Privacy Policy · 911 Command LLC

Plain answers about your data.

911 Command builds tools for people who work emergencies for a living. The operational data you put into our products — incident records, personnel information, staffing details, equipment status — is sensitive by nature. This policy explains exactly what we collect, what we do with it, and what we never will. We do not sell, rent, or monetize personal data. Ever.

Effective: May 26, 2026 · Last updated: May 26, 2026

Privacy at a glance

The whole policy, across all 911 Command products, in eight cells. Full detail below.

We collect
Only what's needed to run our products
We don't sell
Your data to advertisers or brokers
We don't track
You across apps, devices, or websites
We don't analyze
Operational or personnel content for any purpose
We use
Aggregate, de-identified usage signals to fix bugs and improve products
Your org owns
All operational data your organization enters
Encryption
In transit (TLS 1.2+) and at rest (AES-256)
You can
Export or delete your data at any time
Products covered by this policy
ResponderOS Active
CommandKit Active
EmergencyComms In Development
FireRescueShifts Coming Soon
StationLink Coming Soon
911command.com Website Web

01Who we are

911 Command LLC (referred to as "911 Command," "we," "us," or "our" in this policy) is a Virginia limited liability company that develops operational software, communications tools, command systems, and connected-station technology for emergency services and field operations. Our products are designed for fire departments, EMS agencies, emergency management organizations, and tactical teams.

911 Command is both the data controller for information collected through our products and the parent company of all product brands listed in this policy. For any privacy question, contact us at privacy@911command.com.

02Scope of this policy

This policy applies to all products and services operated by 911 Command LLC, including:

  • ResponderOS — unified field operations platform for fire and EMS agencies
  • CommandKit — incident command and field coordination platform (standalone or embedded in ResponderOS)
  • EmergencyComms — RF/LoRa mesh communications platform (currently in development)
  • FireRescueShifts (FRS) — scheduling and workforce operations platform (coming soon)
  • StationLink — IoT-enabled smart station and facility automation platform (coming soon)
  • The 911command.com website — including contact forms and beta interest signups

Each product may collect different categories of data depending on its function. Where a product collects data in a meaningfully different way from the others, this policy addresses that specifically. Products that are listed as "in development" or "coming soon" do not yet collect user data. When they launch, this policy will be updated to reflect what they collect before data collection begins.

Organization administrators

If you access a 911 Command product through an organizational license — a fire department, EMS agency, or other public safety organization — your organization is the data controller for operational records you create within the product. 911 Command is a data processor acting on your organization's behalf. Organizational customers may enter into a separate Data Processing Agreement upon request.

03What we collect

Our products are built to do their jobs with as little data as necessary. The categories below cover everything we collect across all 911 Command products, why we collect it, and whether it is linked to you as an individual.

Account and identity data (all products)

Data Why we have it Linked to you?
Email address Account identifier; how you sign in Yes
Display name, rank, shift, station Identifies you to authorized colleagues within your organization Yes
Password (hashed) Sign-in credential — hashed by Firebase Authentication; we never see or store the original Yes
Device push token To deliver in-app and push notifications you have opted into Yes
Crash and diagnostic data To identify and fix software bugs — anonymized at the OS level before we receive it No

Operational content (ResponderOS & CommandKit)

Data Why we have it Linked to you?
Personnel records you create (counseling logs, evaluations, coaching notes, pass-overs) Stored and synced per your organization's operational use of the product Yes
Shift and staffing records (daily reports, hirebacks, availability) Core function of ShiftKit and StaffingKit modules Yes
Incident records (unit assignments, tasks, patient tracking, scene notes) Core function of CommandKit and SceneKit modules Yes
Fleet records (apparatus, gripes, service records, inspection checklists) Core function of FleetKit module No — linked to apparatus, not individuals
Training records (signoffs, participation, completion) Core function of TrainingKit module Yes

Scheduling data (FireRescueShifts, when launched)

FireRescueShifts will collect member scheduling information including shift assignments, availability submissions, leave requests, trade agreements, and overtime records. This data is linked to individual members within your organization. It will not be sold, shared outside your organization, or analyzed for any purpose other than operating the product.

Website data (911command.com)

Data Why we have it Linked to you?
Email address submitted via contact or beta interest forms To respond to your inquiry or add you to a product beta interest list Yes
Message content submitted via contact forms To understand and respond to your inquiry Yes

The 911command.com website does not use advertising cookies, tracking pixels, or third-party analytics that follow you across sites. We do not use Google Analytics, Meta Pixel, or similar services.

