FDLegacy Privacy Policy

1. Who We Are

FDLegacy is a product of SOAR Consulting Group, LLC ("SOAR," "we," "us," or "our"), a limited liability company based in the United States. FDLegacy is developed in partnership with the Vision 20/20 Project, a project of the Institution of Fire Engineers, USA Branch.

If you have questions about this Privacy Policy, contact us at: support@soarcg.com

2. What Information We Collect

We collect only the information necessary to operate FDLegacy:

• Account information: Email address and password (stored via Supabase Auth with encrypted passwords).
• Profile information: Name, rank, department, state, department type, primary role, and career start date — all voluntary.
• Journal entries: Text, dates, category fields, and optional photos you create within the app. This is your personal record.
• Push notification token: An anonymous device token used to deliver notifications you have opted into. Cleared when you sign out.
• Aggregate anonymous analytics: Daily snapshots of aggregate counts including total registered users, users by state, department type distribution, entry category distribution, and monthly active user counts. No individual is identified in analytics data.

3. What We Do Not Collect

• We do not collect precise location data.
• We do not collect device identifiers beyond the push notification token.
• We do not collect usage analytics that identify individual behavior.
• We do not collect payment information. FDLegacy is free to download and use.

4. How We Use Your Information

• To provide the service: Your account, profile, and entries are used solely to operate FDLegacy for you.
• To deliver notifications: Your push token is used only to send notifications you have enabled in your profile settings.
• To generate your Year in Review: When you initiate a Year in Review, your entries are processed as described in Section 6 below.
• To measure app growth: Aggregate anonymous analytics are used for internal reporting, grant documentation, and sponsor communications. No individual data is used for these purposes.

5. Data Storage and Security

All user data is stored on secure US-based cloud infrastructure provided by Supabase, which operates on Amazon Web Services (AWS) data centers located in the United States. Data is encrypted in transit (TLS) and at rest. Row-level security policies ensure that each user can only access their own data.

Photos attached to entries are stored in a private Supabase storage bucket. Access requires a time-limited signed URL generated at the time of viewing. Photos are not publicly accessible.

6. AI-Powered Year in Review

FDLegacy offers an optional AI-powered Year in Review feature that generates a narrative summary of your entries for a selected calendar year. This feature is powered by the Claude AI system, developed by Anthropic, PBC.

Before any content is transmitted to the AI system, the following de-identification is applied on your device:

• Your name is replaced with a neutral token.
• Department and agency names are replaced with generic references.
• Station identifiers are generalized.
• Colleague and supervisor names are replaced with role-based tokens.
• Specific addresses are generalized to city or region level.
• Badge numbers are stripped entirely.

The AI system processes only this anonymized content. The generated narrative is returned to your device, where your real details are reinserted locally before display and export. The AI never processes your identifying information.

This feature is entirely opt-in. Anthropic's privacy practices govern the processing of de-identified content on their servers. For more information, visit anthropic.com/privacy.

7. Data Sharing

We do not sell, rent, or share your personal data with third parties except as follows:

• Supabase: Our database and storage infrastructure provider.
• Anthropic: Receives de-identified entry content only when you initiate a Year in Review generation.
• Expo / EAS: Delivers push notifications via the Expo Push Notification service.
• Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of SOAR Consulting Group or others.

We do not share your data with your fire department, employer, union, or any government agency except as required by law.

8. Your Rights and Controls

• Access: You can view all of your profile and entry data within the app at any time.
• Deletion: You can delete individual entries at any time within the app. To request deletion of your account and all associated data, contact support@soarcg.com.
• Notifications: You can enable or disable each notification type individually in your Profile settings.
• Data portability: You can export your Exposure Log as a PDF at any time from the Profile screen.

9. Data Retention

Your data is retained as long as your account is active. If you request account deletion, all personal data including profile information, journal entries, and photos will be permanently deleted within 30 days. Aggregate anonymous analytics snapshots do not contain personal data and are retained indefinitely for historical reporting purposes.

10. Children's Privacy

FDLegacy is intended for use by adult fire service professionals. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has created an account, contact us at support@soarcg.com and we will promptly delete the account.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page. Continued use of FDLegacy after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

SOAR Consulting Group, LLC
Email: support@soarcg.com
Website: soarcg.com