behavioral advertising may be treated as a "sale" or "sharing" — see Section 11 for how California residents can opt out.) We may share data with:

  • Service providers who assist in operating our platform (hosting, analytics, payment processing, email delivery, customer support tooling)
  • Advertising platforms (Meta, Google, LinkedIn, and similar) for measurement, retargeting, and audience matching — see Sections 7 and 8 — only when you have given consent where consent is required
  • Regulatory authorities when required by law or in response to valid legal requests
  • Other users within your organization as configured by your company administrator
  • A successor entity in connection with a merger, acquisition, or sale of all or substantially all of our assets

7. Cookies and Tracking Technologies

We use cookies and similar technologies (pixels, local storage, SDKs) on our website. Most third-party advertising and analytics technologies are loaded through Google Tag Manager and only fire after you grant the relevant consent in our cookie banner. You can change your consent at any time by clicking the "Cookie settings" link in our website footer.

CategoryExamplesPurposeConsent
Strictly NecessarySession cookies, authentication tokens, CSRF tokens, cookie-consent stateRequired for the site to function (logging in, keeping you signed in, remembering your cookie choices)Always on (no consent required)
AnalyticsGoogle Analytics 4 (loaded via Google Tag Manager)Helps us understand how visitors use the site so we can improve itOpt-in via cookie banner
Marketing / AdvertisingMeta Pixel, Google Ads conversion & remarketing tags, LinkedIn Insight Tag (when enabled)Measures ad performance, retargets visitors with our ads on Facebook / Instagram / Google / LinkedIn, and builds lookalike audiencesOpt-in via cookie banner

You can also opt out of advertising cookies at the platform level via the DAA WebChoices tool, the EDAA Your Online Choices tool (EU/UK), or by enabling "Do Not Track" / Global Privacy Control in your browser. We honor Global Privacy Control signals as a valid opt-out for California residents.

8. Customer Match and Matched Audiences

We may upload hashed (SHA-256) email addresses to advertising platforms — including Google Ads (Customer Match), Meta (Custom Audiences), and LinkedIn (Matched Audiences) — so those platforms can find people who already know us on their networks and either show them our ads (retargeting) or build "lookalike" audiences of similar people.

The email addresses we may include come from: people who created a Tellus EHS account, people who provided their email to download a free tool output, people who signed up for a demo or newsletter, and people who contacted us. The hashing is one-way — the advertising platform only learns whether they already have a matching record, not the underlying email.

If you do not want your email used this way, you can:

  • Email hello@tellusehs.com and ask to be excluded from advertising audiences
  • Use the opt-out controls inside Google, Meta, and LinkedIn directly (each platform offers ad personalization controls)

9. Data Retention

We retain different categories of data for different periods:

  • Account data — for as long as your account is active. After cancellation, we retain it for 90 days before permanent deletion, unless longer retention is required by law or for legitimate business purposes such as OSHA recordkeeping.
  • Free tool event log (see Section 4) — 18 months, then auto-purged.
  • Marketing email lists — until you unsubscribe, or 24 months of inactivity (whichever comes first).
  • Advertising audiences — uploaded hashes are refreshed periodically; we typically delete audiences from ad platforms within 18 months of last use.
  • Server access logs — 90 days, for security and abuse-prevention purposes.

10. Your Rights Under GDPR (EU/UK Visitors)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR with respect to your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — ask us to delete your data
  • Right to restriction of processing — ask us to pause processing while a dispute is resolved
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests, including direct marketing and profiling
  • Right to withdraw consent — where we rely on consent (e.g. advertising cookies), you can withdraw it at any time
  • Right to lodge a complaint with your local supervisory authority

To exercise any of these rights, email hello@tellusehs.com. We will respond within 30 days. We will not discriminate against you for exercising these rights.

11. Your Rights Under CCPA / CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you the following rights:

  • Right to know — what categories of personal information we collect, the sources, the purposes, and the categories of third parties we share it with
  • Right to delete — request deletion of personal information we have collected from you
  • Right to correct — request that we correct inaccurate personal information
  • Right to opt out of sale or sharing — we do not sell personal information for money, but our use of advertising cookies and Customer Match uploads (Sections 7 and 8) may qualify as "sharing" for cross-context behavioral advertising under California law. You can opt out via the cookie banner or by emailing us.
  • Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes beyond those permitted by default under the CPRA
  • Right to non-discrimination — we will not deny services, charge different prices, or provide a different level of service because you exercised your privacy rights

To submit a verifiable consumer request, email hello@tellusehs.com. We honor Global Privacy Control browser signals as an opt-out of sale/sharing. You may also designate an authorized agent to submit a request on your behalf.

12. Children's Privacy

Tellus EHS is a workplace compliance product intended for use by adult professionals. Our website and services are not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, contact us at hello@tellusehs.com and we will delete it.

13. International Data Transfers

Tellus EHS is based in the United States and our infrastructure is hosted in the U.S. If you access our services from outside the U.S., your information will be transferred to, stored in, and processed in the U.S. Where required (e.g. transfers from the EEA / UK), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice (e.g. email or an in-product banner).

15. Contact Us

If you have questions about this Privacy Policy, our data practices, or to exercise any of your rights (including data access, correction, deletion, or opt-out), contact us at hello@tellusehs.com.