What we do not collect — across all products

  • Advertising identifiers (IDFA, GAID), tracking cookies, or cross-app identifiers
  • Health records, financial information, or government-issued ID numbers
  • Contacts, photos, microphone, or camera access — unless you explicitly attach a photo or file to a record you are creating, in which case it is stored only within that record
  • Anything from other apps on your device
  • Social media profiles or activity

04How we use it

We use the data described above only for the following purposes:

  • To operate and deliver the products. Authenticating you, storing and syncing the records you create, delivering notifications you have opted into, and providing the core product functionality your organization has licensed.
  • To improve our products. We may review aggregate, de-identified patterns of how products are used — for example, which screens load slowly, which workflows have high abandonment — to fix bugs and prioritize improvements. We do not read, analyze, process, or use the operational and personnel content you create (counseling logs, incident records, scheduling data, station notes, evaluations, etc.) for this or any other purpose.
  • To communicate with you. Sign-in confirmations, password resets, security notices, and — only if you have opted in — product update communications or beta access notifications.
  • To respond to beta interest signups. Email addresses submitted on 911command.com for product beta interest will be used only to contact you about beta access for the specific product you expressed interest in. We will not add you to unrelated mailing lists.
  • To comply with the law. If we receive a valid, legally binding request for your data, we will comply. Where legally permitted, we will notify your organization administrator before complying.

05What we don't do

This section exists because it is the part most worth being explicit about.

  • We do not sell, rent, or monetize personal data. Not to advertisers, data brokers, research firms, or anyone else — ever, across any product.
  • We do not run advertising. No banner ads, native ads, sponsored content, or ad-supported tiers exist in any 911 Command product.
  • We do not track you across other apps or websites. None of our products use Apple's App Tracking Transparency framework for cross-app tracking. We do not use advertising networks.
  • We do not read or analyze the operational content you create. Incident records, personnel evaluations, counseling logs, scheduling data, scene notes, station records, and all other content you create in our products are stored encrypted and are accessible only to you and authorized members of your organization. We do not use this content to train models, improve features, conduct research, or for any other purpose.
  • We do not share your data with anyone beyond the limited operational infrastructure providers described in Section 8.
  • We do not retain data beyond what is needed. When you or your organization deletes data, or when your account is closed, we remove it on the schedule described in Section 9.

06Location & GPS data

CommandKit includes a live situational awareness map feature that can display real-time GPS positions of units during an active incident. This feature requires location access on each device that opts into unit tracking.

How it works

  • Location access is opt-in at the device level. CommandKit will request "When In Use" location permission only when the incident map is actively open. We do not request background location or persistent location access.
  • Location data is operational and incident-scoped. GPS positions are transmitted in real time to the shared incident workspace in Firebase Realtime Database, visible only to authorized members of the active incident. Position data is not stored after the incident is closed — it exists only for the duration of the active tracking session.
  • No location history is retained. We do not log, archive, or analyze the movement history of any individual or unit. Once an incident is closed, real-time position data is cleared.
  • No advertising use. Location data is never used for advertising, profiling, or any purpose outside of the real-time incident coordination function it was collected for.
In plain terms

GPS tracking in CommandKit works like a tactical radio check — it shows where your units are right now, during an active incident, to the people working that incident. It is not a surveillance tool. It does not build a record of where you've been. When the incident is over, it's gone.

ResponderOS and other 911 Command products that do not include a live map feature do not request or use location access at all.

07IoT & sensor data (StationLink)

StationLink, when launched, will connect IoT sensors and devices in fire and EMS station facilities to provide environmental monitoring, equipment readiness tracking, and facility automation. Because this involves sensors that may detect presence, we want to be direct about how this data will be handled.

What StationLink sensors will collect

  • Environmental readings — temperature, humidity, CO levels, smoke detection — from sensors placed in station spaces. This data is facility-level; it is not linked to individual people.
  • Occupancy and presence signals — motion or occupancy sensors to determine whether spaces are occupied, for automation triggers (lighting, alerting, HVAC). Occupancy data is binary (present/not present) and is not used to track the movements or identity of specific individuals.
  • Equipment status — SCBA monitoring, apparatus bay door state, apparatus bay occupancy. Linked to equipment, not individuals.
  • Device telemetry — the operational status, connectivity, and firmware state of StationLink hardware devices installed at your facility.

What StationLink will not collect

  • Video or audio recordings of any kind
  • Biometric data
  • Individual identity from presence detection (presence sensing detects occupancy, not identity)
  • Any personal data beyond what is necessary for the operational function described above

StationLink sensor data will be stored within your organization's data partition and will be subject to the same security, retention, and access control standards as all other 911 Command product data. This section will be updated with full detail before StationLink begins collecting data from any deployed facility.

08Sharing & processors

To operate our products, we rely on a small number of trusted infrastructure providers. They process data only on our instructions and only to provide the specific service named. We do not sell or share data with advertisers, analytics vendors, data brokers, or any other third party for commercial purposes.

Google Firebase (Google LLC)

The backend infrastructure for ResponderOS, CommandKit, and all current 911 Command software products runs on Google Firebase, which provides:

  • Firebase Authentication — handles sign-in. Receives your email address and a hashed password. We never see or store the original password.
  • Cloud Firestore — stores the operational records you create. Data is encrypted at rest in Google's US-based data centers.
  • Firebase Realtime Database — used by CommandKit for real-time incident map data (GPS unit positions, live incident state). This data exists in real time only and is not permanently stored after incident closure.
  • Firebase Cloud Messaging — delivers push notifications to your device. Receives your device push token and the content of notifications we send.

