Privacy Policy | IgnisTrack

1. Introduction

IgnisTrack Ltd ("we", "us", "our") operates the IgnisTrack:Survey mobile application for iOS and Android, the IgnisTrack:Manage web dashboard, and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, Apple's App Store Guidelines, Google Play's User Data Policy, and other applicable data protection laws.

Data Controller:

IgnisTrack Ltd
Company Registration No: 16949833
SA12 Business Centre
Seaway Parade, Baglan Energy Park
Port Talbot, SA12 7BR
United Kingdom
Email: privacy@ignistrack.com

2. Information We Collect

2.1 Information You Provide

Account Information:

Full name
Email address
Password (encrypted, never stored in plain text)
Company name (if joining a company account)

Survey and Inspection Data:

Fire door inspection records and measurements
Component inspection results and defect codes
Photos of fire doors, components, and defects
Survey notes and observations
Site and door location descriptions within buildings
Door reference numbers and QR codes

2.2 Information Collected Automatically

Device Information:

Device type and model (e.g., iPhone 15, Samsung Galaxy S24)
Operating system and version (e.g., iOS 17.2, Android 14)
App version number
Device identifiers (anonymised for analytics)
Device language and region settings

App Usage Analytics (via Google Firebase Analytics):

Screens viewed and navigation patterns within the app
Features used (surveys, QR codes, reports, sync)
Survey start, completion, and submission events
Button taps and user interactions
Session duration and frequency of app use
Sync performance and success/failure rates

This analytics data is linked to your user account identifier to help us understand how you use the app and improve our services. We do not use this data for advertising purposes.

Crash and Error Reporting (via Sentry):

Crash logs and stack traces when the app encounters an error
Screenshots at the time of crash (for debugging purposes only)
App state and memory information at time of error
Device and OS information related to the crash
Breadcrumb trail of actions leading to the crash

Crash reports are automatically scrubbed to remove any personal information such as email addresses before transmission. Screenshots captured during crashes are used solely for debugging and do not intentionally capture personal data.

2.3 Location (Optional, Photo Evidence Only)

When you capture a photo during a fire door survey, the app may attach GPS coordinates to that photo as metadata — exclusively to strengthen the integrity of the inspection record under the Building Safety Act 2022 "golden thread" obligations. Location access is optional: if you decline the permission, the app continues to work normally and photos are stored without coordinates.

Only captured at the moment a photo is taken (never in the background)
Only attached to that specific photo as evidence metadata
Never used for tracking, advertising, or analytics
You can revoke location access at any time via your device settings

2.4 Information We Limit or Do Not Collect

Background location tracking – Location is only accessed at the moment you capture a survey photo (see §2.3). We never access location in the background or while the app is closed.
Contacts or address book – We never access your contacts
Calendar data – We do not access your calendar
Biometric data – We do not access fingerprint, Face ID, or any biometric sensor
Health data – We do not collect any health-related information
Financial information – Payment processing is handled entirely by third-party processors (Stripe); we never see or store your card details
Microphone or call data – We do not access your microphone or phone calls

3. How We Use Your Information

To Provide Our Services:

Create and manage your user account
Enable fire door surveys and inspections
Store and sync your survey data across devices
Generate PDF compliance reports
Generate and manage QR codes for door identification
Process company invitations and team management

To Improve Our Services:

Analyze app usage patterns to improve user experience
Identify and fix bugs and crashes
Monitor app performance and stability
Develop new features based on usage patterns
Optimize sync performance and reliability

To Communicate With You:

Send important service updates and security notices
Respond to your support requests
Notify you of changes to our terms or policies

4. Legal Basis for Processing (UK GDPR)

Purpose	Legal Basis
Account creation and management	Contract performance
Fire door survey data processing	Contract performance
App usage analytics (Firebase)	Legitimate interests (improving services)
Crash reporting (Sentry)	Legitimate interests (app stability)
Legal compliance and record-keeping	Legal obligation
Service communications	Contract performance

5. Data Retention

Fire door survey records are retained indefinitely for the lifetime of the building in order to comply with the Building Safety Act 2022 "golden thread" obligation, alongside:

Regulatory Reform (Fire Safety) Order 2005
Building Safety Act 2022 (indefinite digital record of building safety information)
BS 8214:2026 requirements

Retention periods by data type:

Survey data and photos: retained indefinitely (Building Safety Act 2022 — life of building)
Audit logs and inspection records: retained indefinitely (append-only, never deleted)
Account information: duration of account plus 30 days after deletion
Analytics data: 26 months (Firebase default)
Crash reports: 90 days (Sentry default)

Account deletion: When you delete your account, personal identification data (name, email) is removed within 30 days. The underlying inspection records are anonymised rather than deleted — your name is detached from surveys, but the fire safety records themselves remain on file to satisfy Building Safety Act golden-thread obligations for the responsible person of the building. This approach meets both UK GDPR (personal data removed) and fire safety regulations (inspection evidence preserved).

6. Data Sharing and Third-Party Services

We share data with the following service providers:

Supabase (Database & Authentication)

Hosts our database and handles user authentication. Data stored in EU data centres.

Google Firebase Analytics

Provides app usage analytics to help us understand how the app is used and improve our services. Analytics data is linked to anonymised user identifiers.

Sentry (Error Monitoring)

Captures crash reports and error logs to help us identify and fix bugs. Personal information is automatically scrubbed from reports.

Stripe (Payment Processing)

Handles all payment processing for subscriptions. We never see or store your payment card details.

Resend (Transactional Email)

Delivers welcome emails, milestone notifications, trial reminders, daily digests, and other service emails. Receives your email address, name, and the specific email content. US-based with EU data-processing agreements.

