Privacy Policy

1. Introduction

This Privacy Policy explains how Fire Call, LLC ("Fire Call," "we," "us," or "our") collects, uses, shares, and protects information about you when you use our website, mobile experiences, and services (collectively, the "Service").

This Privacy Policy applies to property owners, contractors, insurance agency staff, and public visitors who interact with Fire Call directly. If you submitted information through a public inspection link issued by an insurance agency without creating a Fire Call account, the Inspection Privacy Notice & Consent also applies to you, and the agency is the controller of your inspection information.

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service.

2. Information We Collect

We collect information in the following categories:

Information you provide to us.

• Account information: name, email address, phone number, role (property owner, contractor, agency staff). Authentication is performed through an external identity provider (see "Information from third parties" below); we do not store passwords.
• Profile information: business name, address, license numbers, insurance certificates, service area, biographical information you choose to share
• Property information: addresses, photos, descriptions of structures, vegetation, and other features relevant to wildfire risk
• Inspection information: photos, hazard descriptions, identified risks, notes, and other content you submit during an inspection
• Quote and job information: scope of work requested, pricing, scheduling, communications about jobs in progress
• Payment information: payment method details (handled by our payment processor, Stripe; we do not store full card numbers)
• Communications: messages you send to us, customer support inquiries, feedback, survey responses

Information we collect automatically.

• Device and connection information: IP address, browser type, operating system, device identifiers
• Usage information: pages you visit, features you use, actions you take, timestamps
• Location information: approximate location derived from your IP address, and more precise location data from photos or device GPS if you enable that
• Cookies and similar technologies: session cookies, authentication tokens, and other browser storage used to keep you signed in and to remember preferences. We do not use analytics, advertising, or behavioral-tracking cookies. See Section 6 for details.
• Security forensics: to detect and prevent unauthorized access and abuse, we log failed sign-in attempts (including the email address provided and the IP address and browser of the device used to make the attempt), rate-limit violations on sensitive endpoints (authentication, one-time-passcode delivery, and public form submissions), and replay attempts against expired or capped authentication tokens. These records are retained for security investigation and fraud prevention and may exist even where the attempted email does not match a Fire Call account.
• Email delivery metadata: when we send you a transactional email (account activity, inspection updates, payment receipts, one-time passcodes, and similar messages), we log delivery metadata including the recipient address, subject line, timestamp, delivery status (sent, failed, bounced), and the identifier returned by our email delivery provider. We do not retain the body of those emails. This metadata supports deliverability, customer support, and compliance review.

Information from third parties.

• From insurance agencies: when an agency issues an inspection link or invites staff to use the Service, the agency may share your contact information and property details with us
• From authentication providers: if you sign in using Google, Microsoft, or another provider, we receive your name, email address, and (in some cases) profile photo from that provider

3. How We Use Information

We use information to:

• Provide, operate, maintain, and improve the Service
• Process inspections, quotes, and remediation work
• Match property owners with vetted contractors for remediation
• Communicate with you about your account, inspections, jobs, payments, and customer support
• Send transactional notifications (account activity, inspection updates, job status, payment receipts)
• Send marketing communications, only if and when we develop such a program and only with your prior opt-in; you would be able to opt out at any time. We do not currently send marketing communications.
• Verify your identity and prevent fraud, abuse, and unauthorized access
• Vet contractors, including reviewing licensing and insurance documents that the contractor provides to us
• Maintain records required by law and our recordkeeping obligations to insurance agencies
• Comply with legal obligations, respond to lawful requests, and enforce our Terms
• Produce aggregated operational statistics (such as counts of users, agencies, and inspections) to monitor and improve the Service
• Train, evaluate, and improve the automated systems used to support the Service, using de-identified or aggregated data where feasible. This use is also subject to the content-license terms in our Terms of Service.

4. Automated Decision-Making and AI

The Service uses automated tools and artificial intelligence to support its operations. We use AI to extract text and structured data from inspection-related documents — for example, parsing existing carrier inspection reports to identify hazards listed in those reports — and to assist with generating PDF outputs.

Automated tools support, but do not replace, decisions made by humans. A human reviewer at Fire Call, the relevant insurance agency, or a contractor reviews automated outputs before any decision that materially affects you, your property, or your insurance.

We use third-party AI providers, including Google (Gemini), to perform some of this processing. These providers act as service providers and are contractually prohibited from using your information for their own purposes. Today, Fire Call relies primarily on these providers' existing models through their APIs rather than training its own. Consistent with the content-license terms in our Terms of Service, however, we may also use Your Content — including de-identified and aggregated derivatives of it where feasible — to train, evaluate, and improve automated systems used to support the Service, including internal quality assurance and dispute resolution.

5. How We Share Information

We share information in the following circumstances:

With insurance agencies. If your inspection was issued by an insurance agency, we share the inspection results and related information with that agency, which uses the information for its own purposes as the controller of the inspection.

