Privacy Policy for Fire Rescued

Effective Date: January 9, 2025

Last Updated: January 9, 2025

1. Introduction

Fire Rescued ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

Fire Rescued is a health monitoring and fitness tracking platform designed specifically for firefighters and emergency personnel. We help fire departments track, monitor, and improve the health and readiness of their teams through advanced biometric monitoring and data analytics.

2. Information We Collect

2.1 Personal Information

  • Account Information: Name, email address, phone number, department affiliation
  • Profile Information: Age, gender, height, weight, BMI, job role, department
  • Authentication Data: Login credentials, OTP codes, password reset tokens

2.2 Health and Biometric Data

  • Sleep Data: Sleep duration, sleep stages (deep, light, REM), sleep quality scores, sleep debt
  • Physical Activity: Steps, active minutes, calories burned, exercise sessions, strain scores
  • Heart Rate Data: Resting heart rate, maximum heart rate, heart rate variability (HRV)
  • Recovery Metrics: Recovery scores, stress levels, readiness assessments
  • Body Metrics: Weight, BMI, body composition (when available)
  • Wellness Indicators: Hydration levels, nutrition data, mood tracking, mindfulness sessions

2.3 Device and Technical Information

  • Device Data: Device type, operating system, app version, device identifiers
  • Usage Analytics: App usage patterns, feature interactions, crash reports
  • Location Data: General location for timezone settings (not precise location tracking)
  • Network Information: IP address, connection type for service optimization

2.4 Wearable Device Integration

We integrate with various health and fitness devices including:

  • Garmin devices
  • Polar fitness trackers
  • Withings health devices
  • Oura rings
  • Fitbit devices
  • Apple Health (iOS)
  • Google Health Connect (Android)

3. App Permissions and How We Use Them

Fire Rescued requests specific permissions from your device to provide our health monitoring services. Below is a comprehensive list of all permissions we request and exactly how we use them:

3.1 Required Permissions (Automatically Granted)

🌐 Internet Access

Technical Name: android.permission.INTERNET

Why We Need It: Essential for all app functionality

How We Use It:

  • Sync health data with your wearable devices
  • Upload and download your health metrics
  • Send and receive real-time notifications
  • Authenticate your account securely
  • Communicate with fire department systems

Data Protection: All internet communications are encrypted using TLS/SSL protocols

3.2 Optional Permissions (Require Your Approval)

📷 Camera Access

Technical Name: android.permission.CAMERA (Android), NSCameraUsageDescription (iOS)

When We Ask: Only when you choose to take a profile photo or scan content

How We Use It:

  • Take profile photos for your account
  • Scan QR codes for device pairing
  • Capture images for exercise documentation

Your Control: You can deny this permission and still use all other app features. You can manually upload photos instead.

Data Handling: Photos are processed locally and uploaded securely to AWS S3 with encryption

🖼️ Photo Library Access

Technical Names:

  • android.permission.READ_MEDIA_IMAGES (Android 13+)
  • android.permission.READ_EXTERNAL_STORAGE (Android 12 and below)
  • NSPhotoLibraryUsageDescription (iOS)

When We Ask: Only when you choose to upload a photo from your gallery

How We Use It:

  • Select profile photos from your photo library
  • Upload exercise documentation images
  • Access images for health tracking purposes

Your Control: You can deny this permission and still take photos directly with the camera

Privacy Protection: We only access photos you specifically select - never your entire photo library

💾 Photo Library Saving

Technical Name: NSPhotoLibraryAddUsageDescription (iOS)

When We Ask: Only when you choose to save health reports or images to your device

How We Use It:

  • Save health reports as images to your photo library
  • Export exercise summaries for personal records
  • Save QR codes for device pairing

Your Control: This is entirely optional - you can view and share reports without saving them

🔔 Push Notifications

Technical Names:

  • android.permission.POST_NOTIFICATIONS (Android 13+)
  • remote-notification background mode (iOS)

When We Ask: During initial app setup or when you enable notifications

How We Use It:

  • Health alerts (low recovery, high strain warnings)
  • Exercise assignment notifications
  • Data sync completion confirmations
  • Important app updates and security alerts
  • Team communication from fire department admins

Your Control: You can disable notifications entirely or customize which types you receive

Privacy Note: Notifications are sent through Firebase Cloud Messaging with end-to-end encryption

📍 Location Services (Limited)

Technical Name: NSLocationWhenInUseUsageDescription (iOS)

When We Ask: Only for timezone detection (not currently active)

How We Would Use It:

  • Automatically detect your timezone for accurate health data
  • Ensure sleep and activity data is recorded at correct times

Important: We do NOT track your precise location or store location history

Current Status: This permission is prepared but not currently requested by the app

3.3 Health Data Permissions (Through Connected Devices)

🏥 Apple Health Integration (iOS)

When We Ask: When you choose to connect Apple Health

Data We Access:

  • Heart rate and heart rate variability
  • Sleep analysis and sleep stages
  • Activity and workout data
  • Steps, distance, and calories burned
  • Body measurements (weight, BMI)

Your Control: You can grant or deny access to each data type individually in Apple Health settings

🤖 Google Health Connect (Android)

When We Ask: When you choose to connect Google Health Connect

Data We Access: Similar to Apple Health - heart rate, sleep, activity, and body metrics

Your Control: Managed through Google Health Connect app with granular permissions

3.4 Permission Management

How to Control Permissions:

iOS: Settings → Fire Rescued → Permissions

Android: Settings → Apps → Fire Rescued → Permissions

What Happens When You Deny Permissions:

  • Camera/Photos: You can still use the app fully, just can't take/upload photos
  • Notifications: You'll miss health alerts and exercise assignments
  • Health Data: Manual data entry required, reduced functionality

Re-enabling Permissions:

You can change permission settings at any time through your device settings. The app will guide you through re-enabling permissions when needed.

