1.Who we are
Fire Manager (“Fire Manager,” “we,” or “us”) is a multi-tenant software-as-a-service platform for fire department operations, assets, and records. The Fire Manager service is operated from the United States.
For privacy-related requests or questions, contact privacy@firemanager.app.
2.What we collect
We collect only the data necessary to operate the Fire Manager service for your department.
Account & personnel
- Name, email, phone number, employee ID (when provided)
- Rank, role, home station, shift assignment, hire date
- Department-issued certifications and training history
- Account credentials managed by Supabase Auth (passwords are never stored in plain text)
Operational data
- Apparatus, equipment, SCBA, PPE, and hydrant records
- Daily truck checks, inspections, work orders, and pre-incident plans
- Chore completions, time-clock punches, scheduled shifts, PTO requests
- Incident reports filed for federal NERIS submission
- Photos uploaded for failed checks, work orders, and pre-plans
- Geolocation data when explicitly used by a feature (e.g. geofenced clock-in, hydrant placement)
Technical & usage data
- Browser type, device type, IP address (for security and abuse prevention)
- Mobile push notification tokens (FCM / APNs) when you opt into mobile push
- Application audit log: who created, edited, or deleted what record, and when
- Error reports (no personal data; only stack traces and request metadata)
3.What we do NOT collect
By design, Fire Manager does not collect or store:
- Patient Health Information (PHI) — Fire Manager is not an electronic patient care record (ePCR) system. We do not store patient clinical data, run-report narratives, vitals, treatments, or any information protected under HIPAA. Your EMS records platform stays separate.
- Cross-tenant data exposure— every database query is filtered by tenant ID at the application layer, and a continuous-integration gate prevents new queries from being deployed without that filter. One department's data is architecturally inaccessible to another's.
- Children's data — Fire Manager is intended for use by adult fire department personnel only. We do not knowingly collect data from anyone under 13.
- Behavioral advertising profiles — we do not sell, rent, or license your data, and we do not use it for advertising.
4.How we use your data
We use the data we collect for the following purposes:
- To provide the Fire Manager service to your department
- To synchronize approved incident reports with the federal NERIS database
- To send notifications you have opted into (email, web push, mobile push)
- To maintain audit history for compliance review
- To monitor for security incidents, abuse, and service errors
- To improve the product (aggregated, non-identifying patterns)
- To comply with legal obligations and federal reporting requirements
5.Who we share data with
We share data with a limited set of vetted infrastructure providers, all of whom are bound by data processing agreements:
- Supabase — Postgres database, authentication, file storage, and real-time messaging
- Vercel — application hosting and edge caching
- PowerSync — mobile data synchronization
- Resend — transactional email delivery
- Sentry — error monitoring (no personal data sent)
- Google Firebase Cloud Messaging — Android and iOS push notification delivery
- Fire Safety Research Institute / NERIS — federal incident reports, only when explicitly approved by a chief
We do not sell, rent, license, or otherwise commercially share your data with any party not listed above. We will disclose data when required by law, valid legal process, or to protect the safety of our users or the public.
6.Data retention
- Active department data is retained while your department is an active customer.
- If a department is disabled, its data is archived for seven (7) years to align with TCFP and NFPA record-retention requirements, then permanently deleted by an automated nightly process.
- Federal incident reports synced to NERIS are subject to the NERIS / FSRI retention policy and are not under our control once submitted.
- Audit log entries are retained for the life of the tenant.
- Error reports are retained for 90 days, then deleted.
7.Your rights
Subject to applicable law (including the Texas Data Privacy and Security Act, the California Consumer Privacy Act, and the EU General Data Protection Regulation where applicable), you have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Request deletion of personal data, subject to operational and legal retention requirements
- Export your personal data in a portable format
- Object to specific processing activities or withdraw consent
- Lodge a complaint with a supervisory authority
To exercise any of these rights, email privacy@firemanager.app. We will respond within 30 days. Note that for personnel records, the request may need to be routed through your department's administrator since they are the data controller.
8.Security
- All data is transmitted over TLS 1.2 or higher.
- Database connections from the application are restricted to U.S. regions.
- Mobile push notification tokens are stored encrypted at rest and never exposed to client-side code.
- Federal incident data is routed exclusively through U.S.-based compute, per NERIS Geo-IP requirements.
- We maintain an audit log of every create, update, and delete on tenant data.
No system is perfectly secure. If you believe your account has been compromised, change your password immediately and contact us at security@firemanager.app.
9.Cookies
- Authentication cookies — required to keep you signed in. Issued by Supabase Auth.
- Acting-as cookies — used by platform administrators when providing support within a department tenant. Cleared on sign-out.
- Preference cookies — UI theme, sidebar collapsed state, and similar non-essential settings.
We do not use third-party analytics or advertising cookies.
10.Children's privacy
Fire Manager is intended for use by adult fire department personnel only. We do not knowingly collect personal information from anyone under the age of 13. If you believe a minor has provided us personal information, contact us at privacy@firemanager.app and we will promptly delete it.
11.Changes to this policy
We will update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. For material changes that affect how we collect or use personal data, we will notify users by email or in-app banner at least thirty (30) days before the change takes effect.