ProResponder Privacy Policy

1. Information We Collect

We only collect data needed to operate the Services, protect user accounts, and meet contractual or legal obligations.

1.1 Account & Agency Information

• Name, email, and optional phone number used to register or maintain an account.
• Agency membership, roles, scopes, and audit history of authorized changes.
• Authentication identifiers such as Firebase UIDs and internal user IDs.

1.2 Operational & Incident Data

• Documents, notifications, feature libraries, medication catalogs, and other records uploaded or managed by your agency.
• Support or feedback submissions (name, email, message, and optional subject/category).
• Terms-of-service acceptance records (device identifier, app version, platform, locale, acceptance timestamp).
• Push notification tokens tied to your device and agency so we can deliver alerts you enable.

1.3 Device & Technical Data

• App, OS, and device metadata (platform, version, locale), IP addresses, and timestamps captured in server logs for security and reliability.
• Feature-usage analytics events (feature name, action, optional details) linked to agency environments.

1.4 Location Data (optional)

• Precise location (GPS/OS-provided coordinates) when you enable location-based features to show nearby weather alerts/forecasts or to sort landing zones by distance. Coordinates are used in-session and may be sent to the U.S. National Weather Service (or our proxy) solely to return nearby weather data. Location is not used for advertising.

1.5 Billing

• When personal billing is enabled, payment processing is handled by Stripe. We receive Stripe customer, subscription, and payment intent IDs, along with billing contact details; we do not store full card numbers.

2. How We Use Information

• Authenticate users, enforce roles and scopes, and operate agency-tenanted workspaces.
• Deliver documents, notifications, feature data, and agency configuration to authorized users.
• Provide push notifications using registered device tokens when enabled by the user or agency.
• Use your chosen device location to show nearby weather alerts/forecasts and to order landing zones by distance.
• Monitor reliability, debug issues, prevent fraud or abuse, and produce aggregated analytics for performance and adoption.
• Respond to support requests, feedback, and account deletion inquiries.
• Process subscriptions and payments through Stripe and comply with legal obligations.

3. How We Share Information

• Agency administrators: Super admins for your agency can view and manage data for users in their tenant.
• Service providers: Trusted vendors that host infrastructure, deliver email or push notifications, provide authentication (e.g., Firebase), analytics, or payment processing (Stripe). They receive only what is necessary and must protect the data.
• External APIs (location-based weather): When you request “nearby” weather alerts or forecasts, your coordinates are sent to the U.S. National Weather Service (or our proxy) solely to retrieve that data.
• Legal and safety: If required to comply with law, protect rights or safety, or respond to lawful requests.
• Business transfers: If we are involved in a merger, acquisition, or asset sale, data may transfer subject to this policy.
• We do not sell personal information or share it for third-party advertising or cross-app tracking.

4. Data Retention & Deletion

We keep data for as long as necessary to provide the Services, meet legal obligations, resolve disputes, and enforce agreements. Agency-provided data follows that agency’s retention rules. Location coordinates used for weather or landing zones are processed in-session and not retained on our servers beyond transient logs. Push tokens are refreshed and may be deleted after inactivity. You may request deletion of your account and related data at proresponder.app/account-deletion or by contacting us.

5. Security

We apply technical and organizational safeguards including TLS encryption in transit, tenant isolation, role-based access controls, audit logging, and least-privilege access for staff. No system is perfectly secure; please use strong credentials and protect your devices.

6. Your Rights & Controls

• Access & correction: Agency administrators can update many records; contact us for assistance if additional changes are needed.
• Deletion: Submit requests at proresponder.app/account-deletion or email us; verification may be required.
• Notifications: You can disable push notifications at the device level; transactional security emails may still be required.
• Portability & restrictions: Where applicable by law, you may request a copy of your data or ask us to restrict certain processing.

7. Children’s Privacy

The Services are for professional emergency-response organizations and are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a minor has provided data, contact us so we can delete it.

8. International Data Transfers

Infrastructure is primarily located in the United States. Agencies operating outside the U.S. are responsible for complying with local requirements and obtaining any necessary consents for cross-border transfers.

9. App Store & Google Play Disclosures

To align with Apple App Store and Google Play requirements, we disclose the following about our mobile apps:

• Data collected (linked to your account or device): contact information (name, email, optional phone), agency and role metadata, Firebase UID, internal user IDs, device or app identifiers (platform, app version, locale, push token), precise location when you enable location-based weather or landing zone features, feature-usage events, server log data (IP address, timestamps), support messages, and billing contact data handled by Stripe.
• Purposes: app functionality, account management, authentication, security/fraud prevention, analytics to improve reliability, customer support, and payment processing. Data is not used for third-party advertising or cross-app tracking.
• Sharing: service providers (hosting, Firebase auth, email/push delivery, analytics infrastructure, Stripe payments) under confidentiality and data protection terms; not sold or shared for ad targeting.
• Data safety: data is encrypted in transit; users can request deletion; account-level deletion is available; push notification tokens can be removed by disabling notifications.
• Data we do not collect: contact lists, photos, camera/voice recordings, health data, device files, SMS, or advertising identifiers beyond what is listed above.

10. Changes to This Policy

We may update this policy to reflect new features, legal requirements, or operational changes. We will post updates with a revised “Last updated” date and may notify admins in-app or by email when changes are material.

11. Contact Us

If you have questions or requests regarding this policy or our data practices, contact us at support@proresponder.app or mail ProResponder Support, 1500 Riverwalk Street, Suite 410, Washington, NC 27889, USA.