4. How We Use Your Information

4.1 Primary Health Monitoring

  • Provide personalized health insights and recommendations
  • Calculate recovery, strain, and resilience scores
  • Track sleep quality and provide sleep optimization guidance
  • Monitor fitness progress and exercise performance
  • Generate health trend analysis and reports

4.2 Team Management (For Fire Departments)

  • Enable department administrators to monitor team health metrics
  • Provide aggregated team performance analytics
  • Identify potential health risks within the team
  • Facilitate exercise assignment and tracking
  • Generate department-wide health reports

4.3 Service Operations

  • Authenticate users and maintain account security
  • Send important notifications about health data and app updates
  • Provide customer support and technical assistance
  • Improve app functionality and user experience
  • Ensure service reliability and performance

4.4 Communication

  • Send OTP codes for account verification
  • Notify about health data synchronization
  • Alert about exercise assignments
  • Provide health insights and recommendations
  • Send service updates and important announcements

5. Information Sharing and Disclosure

5.1 Within Your Fire Department

  • Team Administrators: Department admins can view aggregated team health metrics
  • Individual Data: Personal health details are only shared with explicit consent
  • Emergency Situations: Critical health alerts may be shared with designated personnel

5.2 Third-Party Service Providers

  • Rook Health: Health data processing and analytics platform
  • Firebase: Authentication, push notifications, and analytics
  • AWS S3: Secure file storage for profile images and documents
  • Email Services: Transactional emails and notifications

5.3 Legal Requirements

We may disclose information when required by law, court order, or to:

  • Protect the rights and safety of users
  • Investigate potential violations of our terms
  • Comply with legal processes and government requests
  • Protect against fraud and security threats

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to the same privacy protections.

6. Data Security

6.1 Security Measures

  • Encryption: All data is encrypted in transit using TLS/SSL protocols
  • Database Security: Health data is stored in encrypted databases with access controls
  • Authentication: Multi-factor authentication and secure login processes
  • Regular Audits: Periodic security assessments and vulnerability testing

6.2 Access Controls

  • Role-based access permissions for different user types
  • Audit logs for all data access and modifications
  • Secure API endpoints with authentication requirements
  • Regular access reviews and permission updates

6.3 Data Retention

  • Active Accounts: Data retained while account is active and for legitimate business purposes
  • Inactive Accounts: Data may be retained for up to 3 years after account deactivation
  • Legal Requirements: Some data may be retained longer to comply with legal obligations
  • Health Records: Anonymized health trends may be retained for research purposes

7. Your Privacy Rights

7.1 Access and Control

  • View Your Data: Access all personal and health data through the app
  • Update Information: Modify profile and account information at any time
  • Export Data: Request a copy of your data in a portable format
  • Delete Account: Request complete account and data deletion

7.2 Health Data Management

  • Device Connections: Connect or disconnect health devices at any time
  • Data Sharing: Control what health data is shared with your department
  • Consent Management: Withdraw consent for specific data uses
  • Notification Preferences: Customize health alerts and notifications

7.3 Communication Preferences

  • Email Notifications: Opt out of non-essential communications
  • Push Notifications: Disable specific notification types
  • Marketing Communications: Unsubscribe from promotional content

8. Children's Privacy

Fire Rescued is designed for adult firefighters and emergency personnel. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

10. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to Know: Request information about data collection and sharing practices
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

11. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:

  • Lawful Basis: We process data based on consent, legitimate interests, or contractual necessity
  • Data Portability: Request your data in a machine-readable format
  • Right to Rectification: Correct inaccurate personal information
  • Right to Restriction: Limit how we process your data in certain circumstances

12. Health Information Compliance

12.1 HIPAA Considerations

While Fire Rescued is not a covered entity under HIPAA, we implement similar privacy and security measures to protect health information:

  • Administrative, physical, and technical safeguards
  • Minimum necessary access principles
  • Secure transmission and storage of health data
  • Regular risk assessments and security updates

12.2 Health Data Standards

We follow industry best practices for health data protection:

  • HL7 FHIR standards for health data interoperability
  • ISO 27001 security management principles
  • NIST cybersecurity framework guidelines

13. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes through:

  • In-app notifications
  • Email notifications to your registered email address
  • Updates posted on our website

Your continued use of the Service after such modifications constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@firerescued.com

Address: [Your Company Address]

Phone: [Your Contact Number]

Data Protection Officer: [If applicable]

Email: dpo@firerescued.com

15. Dispute Resolution

For privacy-related disputes, we encourage you to contact us directly. If you are not satisfied with our response, you may:

  • File a complaint with your local data protection authority
  • Seek resolution through binding arbitration (where applicable)
  • Pursue legal remedies under applicable privacy laws