With contractors. If you engage Fire Call to perform remediation work, we share the information necessary for the contractor to perform the work, including your name, contact information, property address, and relevant inspection details.

With service providers. We share information with vendors who help us operate the Service. Our current service providers include:

• Amazon Web Services — cloud infrastructure (database, file storage, compute)
• Google (Firebase) — authentication and identity verification
• Google (Gemini) — AI-assisted processing
• Stripe — payment processing
• DocuSign — electronic signature for contracts
• Resend — transactional email delivery
• Mapbox — mapping and geocoding
• Railway — application hosting
• Twilio — SMS delivery

These service providers are bound by contract to use information only to perform the services they provide to us. A current list is maintained at /subprocessors.

For legal reasons. We may disclose information when required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect rights, property, or safety, prevent fraud or abuse, or respond to a government request.

In business transfers. If Fire Call is involved in a merger, acquisition, financing, sale of assets, or bankruptcy, information may be transferred as part of that transaction. We will notify you of any change in control affecting your information.

With your consent. We may share information for other purposes with your explicit consent.

Aggregated and de-identified information. We may share aggregated or de-identified information that does not reasonably identify you for analytics, research, marketing, and other business purposes.

We do not sell personal information. We do not sell your personal information in exchange for money. We do not share your personal information for cross-context behavioral advertising (as those terms are defined under California law).

6. Cookies and Tracking

We use cookies and similar technologies for authentication, session management, security, and preferences. Cookies are small files stored on your device that allow the Service to recognize you between visits. We also use browser-side storage technologies including local storage, session storage, and IndexedDB (which our authentication provider uses to keep you signed in).

We use the following categories of cookies and similar technologies:

• Strictly necessary: required for the Service to function, including authentication tokens, the application's sign-in indicator, and (for the public inspection flow) an HTTP-only session cookie issued after one-time-passcode verification
• Functional: remember your preferences and settings, such as your theme (light or dark), whether your dashboard sidebar is collapsed, dismissals of in-product help cards, an address you entered on the landing page so the signup flow can carry it forward, and short-lived tokens used to complete an invitation acceptance after an OAuth redirect

No analytics or advertising cookies. Fire Call does not currently use cookies, web beacons, pixels, or similar technologies for analytics, audience measurement, targeted advertising, or cross-context behavioral advertising. We have not installed Google Analytics or any comparable analytics product on the Service. If we ever begin to use any such technology, we will update this Privacy Policy and the Cookie Notice and provide a clear way for you to opt out before any such cookies or trackers are deployed.

You can configure your browser to block or alert you to cookies, but doing so may prevent parts of the Service from working. We do not currently respond to "Do Not Track" browser signals in a uniform way; this Privacy Policy describes our practices regardless of any Do Not Track signal.

7. How We Protect Information

We use administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, disclosure, alteration, or destruction. These measures include encryption in transit and at rest, role-based access controls, audit logging, multi-factor authentication for administrative access, and routine security review. No system is completely secure, but we work to maintain a level of protection appropriate to the sensitivity of the information.

8. How Long We Keep Information

We retain information for as long as needed to provide the Service, meet legal and regulatory obligations, resolve disputes, and enforce our agreements. Specific retention practices include:

• Agency account information: retained while your agency subscription is active and through the wind-down schedule described under "Agency account lifecycle" below
• Other account information (property owners, contractors): retained while your account is active and for a reasonable period afterward to handle wind-down, disputes, and legal obligations
• Inspection records and hazard photos: retained consistent with insurance industry recordkeeping standards, typically at least seven (7) years, in line with the practices of the insurance agency that issued the inspection (where applicable)
• Remediation job records: retained for at least seven (7) years for warranty, liability, and tax purposes
• Payment records: retained as required by tax and financial recordkeeping laws (typically seven years)
• Contractor records, including licensing and insurance documentation: retained for the duration of platform participation and a reasonable period afterward
• Communications: retained as needed to provide customer support and as part of records of the underlying transaction
• Analytics, security, and audit logs: retained as needed for security, fraud prevention, and operational analysis
• Email delivery metadata: recipient address, subject line, delivery status, and timestamp for each transactional email sent by the Service, retained for ninety (90) days from the date of sending, then deleted or anonymized. Email bodies are not retained.

Agency account lifecycle. If an agency's subscription becomes past-due — because a renewal charge fails, or because a free trial ends without a payment method on file — Fire Call follows a defined wind-down schedule before any data is removed:

• Days 1 through 30 — past-due. Portal access is paused. We send reminder emails. At any point, an agency administrator can add a working payment method to clear the past-due cycle and restore access immediately. The in-product data export remains available throughout this window.
• Days 31 through 90 — locked. The account is marked locked. Portal access remains restricted, but the in-product data export remains available. We send a 7-days-before-lock and a 7-days-before-deletion reminder during this window. Adding a payment method during this window also restores access.
• Day 91 — soft deletion. The account is marked deleted. We send a goodbye email confirming the soft deletion and the date of permanent deletion. The data is retained, but the account is no longer accessible through the Service and the in-product export feature is no longer reachable. An administrator may still recover the account by contacting Fire Call support during this window.
• Day 121 — permanent deletion. The agency record and associated data are permanently deleted from production systems, except records subject to a specific retention requirement identified above (for example, insurance recordkeeping, payment records, or records subject to a legal hold) and except for de-identified or aggregated data that no longer identifies you. After this point, data is not recoverable.

