Privacy Practices

Plain answers about your data.

ResponderOS is built by a first‑line responder, for front‑line responders. The personnel records you put into it — counseling logs, evaluations, station notes — are operationally sensitive. This page explains exactly what we collect, what we do with it, and what we never will. We do not sell or monetize personal data. Ever.

Effective: [INSERT DATE] · Last updated: [INSERT DATE]

Privacy at a glance

The whole policy, in eight cells. Full detail below.

We collect
Only what's needed to run the app
We don't sell
Your data to advertisers
We don't track
You across apps or websites
We don't analyze
Personnel content for any purpose
We use
Aggregate, de‑identified app usage to fix bugs & improve the app
Your org owns
All personnel data you enter
Encryption
In transit (TLS) and at rest
You can
Export or delete your data anytime

01Who we are

ResponderOS is a product of [Your LLC Name] (referred to as "we," "us," or "ResponderOS" in this policy), a Virginia limited liability company. The app is designed for front‑line public safety personnel — fire, EMS, and law enforcement — to document and manage shift‑level operational work.

Contact for any privacy question: privacy@responderos.com.

02What we collect

ResponderOS is built to do its job with as little data as possible. Here's everything we collect, why, and how it's classified for Apple's App Privacy disclosures:

Data Why we have it Linked to you?
Email address Account identifier; how you sign in Yes
Display name & role info (rank, shift, station) Identifies you to colleagues inside your org Yes
Password (hashed) Sign‑in. Hashed by Firebase Authentication — we never see the original Yes
Personnel content you create The records you choose to document (counseling logs, station visits, scene notes, etc.) Yes
Device push token To deliver push notifications you opt into Yes
Crash & diagnostic info To fix bugs. Apple‑provided, anonymized by the OS No

What we explicitly do not collect

  • Location data of any kind
  • Contacts, photos, microphone, or camera access — unless you specifically attach a photo to a record, in which case it goes only into that record
  • Advertising identifiers (IDFA), tracking cookies, or cross‑app identifiers
  • Health, financial, or government ID information
  • Anything from other apps on your device

03How we use it

We use the data above only for the following purposes:

  • To operate the service. Authenticating you, storing and syncing the records you create, delivering notifications you opted into.
  • To improve the app. We may review aggregate, de‑identified patterns of how the app is used — for example, which screens are slow, which workflows have unusually high abandonment — to fix bugs and prioritize improvements. We do not read, analyze, or process the content you create (counseling logs, station notes, evaluations, etc.) for this purpose or any other.
  • To communicate with you. Sign‑in confirmations, password resets, security notices, and (only if you opt in) product updates.
  • To comply with the law. If we receive a valid legal request, we will comply with it. We'll notify your organization administrator unless legally prohibited.

04What we don't do

This section exists because it's the part most worth being clear about.

  • We do not sell, rent, or monetize personal data. Not to advertisers, not to data brokers, not to anyone.
  • We do not run advertising in the app. No banner ads, no native ads, no sponsored content.
  • We do not track you across other apps or websites. ResponderOS does not use Apple's App Tracking Transparency framework because we do not track.
  • We do not read or analyze the personnel content you create. Your counseling logs, evaluations, station notes, and other records are stored encrypted and accessed only by you and authorized members of your organization. We do not use them to train models, improve features, or any other purpose.
  • We do not share your data with anyone outside of the operational processors listed in Section 5.

05Sharing & processors

To operate the app, we rely on a small number of trusted infrastructure providers. They process data only on our instructions and only to provide the specific service named.

Google Firebase (Google LLC)

ResponderOS's backend runs on Google Firebase, which provides three services to us:

  • Firebase Authentication — handles sign‑in. Receives your email and a hashed version of your password.
  • Cloud Firestore — stores the records you create. Encrypted at rest in Google's US‑based data centers.
  • Firebase Cloud Messaging — delivers push notifications. Receives your device push token and the contents of notifications we send.

Google's processing of this data is governed by the Firebase Data Processing and Security Terms. We do not use Firebase Analytics, Crashlytics, or Performance Monitoring.

Apple Inc.

Apple delivers push notifications to your device through the Apple Push Notification service (APNS). Apple may also collect anonymous diagnostic information through iOS itself, which is governed by Apple's own privacy policy. Apple does not receive the content of your records.

Your organization (if applicable)

If you use ResponderOS through an organizational license — for example, your fire department or EMS agency — the data you create within the app is accessible to authorized administrators within that organization, under the access controls they configure. Your organization is the data controller for personnel records; ResponderOS is a data processor acting on the organization's behalf. Organizational customers may enter into a separate Data Processing Agreement with us.

What this means in practice

Only three external parties are ever involved in your data: Google (running our backend), Apple (delivering push notifications), and — if applicable — your own organization's admins. That's it. No advertisers, no analytics vendors, no data brokers.

06Data retention

We retain data only as long as it serves the purposes described in this policy:

  • Account data. Retained for as long as your account is active. If you delete your account, we delete the associated authentication record within 30 days.
  • Personnel records you create. Retained according to your organization's retention policy. If you use ResponderOS individually (without an organization), records you create are retained until you delete them or delete your account.
  • Backups. Encrypted backups may retain data for up to 90 days after deletion before being permanently overwritten, as part of normal disaster recovery.
  • Legal holds. Where required by law, we may retain specific records longer. If this happens to your data, we'll notify you unless prohibited.

07Your rights

Regardless of where you live, you can do the following at any time:

  • Access — request a copy of the data we have about you.
  • Correct — fix anything inaccurate.
  • Delete — request deletion of your account and associated data.
  • Export — receive your data in a portable format (JSON or CSV).
  • Withdraw consent — for any optional processing you previously opted into (e.g., product update emails).
  • Object — to any processing you believe is unnecessary or excessive.

To exercise any of these, email privacy@responderos.com. We'll respond within 30 days. We do not charge for these requests.

Residents of California, Virginia, Colorado, Connecticut, and Utah

You have additional rights under your state's privacy laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA), including the right to opt out of the "sale" or "sharing" of personal information. ResponderOS does not sell or share personal information as those terms are defined under any of these laws. You can still exercise any of the rights listed above by contacting us.

08Security

We take security seriously because the records you put into ResponderOS are operationally sensitive. Our practices include:

  • Encryption in transit using TLS 1.2 or higher for all network communication.
  • Encryption at rest for all stored data, using Google Firebase's default AES‑256 encryption.
  • Role‑based access controls at the organization level — your administrators decide who can see what.
  • Admin‑invited access only — no public sign‑up. New users join through an invitation from an authorized administrator at your organization.
  • Audit logging of administrative actions within your organization.
  • No password storage on our end. Firebase Authentication hashes passwords; we never see or store them in plain text.

No system is ever fully secure. If you become aware of a vulnerability, please report it to security@responderos.com. If a breach affects you, we'll notify you within 72 hours of becoming aware of it, as required by applicable law.

09Children's privacy

ResponderOS is a professional tool for adult public safety personnel. It is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13 years of age. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@responderos.com.

10Where data is stored

ResponderOS data is stored in the United States, in Google Firebase data centers. If you access the app from outside the U.S., your data will be transferred to and processed in the U.S. By using ResponderOS, you consent to this transfer. We do not currently support data residency in other jurisdictions; if your organization requires it, contact us to discuss options.

11Changes to this policy

If we make material changes to this policy, we'll notify you by email and/or by an in‑app notice before the changes take effect. The effective date at the top of this page reflects when the current version was published. Continued use of ResponderOS after a change indicates acceptance of the updated policy.