QR site profile: the code is an address, not a key
1 minHSE officerOrg owner
Put a QR sticker on every site. Scanning it opens the site page — and the page itself expands into three layers by who opens it. The governing principle: the code is an address, not a key — the sticker is public by nature and grants no permission on its own.
The three layers
- Anonymous (no login): sees the site name, hazard tags, the assembly point, and a "Report a hazard" form. Nothing sensitive — the precise asset location and internal data are never exported.
- A signed-in worker (same organization): also gets the daily utility — the permits active here now, the nearest first-aid kit, and the live evacuation routes.
- A supervisor: sees the full site profile — assets, inspections, incidents, energy, audits, employees… each section appears only with its permission.
Why it works
A sticker used only for rare reporting is never scanned. The worker's daily utility is what builds the scanning habit that feeds reporting. And every scan and report is a field fact.
Stickers: printing and revocation
From QR locations:
- "Print stickers" generates an A4 sheet (a code + the site name + a short code) ready to post.
- "Revoke" deactivates the code, so its public page returns 404.
- "Reissue" rotates the code to a new value — so every printed sticker dies at once (safety for a replaced or lost sticker). Reports link to the location, not the code, so no history is lost.