Privacy Policy

1. Introduction

IgnisTrack Ltd ("we", "us", "our") operates the IgnisTrack:Door mobile application for iOS and Android, and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, Apple's App Store Guidelines, Google Play's User Data Policy, and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

Account Information:

• Full name
• Email address
• Password (encrypted, never stored in plain text)
• Company name (if joining a company account)

Survey and Inspection Data:

• Fire door inspection records and measurements
• Component inspection results and defect codes
• Photos of fire doors, components, and defects
• Survey notes and observations
• Site and door location descriptions within buildings
• Door reference numbers and QR codes

2.2 Information Collected Automatically

Device Information:

• Device type and model (e.g., iPhone 15, Samsung Galaxy S24)
• Operating system and version (e.g., iOS 17.2, Android 14)
• App version number
• Device identifiers (anonymised for analytics)
• Device language and region settings

App Usage Analytics (via Google Firebase Analytics):

• Screens viewed and navigation patterns within the app
• Features used (surveys, QR codes, reports, sync)
• Survey start, completion, and submission events
• Button taps and user interactions
• Session duration and frequency of app use
• Sync performance and success/failure rates

This analytics data is linked to your user account identifier to help us understand how you use the app and improve our services. We do not use this data for advertising purposes.

Crash and Error Reporting (via Sentry):

• Crash logs and stack traces when the app encounters an error
• Screenshots at the time of crash (for debugging purposes only)
• App state and memory information at time of error
• Device and OS information related to the crash
• Breadcrumb trail of actions leading to the crash

Crash reports are automatically scrubbed to remove any personal information such as email addresses before transmission. Screenshots captured during crashes are used solely for debugging and do not intentionally capture personal data.

2.3 Information We Do NOT Collect

• Precise GPS location – We do not access your device's location services
• Contacts or address book – We never access your contacts
• Calendar data – We do not access your calendar
• Biometric data – We do not collect fingerprint or face data
• Health data – We do not collect any health-related information
• Financial information – Payment processing is handled entirely by third-party processors (Stripe); we never see or store your card details
• Microphone or call data – We do not access your microphone or phone calls
• Background location tracking – We do not track your location in the background

3. How We Use Your Information

To Provide Our Services:

• Create and manage your user account
• Enable fire door surveys and inspections
• Store and sync your survey data across devices
• Generate PDF compliance reports
• Generate and manage QR codes for door identification
• Process company invitations and team management

To Improve Our Services:

• Analyze app usage patterns to improve user experience
• Identify and fix bugs and crashes
• Monitor app performance and stability
• Develop new features based on usage patterns
• Optimize sync performance and reliability

To Communicate With You:

• Send important service updates and security notices
• Respond to your support requests
• Notify you of changes to our terms or policies

4. Legal Basis for Processing (UK GDPR)

5. Data Retention

Fire door survey records are retained for 7 years minimum to comply with UK fire safety regulations, including:

• Regulatory Reform (Fire Safety) Order 2005
• Building Safety Act 2022
• BS 8214:2016 requirements

Retention periods by data type:

• Survey data and photos: 7 years minimum (regulatory requirement)
• Account information: Duration of account plus 30 days after deletion
• Analytics data: 26 months (Firebase default)
• Crash reports: 90 days (Sentry default)

Account deletion: When you delete your account, personal data is removed within 30 days. Survey data may be anonymised and retained to meet regulatory compliance requirements for fire safety records.

6. Data Sharing and Third-Party Services

We share data with the following service providers:

We also share data with:

• Your employer/company administrators (if using a company account) – they can view surveys created by team members

We do NOT:

• Sell your personal data to anyone
• Share data with advertisers or ad networks
• Use your data for targeted advertising
• Share data with data brokers
• Transfer data outside UK/EEA without adequate protections (all our service providers maintain appropriate data protection agreements)

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit: TLS 1.3 for all data transmission
• Encryption at rest: AES-256 encryption for stored data
• Local device encryption: SQLCipher encrypted database on your device
• Secure authentication: JWT tokens with automatic refresh
• Password security: Passwords are hashed using bcrypt, never stored in plain text
• Certificate pinning: Protection against man-in-the-middle attacks (release builds)
• Row-level security: Database policies ensure you can only access your own company's data

8. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

• Right of Access – Request a copy of all personal data we hold about you
• Right to Rectification – Correct any inaccurate or incomplete data
• Right to Erasure – Request deletion of your personal data (subject to legal retention requirements)
• Right to Data Portability – Export your data in JSON, CSV, or PDF format
• Right to Object – Object to processing based on legitimate interests (including analytics)
• Right to Restrict Processing – Request limitation of how we process your data

To exercise any of these rights, email privacy@ignistrack.com. We will respond within 30 days.

You can also export your data directly from the app or web dashboard at any time.

9. Analytics Opt-Out

While analytics help us improve the app, we respect your choice to opt out:

• Firebase Analytics: You can limit ad tracking in your device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads)
• Crash Reporting: Contact us at privacy@ignistrack.com to request disabling crash reporting for your account

Note: Some basic analytics may still be collected by Apple (App Store) or Google (Play Store) as part of their platform services, which is outside our control.

10. Website Cookies

Our marketing website (ignistrack.com) uses cookies and similar technologies. This section applies to website visitors, not the mobile app.

Cookies we use:

Managing cookies:

• Most browsers allow you to refuse or delete cookies via settings
• You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on
• Disabling cookies may affect some website functionality

Legal basis: We rely on legitimate interests for analytics cookies to understand how visitors use our website and improve our services. You can object to this processing by blocking cookies in your browser.

11. Children's Privacy

IgnisTrack is a professional tool intended for use by fire safety professionals and is not directed at children.

• Users must be at least 16 years of age to create an account
• We do not knowingly collect personal information from children under 16
• If we discover we have collected data from a child under 16, we will delete it promptly

If you believe a child has provided us with personal information, please contact us at privacy@ignistrack.com.

12. International Data Transfers

Your data may be processed by our service providers in the following locations:

• Supabase: European Union
• Firebase Analytics: United States (Google LLC)
• Sentry: United States

Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the UK ICO
• Data Processing Agreements with all service providers
• Verification that recipients maintain adequate security measures

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For significant changes, we will notify you by in-app notification or email
• Continued use of the app after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

14. Contact Us

For privacy-related questions or to exercise your rights:

• Privacy enquiries: privacy@ignistrack.com
• General support: support@ignistrack.com

Supervisory Authority: If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).