Privacy Policy

    Last updated: June 1, 2026

    What this privacy policy covers

    This privacy policy pertains to the use of the EMAssistant website at emassistant.com, the EMAssistant web application, and all EMAssistant mobile applications including FRAssistant for iOS and Android (collectively, the "Service" or "Services"). This privacy policy covers how EMAssistant ("EMAssistant", "We", "Us", or "Our") treats personal information that we collect and receive. It also describes the choices available to you regarding our use of your personal information and how you can access, update, and delete this information.

    Personal information is information about you that is personally identifiable, such as your name, address, email address, phone number, or location data. Children under 13 are not permitted to use the Service, and so this privacy policy makes no provision for children's use of the Service.

    Information we collect

    Account Information

    When you create an account, we collect:

    • Name - To identify you within your organization and on ICS forms
    • Email address - For account authentication, notifications, and communications
    • Phone number (optional) - For emergency alerts
    • Organization membership - To connect you with your department(s)
    • Role and qualifications - For ICS position assignments and certifications

    FRAssistant Mobile App

    Our FRAssistant mobile application for iOS and Android collects the following additional information:

    • Location data - When you grant permission, we collect your location to show nearby incidents, coordinate with team members during emergency response, and provide location-aware alerts. You can disable location access at any time in your device settings.
    • Photos and camera - When you grant permission, we access your camera and photo library to capture incident documentation, attach images to ICS forms, and upload certification photos. Photos are only uploaded when you explicitly choose to attach them.
    • Push notification tokens - To deliver emergency alerts, incident updates, and important notifications to your device.
    • Device information - Basic device identifiers for push notification delivery and crash reporting.

    Usage and Analytics Data

    We collect analytics and crash reporting data to improve our services:

    • App usage patterns - Which features you use and how you navigate the app
    • Crash reports - Technical information when the app encounters errors
    • Performance metrics - App load times and responsiveness

    This data is collected through Firebase Analytics and Crashlytics.

    Information You Provide

    Through your use of our Services, you may provide:

    • ICS form data and incident reports
    • Activity logs and personnel tracking information
    • Certification and training records
    • Communications with other users

    This information remains your property as between EMAssistant and you (User Information). You grant EMAssistant a non-exclusive, royalty-free license to store, process, and transmit this information for the purpose of providing our Services.

    How we use your information

    We use your information to:

    • Provide, maintain, and improve our Services
    • Authenticate your identity and manage your account
    • Connect you with your organization(s) and team members
    • Deliver emergency alerts and notifications
    • Generate ICS forms and incident documentation
    • Provide location-based features during emergency response
    • Analyze usage patterns to improve our products
    • Diagnose and fix technical issues
    • Communicate with you about your account and our Services
    • Comply with legal obligations

    Information sharing and disclosure

    EMAssistant does not rent, sell, or share personal information about you with other people or nonaffiliated companies for promotional purposes.

    We may share your information in the following circumstances:

    • With your organization - Organization administrators can see member information, activity logs, and ICS form data as necessary for emergency management operations.
    • With service providers - We use third-party services to help operate our platform (see "Third-Party Services" below).
    • For legal reasons - We may disclose information to comply with subpoenas, court orders, or other legal requirements, or when your actions violate our Terms of Service.
    • For safety - To investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to physical safety.
    • In a merger or acquisition - If EMAssistant is acquired or merged, we will notify you before your information is transferred to a different privacy policy.

    Certain non-personal data may be used in an aggregated or anonymized fashion for research to improve our services and provide improved information for the emergency management community. For example, analyzing anonymized incident data to improve response time predictions.

    Third-party services

    We use the following third-party services to operate our platform:

    • Amazon Web Services (AWS) - Cloud hosting and data storage (us-east-2 region)
    • Firebase (Google) - Push notifications, analytics, and crash reporting
    • Email service providers - For sending notifications and alerts

    These services have their own privacy policies and are contractually required to protect your data. We only share the minimum information necessary for each service to function.

    Data storage and security

    Your data is stored within the United States in Amazon Web Services' cloud hosting environment (us-east-2 region). All data is encrypted in transit using TLS and encrypted at rest using AES-256.

    On mobile devices, authentication tokens are stored securely using:

    • iOS - Keychain Services
    • Android - EncryptedSharedPreferences

    While we follow industry-standard security practices, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information.

    Data retention

    We retain your personal information for as long as your account is active or as needed to provide you services.

    Due to the nature of emergency management, most operational data must be retained for legal compliance and record-keeping purposes. When you delete your account:

    Data that will be deleted

    Personal data that has not been shared with an organization will be removed:

    • Your login credentials and authentication data
    • Personal mileage log entries
    • Emergency contact information
    • Notification preferences and personal settings

    Data that will be retained

    The following data is retained for legal compliance and organizational record-keeping:

    • Audit logs - All system activity records are retained for compliance
    • Certifications - Training and certification records that were shared with an organization
    • Media files - Photos, documents, and other files shared with an organization or attached to an incident
    • ICS forms and incident records - Any information you provided on forms attached to incidents, including your name and role assignments

    We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

    Your rights and choices

    Access and update your information

    You can access and update your personal information at any time through your account settings in the app or web application.

    Delete your account

    You can request deletion of your account at any time:

    Account deletion removes your login access and personal data not shared with organizations. See "Data retention" above for details on what data is deleted versus retained for legal compliance.

    Control permissions

    You can control what data our mobile app can access through your device settings:

    • Location - Enable or disable in device settings
    • Camera and photos - Enable or disable in device settings
    • Push notifications - Enable or disable in device settings

    Disabling certain permissions may limit functionality. For example, disabling location will prevent location-based incident alerts.

    Withdraw consent

    You can withdraw consent for data collection at any time by adjusting your device permissions or deleting your account.

    Single Sign-On

    You can log in to EMAssistant using supported single sign-on providers. These services authenticate your identity and may share certain information with us (such as your name and email address) with your permission. We do not receive or store your password from these services.

    Links to other sites

    Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review the privacy policies of any site you visit.

    Children's privacy

    Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.

    Changes to this policy

    We may update this policy at any time. We will notify you of significant changes by posting a notice on our website or sending you an email. We encourage you to periodically review this page for the latest information on our privacy practices.

    Contact us

    If you have questions about this privacy policy or our data practices, please contact us through our Contact page.