Microsoft Clarity (Session Recordings & Heatmaps)

On www.ignistrack.com and qr.ignistrack.com only (never inside the mobile app or :Manage dashboard). Records aggregated user-interaction sessions — clicks, scrolls, navigation paths — to help us understand how visitors use the site. Loaded only after you accept cookies. Microsoft is a US-based subprocessor.

Google Analytics & Google Ads (Marketing Sites)

On the marketing site (www.ignistrack.com) and public QR landing pages (qr.ignistrack.com) only. Used for traffic measurement and advertising-conversion tracking via Google Ads. IP anonymisation enabled, ads-data redaction enabled. Loaded only after you accept cookies. Not used inside :Survey or :Manage.

We also share data with:

Your employer/company administrators (if using a company account) – they can view surveys created by team members

We do NOT:

Sell your personal data to anyone
Share survey, door, or photo data with advertisers — Google Ads conversion tracking only sees marketing-site signup events, never your inspection records
Use your inspection data for targeted advertising
Share data with data brokers
Transfer data outside UK/EEA without adequate protections — Microsoft, Google, Stripe, Sentry, and Resend operate under standard contractual clauses; Supabase data sits in EU data centres

7. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit: TLS 1.3 for all data transmission
Encryption at rest: AES-256 encryption for stored data
Local device encryption: SQLCipher encrypted database on your device
Secure authentication: JWT tokens with automatic refresh
Password security: Passwords are hashed using bcrypt, never stored in plain text
Certificate pinning & hostname allowlisting: Outbound traffic from the mobile app is restricted to our known Supabase hosts; certificate pinning protects direct outbound HTTPS calls (release builds)
Row-level security: Database policies ensure you can only access your own company's data

8. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

Right of Access – Request a copy of all personal data we hold about you
Right to Rectification – Correct any inaccurate or incomplete data
Right to Erasure – Request deletion of your personal data (subject to legal retention requirements)
Right to Data Portability – Export your data in JSON, CSV, or PDF format
Right to Object – Object to processing based on legitimate interests (including analytics)
Right to Restrict Processing – Request limitation of how we process your data

To exercise any of these rights, email privacy@ignistrack.com. We will respond within 30 days.

You can also export your data directly from the app or web dashboard at any time.

9. Analytics Opt-Out

While analytics help us improve the app, we respect your choice to opt out:

Firebase Analytics: You can limit ad tracking in your device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads)
Crash Reporting: Contact us at privacy@ignistrack.com to request disabling crash reporting for your account

Note: Some basic analytics may still be collected by Apple (App Store) or Google (Play Store) as part of their platform services, which is outside our control.

10. Website Cookies

Our marketing website (ignistrack.com) uses cookies and similar technologies. This section applies to website visitors, not the mobile app.

Cookies we use:

Cookie	Purpose	Duration	Type
_ga	Google Analytics – distinguishes users	2 years	Analytics (consent required)
_ga_*	Google Analytics 4 – maintains session state	13 months	Analytics (consent required)
_gcl_au	Google Ads – tracks signup conversions from ad clicks	90 days	Advertising (consent required)
_clck, _clsk	Microsoft Clarity – session recording and heatmap correlation	1 year (_clck), 1 day (_clsk)	Analytics (consent required)
ignistrack_cookie_consent	Remembers your cookie-banner choice	Persistent (localStorage)	Strictly necessary

Managing cookies:

Most browsers allow you to refuse or delete cookies via settings
You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on
Disabling cookies may affect some website functionality

Legal basis: We rely on legitimate interests for analytics cookies to understand how visitors use our website and improve our services. You can object to this processing by blocking cookies in your browser.

11. Children's Privacy

IgnisTrack is a professional tool intended for use by fire safety professionals and is not directed at children.

Users must be at least 16 years of age to create an account
We do not knowingly collect personal information from children under 16
If we discover we have collected data from a child under 16, we will delete it promptly

If you believe a child has provided us with personal information, please contact us at privacy@ignistrack.com.

12. International Data Transfers

Your data may be processed by our service providers in the following locations:

Supabase: European Union
Firebase Analytics: United States (Google LLC)
Sentry: United States

Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the UK ICO
Data Processing Agreements with all service providers
Verification that recipients maintain adequate security measures

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

We will update the "Last Updated" date at the top of this policy
For significant changes, we will notify you by in-app notification or email
Continued use of the app after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

14. Contact Us

For privacy-related questions or to exercise your rights:

Privacy enquiries: privacy@ignistrack.com
General support: support@ignistrack.com

IgnisTrack Ltd

SA12 Business Centre
Seaway Parade, Baglan Energy Park
Port Talbot, SA12 7BR
United Kingdom

Supervisory Authority: If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

App Store Data Collection Summary

For transparency, here is a summary of the data types collected by IgnisTrack as required by Apple App Store and Google Play Store:

Data Type	Collected	Linked to Identity	Used for Tracking
Name	Yes	Yes	No
Email Address	Yes	Yes	No
Photos	Yes	Yes	No
User Content (Surveys)	Yes	Yes	No
User ID	Yes	Yes	No
Device ID	Yes	No	No
Product Interaction	Yes	Yes	No
Crash Data	Yes	No	No
Performance Data	Yes	No	No
Other Diagnostic Data	Yes	No	No

Note: "Tracking" refers to linking user or device data with third-party data for targeted advertising or advertising measurement purposes. IgnisTrack does not engage in tracking.

Regulatory Disclaimer

IgnisTrack is a tool to assist with fire safety record-keeping. The Responsible Person (as defined in the Regulatory Reform (Fire Safety) Order 2005) remains legally responsible for fire safety compliance. IgnisTrack does not provide fire safety advice, certification, or guarantee compliance with regulations.