Google's processing of this data is governed by the Firebase Data Processing and Security Terms. We do not use Firebase Analytics, Crashlytics, Firebase Performance Monitoring, or any other Firebase service that generates behavioral profiles or advertising identifiers.

Apple Inc. (iOS / push delivery)

Apple delivers push notifications to iOS devices through the Apple Push Notification service (APNs). Apple may also collect anonymous diagnostic information through iOS itself, governed by Apple's own privacy policy. Apple does not receive the content of your records.

Stripe (payment processing — LicenseKit)

Organizational billing for 911 Command products is processed through Stripe. When your organization completes a subscription purchase, Stripe processes payment card information on our behalf. 911 Command does not store credit card numbers. Stripe's processing is governed by their privacy policy and is PCI-DSS compliant. Stripe does not receive operational content from any 911 Command product.

Your organization (if applicable)

If you access a 911 Command product through an organizational license, operational data you create is accessible to authorized administrators within your organization under the access controls they configure. Your organization is the data controller for organizational records; 911 Command is a data processor acting on the organization's instructions. A Data Processing Agreement is available upon request.

What this means in practice

Only three external parties are ever involved in your data: Google (running our backend infrastructure), Apple (delivering push notifications on iOS), and Stripe (processing organizational billing). If you operate through an organization, your organization's authorized admins can also access records within their organization. No advertisers. No analytics vendors. No data brokers.

09Data retention

We retain data only as long as necessary to fulfill the purposes described in this policy.

  • Account data. Retained for as long as your account is active. If you delete your account, authentication records are removed within 30 days.
  • Operational records you create. Retained according to your organization's retention policy. If you use a product individually (without an organization), records are retained until you delete them or close your account.
  • Real-time incident data (CommandKit GPS / live map). Cleared at incident closure. Not archived or retained beyond the active session.
  • Beta interest email submissions (website). Retained until we notify you of beta access or you request removal, whichever comes first. We will not hold beta interest emails indefinitely.
  • Encrypted backups. Backup snapshots may retain data for up to 90 days after deletion before being permanently overwritten, as part of standard disaster recovery practice.
  • Legal holds. Where required by law, we may retain specific records longer. If this applies to your data, we will notify you unless prohibited from doing so.

10Your rights

Regardless of where you live, you can request the following at any time:

  • Access — request a copy of the data we hold about you.
  • Correction — ask us to correct inaccurate information.
  • Deletion — request deletion of your account and associated data.
  • Export — receive your data in a portable format (JSON or CSV).
  • Withdraw consent — for any optional processing you previously opted into (e.g., product update emails, beta notification lists).
  • Object — to any processing you believe is unnecessary or disproportionate.

To exercise any of these rights, email privacy@911command.com. We will respond within 30 days. We do not charge for these requests.

Residents of California, Virginia, Colorado, Connecticut, and Utah

You have additional rights under your state's consumer privacy laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA), including the right to opt out of the "sale" or "sharing" of personal information. 911 Command LLC does not sell or share personal information as defined under any of these laws. You may still exercise any of the rights listed above by contacting us directly.

11Security

Our products handle operationally sensitive information — personnel records, incident data, staffing details, and facility sensor readings. Security is not an afterthought. Our practices include:

  • Encryption in transit using TLS 1.2 or higher for all network communication across all products.
  • Encryption at rest for all stored data using Google Firebase's AES-256 encryption by default.
  • Role-based access controls at the organization level — your administrators control who can see what within your organization's data.
  • Invite-only access — no public self-registration. New users join through an invitation from an authorized administrator.
  • Audit logging of administrative actions within your organization.
  • No password storage on our end — Firebase Authentication hashes credentials; we never see or store plain-text passwords.
  • Firestore security rules enforce that data is readable and writable only by authenticated members of the correct organization — there is no cross-organization data access at the application layer.

No system is ever fully secure. If you discover a vulnerability in any 911 Command product, please report it to security@911command.com. We take security reports seriously and will respond promptly. If a breach occurs that affects your personal data, we will notify you within 72 hours of becoming aware of it, as required by applicable law.

12Children's privacy

All 911 Command products are professional tools for adult emergency services personnel. They are not directed to children under 13, and we do not knowingly collect personal information from anyone under 13 years of age. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@911command.com.

13Where data is stored

Data collected through all 911 Command products is stored in the United States, in Google Firebase data centers. If you access our products from outside the United States, your data will be transferred to and processed in the U.S. By using any 911 Command product, you consent to this transfer. We do not currently support data residency in non-US jurisdictions. If your organization requires it, contact us to discuss available options.

14Changes to this policy

When new products launch or when we make material changes to how any product handles data, we will update this policy before those changes take effect. For material changes, we will notify affected users by email and/or in-app notice. The effective date at the top of this page reflects when the current version was published. Continued use of any 911 Command product after an update constitutes acceptance of the revised policy.

As EmergencyComms, FireRescueShifts, and StationLink move from development into active deployment, this policy will be updated to reflect the specific data practices of each product before any data collection begins.