Legal
Privacy Policy
Effective: 2026-07-07
Template pending counsel review — not yet legal advice. This policy is a standard SaaS template and will be replaced by a version reviewed by an attorney before general availability.
This policy describes what FireCode 360 collects, why, who processes it for us, and the choices you have. Short version: we collect what the product needs to keep your inspection records, we don't run ad tracking, and we don't sell your data.
1. What we collect
- Account data — name, email address, password hash, organization name and timezone, and your role in the organization.
- Buildings and inspection records — building names and addresses, fire protection systems, inspection results, deficiencies, dates, and the names/qualifications of the people who performed inspections.
- Photos and documents — photos captured during inspections (with capture timestamps and, if your device includes it, EXIF location data) and files you upload to the documents vault.
- Billing data — plan, subscription status, and invoice history. Card details are handled entirely by Stripe.
- Contact and lead data — messages you send through the contact form and email addresses you submit to receive guides or checklists.
- Usage and log data— server logs (IP address, timestamps, pages requested) and basic product events (for example, “first inspection finalized”) used for security, rate limiting, and improving the product.
2. How we use it
We use your data to operate the Service: storing records, sending reminder and digest emails, generating PDF reports, processing subscriptions, preventing abuse, and providing support. We do not sell personal information and we do not use your inspection data for advertising.
3. Who processes it for us
We rely on a small set of infrastructure providers, each bound by its own data processing terms:
- Vercel — Application hosting, file storage for photos and PDF reports, and basic analytics.
- Neon — Postgres database hosting — where your account, building, and inspection data lives.
- Stripe — Payment processing. Card numbers go directly to Stripe; we never see or store them.
- Resend — Transactional email — reminders, weekly digests, invites, and receipts.
All providers store data in the United States. We share data with them only as needed to run the Service, and with authorities only when legally required.
5. Retention
Inspection records are the point of the product, so we keep them for as long as your account exists — including after downgrades, when data becomes read-only but is never deleted. Server logs are kept for a short operational window. Lead and contact-form entries are kept until you ask us to remove them. When an account is deleted, backups age out within roughly 30 days.
6. Deleting your data
Email hello@firecode360.com or use the contact page from the address on your account to request deletion of your account and all associated data. We will confirm and complete the deletion within 30 days, except records we must keep for legal or accounting reasons (for example, invoices).
7. Your rights (CCPA, GDPR)
Wherever you are, we extend the same core rights: to know what personal data we hold about you, to receive a copy of it (the in-app export covers your organization's records; email us for the rest), to correct it, and to have it deleted. California residents have these rights under the CCPA/CPRA; we do not sell or “share” personal information as those laws define it. If you are in the EU/UK, the GDPR rights of access, rectification, erasure, and portability apply, and you may lodge a complaint with your supervisory authority.
To exercise any right, contact hello@firecode360.com. We will respond within 30 days and will not discriminate against you for asking.
8. Changes to this policy
If we make material changes, we will email account owners at least 14 days before they take effect and update the date at the top of this page.
9. Contact
Privacy questions: hello@firecode360.com, or use the contact page.