University of California Risk and Safety Solutions (RSS) is committed to protecting the privacy and accuracy of your personally identifiable information and the confidentiality of your business data.
The following Privacy Statement and Terms of Use apply to RSS Services, including RSS Platform (web application) and RSS Go (mobile application), which are provided by RSS as software-as-a-service (SaaS) offerings.
Protection of your personally identifiable information is governed by University of California policies and applicable state and federal laws. Other than as stated below or required by laws that guarantee public access to certain types of information or in response to subpoenas or other legal instruments that require disclosure, personally identifiable information will not be disclosed without your consent. RSS takes many precautions for the security of personal information and continually monitors its systems and practices to enhance the security of sensitive information.
When you use RSS Services, you agree to these terms and conditions. Please refer to the contact information at the end of this statement if you have questions or concerns about this statement. Your use of RSS Services will be subject to the most recent RSS Services Privacy Statement and Terms of Use. Since this statement may be updated from time to time, we urge you to visit this site regularly to review the current statement.
Risk and Safety Solutions (RSS)
University of California Risk and Safety Solutions is the organization that develops and operates RSS Services.
The software-as-a-service (SaaS) offering provided by RSS comprises RSS Platform (web application) and RSS Go (mobile application).
The web application component of RSS Services.
The mobile application component of RSS Services.
A Strictly Necessary Cookie is an essential type of cookie used by the website to ensure seamless functionality; without these cookies, certain core functions of the site would not operate properly.
Functional Cookies allow website owners to personalize the browsing experience of their end-users, providing additional functionality that can greatly enhance the user experience.
Analytics or Performance Cookies are used to monitor website visitors and user behavior, enhance website performance, and ultimately provide a seamless user experience.
PII is any information that can be used to distinguish or trace an individual's identity, or that is linked or linkable to an individual. Examples include name, contact information, employment information, and unique identifiers assigned by an organization.
Personally Identifiable Information (PII) collected by RSS Services is communicated and agreed upon with your organization (company or educational institution) prior to onboarding. PII collection is normally limited to first name, last name, business email, business phone, department, affiliation type (e.g., staff, faculty, student), employee ID, login ID, or other unique identifiers generated by your organization. Please contact your information technology help desk for further details on the information provided to RSS Services. RSS is not responsible for the accuracy of information provided by your organization
Some features within RSS Services allow for the submission of photos or documents. Please be informed of and follow your organization's policies regarding the taking of photos and handling of documents with sensitive material. RSS is not responsible for violations of your organization's policies regarding photos and documents uploaded to RSS Services.
Additional information is collected while you use RSS Services. This includes your internet domain, IP address, type of device, browser, operating system, date visited, time visited, pages visited, search terms used on our search engines, information used to fill out forms and transaction data, identifiers and names of the forms, templates, and questions you interact with, and recordings of page activity and network traffic. A general geolocation may be derived from your IP address. However, derived geolocation information is not more specific than city, county, and/or region.
RSS Go, our mobile application, leverages mobile device capabilities to enhance specific solutions when the user enables them. Mobile sensor data may include, but is not limited to, information from the built-in camera and GPS. When these data sources and sensors are used in the mobile app, the user has the ability to enable or disable them for use in RSS Services. Mobile device data is only collected and retained as necessary to support the business purposes of RSS Services
Directory information may be provided to us by your organization via a directory service integration. Directory information is also provided when you log into RSS Services. Please direct any questions or concerns regarding the release of directory information to your organization. For educational institutions, please see the FERPA section for more information relevant to directory information.
Personally Identifiable Information (PII) is used to share business data with authorized users in your organization. To keep you informed of activities requiring your attention, we may use the personal information we collect to send notifications within RSS Services or for user support communications.
RSS Services use Strictly Necessary Cookies, Functional Cookies, and Analytics Cookies to deliver web content specific to your security session or profile settings or to keep track of online transactions. PII stored in cookies is limited to first name, last name, business email, login ID, and organization name. Cookies are only used by RSS to track activity within RSS Services.
RSS Services use third-party services to understand product usage, diagnose technical issues, and improve the user experience. This includes a third-party diagnostic service that uses information collected during your sessions to support troubleshooting and product improvement. Access to data collected by these services is limited to authorized RSS personnel for troubleshooting, support, or product-improvement purposes. Third-party service providers are contractually prohibited from using this data for any purpose outside of providing services to RSS.
RSS leverages artificial intelligence (AI) within RSS Services. RSS does not use customer data to train or fine-tune any AI models. Customer data submitted to AI providers is subject to contractual protections at least equivalent to those maintained by RSS. AI providers are contractually prohibited from retaining or training on RSS customer data.
Except as noted in this statement or required by law, RSS will not disclose or share personally identifiable information without your consent.
RSS partners with third-party service providers to deliver RSS Services. All third-party service providers process RSS customer data within the United States and are contractually bound to process data only as necessary to provide their services to RSS. These providers are prohibited from selling RSS customer data, from using RSS customer data for their own purposes, and from disclosing RSS customer data except as required by law or expressly authorized by RSS.
RSS Services integrates with a third-party training delivery provider to manage and deliver training assigned to users. To associate users with their training records and retrieve enrollment status, user email addresses are transmitted to this provider.
Questions regarding your options to review, correct, or delete previously provided personal information should first be directed to the maintainers of your organization's information technology and then to RSS via service@RiskandSafetySolutions.com.
Submitted sensitive information is protected both online and offline. RSS Services utilizes a secure architecture to ensure the confidentiality, integrity, and availability of our services. RSS customer data is encrypted in transit using Transport Layer Security (TLS) with strong ciphers and at rest using strong encryption. RSS Services are hosted by cloud providers with rigorous physical, technical, and administrative safeguards. RSS monitors its environment to detect vulnerabilities and cyber threats. RSS has well-defined disaster recovery, business continuity, and incident response plans. Only authorized RSS personnel who need the information to perform specific job functions are granted access to user data.
RSS Services are monitored for cybersecurity threats and to protect user privacy. Information that is monitored is limited to the details listed under Information Collection. RSS staff may review user activity only when authorized for user support or security concerns. User activity may also be subject to audit by University of California staff or authorized third parties when managing or assisting with security incidents.
Phishing is a cybercrime that involves the attempt to acquire personal information such as usernames, passwords, or other identifying information by masquerading as a trustworthy entity in an email. RSS does not request or solicit personal information via email. If you believe you have responded to a phishing attempt, contact your organization's IT support and notify the RSS Service Desk at service@RiskandSafetySolutions.com immediately.
Never leave your computer or mobile device unattended during a browser session in RSS Services. Protect your information by logging out and closing your browser when you are finished with each session.
RSS staff do not have access to users' passwords.
If your organization has integrated its own single sign-on (SSO) provider with RSS Services, it maintains control of your account and password. Multi-factor authentication is also managed by your organization.
Your organization may have opted to manage accounts within RSS Services. RSS uses secure Identity Management (IdM) solutions for managing these accounts. RSS staff follow secure procedures for managing IdM frameworks. Passwords are stored in the IdM solution using cryptographic hashing algorithms. Multi-factor authentication is available for these accounts upon request by your organization.
We are committed to ensuring that RSS Services are accessible to everyone, including individuals with disabilities. Please review the RSS Accessibility Statement at https://riskandsafety.com/accessibility-statement.
The Family and Educational Rights and Privacy Act (FERPA) (20 U.S.C. ยง 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of students' education records. If you are using RSS Services as a student, faculty, or staff member of an educational institution, please read this section.
RSS maintains reasonable administrative, physical, and technical standards to ensure that no unauthorized persons are able to gain access to any student information that may be considered confidential under FERPA. For example:
If you have any questions regarding support of Protected Health Information (PHI) and HIPAA compliance, please contact service@RiskandSafetySolutions.com, and we will route you to the appropriate representative.
You may encounter links to other websites of organizations not directly affiliated with RSS. Please be aware that RSS is not responsible for the information practices of external organizations that are linked from our website. We recommend that you review the privacy statements of each external website that collects personal information.
RSS is not responsible for the security or privacy of any software on your device that you may use in conjunction with RSS Services. This includes speech-to-text, virtual assistants (e.g., Siri, Alexa, Cortana, or Google Assistant), personal AI assistants (e.g., ChatGPT, Claude, Gemini, or Copilot), photography, communications, or other productivity applications. Data shared with or accessed by these applications is subject to their respective privacy policies and terms of use, not this statement.
Any revisions to this privacy policy will be posted at this URL. If we make material changes to this Privacy Statement and Terms of Use, we will post an announcement through RSS Services.
You may submit inquiries about this policy to service@RiskandSafetySolutions.com.
Effective: July 9th, 2026