If an agency cancels its subscription voluntarily (not through the past-due lifecycle), the agency's account is retained for a reasonable period to handle wind-down, then deleted under the same schedule unless the agency requests an extended-retention arrangement under the Agency Master Services Agreement.

When retention periods end, we delete information or anonymize it so it can no longer reasonably identify you. We may retain de-identified or aggregated information indefinitely. We may also retain information longer than the periods above when required by law, when there is a pending or threatened legal claim, or when there is a legitimate ongoing business need to do so.

Deletion at your request. If you exercise your right to delete (see Section 9), we will delete your information promptly even where a longer retention period would otherwise apply, except for records we are required by law to retain, records subject to an ongoing or threatened legal matter, and de-identified or aggregated data that no longer identifies you.

9. Your Privacy Rights

Depending on where you live, you may have rights regarding your personal information under applicable privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Colorado Privacy Act, the Virginia Consumer Data Protection Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and similar laws in other states.

These rights may include:

• Right to know. The right to know what categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
• Right to access. The right to receive a copy of your personal information.
• Right to correct. The right to request that we correct inaccurate personal information about you.
• Right to delete. The right to request that we delete personal information about you, subject to exceptions for information we are required or permitted to keep (for example, to comply with law, complete a transaction, prevent fraud, or maintain insurance recordkeeping obligations).
• Right to opt out. The right to opt out of certain uses or sharing of your personal information. We do not sell personal information or share it for cross-context behavioral advertising, so there is nothing for you to opt out of in those categories, but you may still submit a request to confirm this.
• Right to limit use of sensitive personal information. Where applicable law gives you this right, you may limit how we use any sensitive personal information we collect.
• Right against discrimination. You have the right not to receive discriminatory treatment for exercising any of your privacy rights.
• Right to appeal. Where applicable law gives you this right, if we deny a privacy request, you may appeal that decision by replying to our response or contacting us at the address below.

How to exercise your rights. To exercise any of these rights, contact us at legal@firecall.us. We will verify your identity before fulfilling the request, typically by confirming information associated with your account or by asking you to confirm a one-time code sent to your registered email address or phone number. We will respond within the time required by applicable law (typically within 45 days, extendable in some cases).

Authorized agents. You may designate an authorized agent to submit a request on your behalf. We will require proof that the agent is authorized and may require you to verify your identity directly.

Inspection-specific information. If your information was submitted through an inspection link issued by an insurance agency, the agency is the controller of that information. Direct requests to access, correct, or delete inspection information to the agency. If you contact us directly, we will pass the request to the agency and help fulfill it on the agency's behalf.

10. Choices and Communications

Account settings. You can review and update much of your account information directly in the Service. Some changes (such as deleting your account) may require contacting us or using the account-deletion option within the Service.

Email. Transactional emails (account activity, inspection updates, job status, payment receipts) are necessary to provide the Service and you cannot unsubscribe from them while your account is active. Marketing emails, if we develop them in the future, will include an unsubscribe link.

SMS. Fire Call uses SMS only to deliver one-time passcodes for identity verification in the public inspection flow, through our communications provider, Twilio. SMS is not used for marketing, promotions, or status updates. You can reply STOP to any Fire Call SMS to opt out at any time; doing so will prevent us from delivering verification codes by text, but you may verify your identity by email instead.

Cookies. You can configure your browser to block or alert you to cookies. Blocking strictly necessary cookies will prevent parts of the Service from functioning, including sign-in and the public inspection flow.

11. Children

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at legal@firecall.us and we will take appropriate steps to delete it. If you are a parent or guardian and become aware that your child has provided information to the Service, contact us so we can address the matter promptly.

12. Users Outside the United States

The Service is operated from and intended for users in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where privacy laws may differ from those in your country. By using the Service, you consent to that transfer.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will publish the updated version at a new version-specific URL (for example, /privacy/v4-YYYY-MM-DD) and note the new effective date. The version of this Privacy Policy in effect when you accepted it remains accessible at its version-specific URL. For non-material changes, the updated version takes effect immediately. For material changes — including changes to the categories of information we collect, how we use information, or with whom we share it — we will provide reasonable advance notice (typically at least thirty (30) days) by email or in-product notice. Your continued use of the Service after the effective date constitutes acceptance.

14. Contact

For questions, requests, or concerns about this Privacy Policy or our handling of your information, contact:

Fire Call, LLC
Email: legal@firecall.us