Privacy Policy

FireProof ("we," "us," or "our") is a product of ServiceVision. This Privacy Policy describes how we collect, use, and share information when you use the FireProof platform, including our web application at fireproofapp.net, our iOS and Android mobile apps, and our marketing website at fireproofapp.com (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you are using FireProof on behalf of an organization, you represent that you have authority to bind that organization to this policy.

1. What We Collect

Account and Organization Information

When you register for FireProof, we collect:

• Name and email address
• Organization name and type
• Password (stored as a bcrypt hash — we never store plaintext passwords)
• Role within your organization
• Billing information (processed via our payment provider; we do not store full card numbers)

Inspection and Compliance Data

When inspectors use the FireProof app, we collect and store:

• Extinguisher records: serial numbers, locations, types, service dates, condition notes
• Inspection results: checklist responses, pass/fail status, deficiency descriptions
• Inspector digital signatures
• GPS coordinates at time of inspection (for location verification)
• Photos captured during inspections, including EXIF metadata (timestamp, device type)
• HMAC signatures and hash data used for tamper-proofing

Device and Usage Information

We automatically collect certain technical information when you use the Service:

• Device type, operating system version, and app version
• IP address and approximate location derived from IP
• Pages and features accessed, timestamps, and session duration
• Crash reports and error logs (via Sentry error monitoring)
• Network status and connectivity information (for offline sync functionality)

Communication Data

If you contact our support team, we retain your messages and our responses. If you subscribe to product updates, we store your email address for that purpose.

2. How We Use Your Information

We use the information we collect to:

• Deliver the Service — process inspections, maintain compliance records, generate reports
• Authenticate users — issue JWT access tokens and manage sessions securely
• Sync offline data — upload inspection records from mobile devices when connectivity is restored
• Send notifications — push notifications for inspection assignments, re-inspection alerts, and sync status
• Provide customer support — respond to questions, troubleshoot issues
• Monitor reliability — detect errors, crashes, and security anomalies
• Improve the product — understand usage patterns to prioritize features (using aggregated, anonymized data)
• Fulfill legal obligations — respond to lawful requests from government authorities

We do not use inspection data or personal information for advertising or sell it to third parties for marketing purposes.

3. Data Sharing

We share data only in limited circumstances:

Service Providers

We use trusted third-party providers to operate FireProof. These providers process data on our behalf under contractual data processing agreements:

• Render — cloud hosting for the API and web application
• Cloudflare R2 — object storage for inspection photos
• Sentry — error monitoring and crash reporting
• Redis (Render Key Value) — session and rate-limiting data

Within Your Organization

Inspection records and compliance data are visible to authorized users within your FireProof tenant based on their assigned role (SystemAdministrator, TenantAdministrator, LocationManager, Inspector, or Viewer).

Customer Portal Access

If you use the FireProof Customer Portal feature, you control which inspection reports and compliance data your clients can access. Their access is limited to records you explicitly grant them permission to view.

Legal Requirements

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect the safety of any person or the integrity of the Service.

Business Transfers

If ServiceVision merges with or is acquired by another company, your data may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4. Security

We take the security of your compliance data seriously:

• All data transmitted between your device and our servers is encrypted using TLS 1.2+
• Inspection records are cryptographically signed with HMAC-SHA256, making tampering detectable
• Passwords are hashed with bcrypt (work factor 12) — we cannot recover your password
• Authentication uses short-lived JWT access tokens with rotating refresh tokens stored as HttpOnly cookies
• Access tokens expire after 15 minutes; refresh tokens expire after 7 days
• Sensitive configuration values (keys, secrets) are stored as encrypted environment variables, never in source code
• Tenant data is fully isolated — no tenant can access another tenant's records
• Rate limiting is enforced on all API endpoints to prevent abuse

No system is 100% secure. If you believe your account has been compromised, contact us immediately at security@fireproofapp.com.

5. Data Retention

We retain your data as long as your FireProof account is active. When you cancel your account:

• Account and user data is deleted within 30 days of cancellation
• Inspection records are retained for 7 years after account closure to support NFPA 10 and fire safety compliance documentation requirements, unless you request earlier deletion
• Photos stored in Cloudflare R2 are deleted within 90 days of account closure
• Backups containing your data are purged on a rolling 30-day schedule

You may request deletion of your data at any time by contacting privacy@fireproofapp.com. Note that if your organization is subject to NFPA 10 record-keeping requirements, deletion before the retention period may affect your compliance obligations.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

Access and Portability

You can export your inspection data at any time from the FireProof admin dashboard. You may also request a full export of your personal data by contacting privacy@fireproofapp.com.

Correction

You can update your name, email, and organization details directly in your account settings. For corrections to inspection records, contact your organization's FireProof administrator.

Deletion

You may request deletion of your personal information as described in the Data Retention section above.

Objection and Restriction

You may object to certain processing of your data or request that we restrict processing while you contest its accuracy or our right to use it.

California Residents (CCPA)

California residents have the right to know what personal information we have collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@fireproofapp.com.

EEA / UK Residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you have rights under GDPR including the right to lodge a complaint with your local supervisory authority. Our legal basis for processing is performance of contract (to deliver the Service) and legitimate interests (to maintain security and improve reliability).

To exercise any of these rights, email privacy@fireproofapp.com. We will respond within 30 days.

7. Cookies and Tracking

The FireProof web application uses:

• HttpOnly refresh token cookie — required for authentication; expires after 7 days or on logout. This is a functional cookie necessary for the Service to operate.
• localStorage — stores your current tenant context and remembered login email (if you select "Remember Me"). This data never leaves your device except as part of API requests.

The FireProof marketing website (fireproofapp.com) does not use analytics cookies or third-party tracking scripts. We do not use advertising pixels, retargeting, or behavioral tracking.

8. Children's Privacy

FireProof is a professional compliance management tool intended for use by organizations and their adult employees. We do not knowingly collect personal information from anyone under the age of 13. If we learn that we have inadvertently collected information from a child under 13, we will delete it promptly. Contact privacy@fireproofapp.com if you believe this has occurred.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and update the "Last updated" date at the top of this page. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

We will never materially reduce your privacy rights without providing at least 30 days advance notice.

10. Contact Us

For privacy-related questions or to exercise your rights: