Privacy Policy

If you skim only one section, make it this one.

• —We collect what we need to run the service — your account info, the project data you enter, your payment information (via Stripe), and basic usage logs.
• —We use it to provide the service, generate your submittal packages, bill your subscription, and improve the product.
• —We share data only with vendors who help us run the service (hosting, payment, email) — under contracts that restrict what they can do with it.
• —We do not sell your data. We do not share it with advertisers. We do not use your project data to train AI models for outside parties.
• —You can export, correct, or delete your data at any time from Account → Privacy, or by emailing [email protected].

The rest of this policy is the detail.

We collect four categories of information.

2.1Account information

When you create an account we ask for your email address, a password (stored hashed — we never see the plaintext), and your shop or company name. If you later update your profile, the new values replace the old ones.

2.2Project information you enter

To generate submittal packages, you enter:

• —Project name, address, and AHJ contact details.
• —Building owner and contractor names (and the engineer-of-record's contact, if you choose to enter it).
• —Panel make and model, circuit definitions, and device lists with quantities and addresses.
• —Inspection notes and any custom fields you add.

This information is owned by you. We use it solely to provide the service to your account.

2.3Payment information

Payments are processed by Stripe. When you subscribe or add a payment method, you enter card details directly into a Stripe-hosted form embedded in our app. We receive a token and the last four digits of the card; we never receive the full card number, CVC, or expiration. Stripe's privacy practices govern that data — see stripe.com/privacy.

2.4Usage & technical data

When you use the service, our servers automatically record:

• —Your IP address, browser type, and operating system.
• —Pages you visit, features you use, and which manufacturer's templates your account generates.
• —Timing and success/failure of each operation, for error monitoring and performance optimization.
• —Authentication events — logins, password changes, password resets.

This information is used to keep the service running and secure. It is not combined with marketing data and is not used for behavioral advertising.

We use your information to:

• —Run the service. Authenticate logins, save your projects, generate the PDFs you request, fetch cut sheets, and deliver the result to your browser.
• —Bill your subscription. Charge the payment method on file, generate invoices, and resolve payment failures.
• —Communicate with you. Send transactional emails (password resets, receipts, security alerts), and — only if you opt in — product-update emails. We do not send marketing email to non-customers without consent.
• —Improve the product. Aggregate, anonymized usage data tells us which features matter and where users get stuck. We never use your project data — names, addresses, device lists — to train AI models or share with third parties for product development.
• —Protect the service. Detect abuse, fraud, and security incidents. Investigate and respond to reports of misuse.
• —Comply with the law. Respond to lawful legal process and protect our rights.

We share information only in these limited circumstances:

4.1Service providers (sub-processors)

We use third-party vendors to operate the service. Each is bound by a written data-processing agreement that restricts use to providing the service to FireDeck:

4.2Legal process

We may disclose information when we believe in good faith that disclosure is required by law — for example, in response to a valid subpoena, court order, or government request. We will notify you of any such request unless we are legally prohibited from doing so.

4.3Business transfers

If FireDeck is involved in a merger, acquisition, reorganization, or sale of assets, your information may transfer as part of that transaction. We will notify you in advance via email and post a notice on this page if the receiving entity's privacy practices differ materially from ours.

We use cookies (small files stored by your browser) for three things:

• —Authentication. To keep you signed in across pages and between sessions. This is a strictly necessary cookie; the service does not function without it.
• —Preferences. To remember UI choices such as which manufacturer template you last used.
• —CSRF protection. To prevent cross-site request forgery on form submissions.

We do not use third-party advertising cookies, cross-site trackers, or fingerprinting. We do not currently use analytics that profile individual users; if we add basic, privacy-respecting analytics in the future, we will update this page and provide a way to opt out.

Most browsers let you block or delete cookies. Blocking the authentication cookie will sign you out and prevent you from using the service.

How long we keep things depends on what they are:

We take reasonable measures to protect your information against loss, unauthorized access, alteration, and disclosure. These include:

• —Encryption in transit using HTTPS / TLS 1.2+.
• —Encryption at rest for databases and backups.
• —Passwords stored using a slow, salted hash function — never in plaintext.
• —Role-based access controls; only the engineers who need it can reach production data, and access is logged.
• —Regular dependency updates and vulnerability scanning.
• —An internal incident-response process for security events.

No system is perfectly secure. If we discover a breach affecting your personal information, we will notify affected accounts without undue delay, in any event within the timeframe required by applicable law.

If you believe your account has been compromised, contact [email protected] immediately.

Regardless of where you live, you have these rights with respect to your personal information:

• —Access. Request a copy of what we have about you.
• —Correction. Update profile fields directly in Account → Profile, or ask us to.
• —Export. Download your projects and submittals from Account → Export, in JSON and PDF formats.
• —Deletion. Delete your account from Account → Privacy, or email us. Subject to legal retention obligations (billing records).
• —Object. Ask us to stop processing your data for any specific purpose. Where the processing is essential to providing the service, this may require closing your account.
• —Complain. Lodge a complaint with the data protection authority where you live.

To exercise any of these rights, email [email protected]. We respond within 30 days, or sooner where required by law. We may ask you to verify your identity before acting on requests for access or deletion.

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act.

9.1Categories of information collected

In the past 12 months we have collected the following categories of personal information, as defined by California law: identifiers (name, email, IP), commercial information (subscription history), internet activity (logs, feature usage), professional information (shop name, AHJ contacts), and geolocation (city-level, derived from IP).

9.2Sale or sharing of personal information

We do not sell personal information.We do not share personal information for cross-context behavioral advertising. There is no “Do Not Sell” toggle because there is nothing to opt out of.

9.3Right to know, delete, correct, and limit

You may request access, deletion, correction, and limitation of use of sensitive personal information by emailing [email protected]. We will not discriminate against you for exercising these rights — your subscription terms and pricing remain unchanged.

Authorized agents acting on your behalf must provide written authorization signed by you; we may also contact you to verify.

FireDeck is operated from the United States. If you use the service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the service, you consent to that transfer.

FireDeck is currently marketed primarily to fire alarm professionals working in North America. If we expand into the European Economic Area or the United Kingdom, this policy will be updated to address GDPR/UK-GDPR-specific rights, lawful bases, and transfer mechanisms (e.g., standard contractual clauses).

The service is intended for use by adult professionals. It is not directed to children, and we do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it. If you believe a minor has provided us information, contact [email protected].

We may update this policy as the service evolves. If we make material changes, we will notify active accounts by email and post a notice at the top of this page at least 14 days before the change takes effect. Continued use after the effective date constitutes acceptance.

Older versions are archived and available on request.

For privacy questions, deletion requests, or to exercise your rights, contact: