Privacy Policy

1. Who we are

"Station Pulse," "we," "us," and "our" refer to Just Develop, the operator of the Station Pulse mobile app and web service at getstationpulse.com. For questions about this policy or your information, contact support@getstationpulse.com .

2. Roles and responsibilities

Station Pulse is a service used by fire departments to manage day-to-day operations, staffing, and communication. Each department subscribes on behalf of its organization, and chiefs (department administrators) invite individual firefighters to join.

• For information that an individual user provides about themselves (their name, email, phone, and the activity they record in the app), Station Pulse generally acts as a data processor on behalf of the department, which is the data controller.
• For information about the chief who manages the subscription, account creation, and billing relationship, Station Pulse acts as a data controller.

3. Information we collect

3.1 Information you provide

• Account details: email address, password (stored as a salted hash by our authentication provider — we never see the plaintext), display name, and optionally a phone number and an avatar image.
• Department information (chiefs): department name, mailing address, station addresses, custom roles, and other organizational settings configured during setup.
• Operational data: station check-ins and check-outs (with timestamps and the station you selected); tasks you create, claim, or are assigned to; events you create or RSVP to; announcements you post; messages and content you submit through the app.
• Notification preferences: the categories you have enabled or disabled.

3.2 Information collected automatically

• Activity log: a record of significant actions taken in your department (check-ins, task completions, role changes, etc.). This is required for the department's operational and audit history.
• Push notification tokens: if you grant notification permission, we store the device push token so we can send you task assignments, event reminders, and department announcements.
• Diagnostic and crash data: if you opt in or if our error-monitoring service is enabled, we record technical errors (stack traces, device model, OS version) so we can fix bugs. We do not include the contents of your messages, passwords, or payment information in these reports.
• Server logs: our hosting providers automatically log IP addresses, browser/user agent strings, and timestamps for security and abuse-prevention purposes.

3.3 Payment information

Station Pulse does not collect or store credit card or bank-account details. When a chief subscribes, payment information is handled directly by Stripe, our payment processor. We store only the Stripe customer identifier so we can associate the subscription with the department.

3.4 Location

The Station Pulse mobile app does not currently request access to your device location. Stations are identified by the address a chief enters during setup, and check-ins are recorded against a station you choose — not a GPS reading from your device. If we add an optional location-based check-in feature in the future, we will ask for your permission first and update this policy.

4. How we use information

• To provide, operate, and maintain the Station Pulse service.
• To authenticate you, route you to the correct department, and enforce role-based access controls.
• To send transactional notifications (task assignments, event reminders, etc.).
• To provide customer support and respond to your requests.
• To detect, prevent, and respond to security incidents and abuse.
• To bill subscribing departments and to keep records required by tax and accounting laws.
• To improve the service — for example by analyzing aggregated, de-identified usage patterns to find rough spots and bugs.
• To comply with our legal obligations.

We do not sell your personal information, and we do not use your information for third-party advertising.

5. Legal bases for processing (EEA / UK)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction requiring a stated legal basis under the GDPR, we process your information on the following bases:

• Contract: to provide the service to you and your department under our Terms of Service and the department's subscription agreement.
• Legitimate interests: to operate, secure, and improve the service.
• Consent: for optional features such as push notifications, where applicable. You may withdraw consent at any time in the app's settings.
• Legal obligation: to comply with tax, accounting, and other legal requirements.

6. Sub-processors and sharing

We share information with the following categories of trusted vendors who help us run Station Pulse. Each is contractually obligated to protect the information and use it only to provide their service to us.

• Supabase (database, authentication, storage) — hosts your account and your department's data.
• Vercel (web hosting) — serves the web app and runs scheduled background jobs.
• Stripe (payments) — processes subscription payments for chiefs. Stripe's privacy practices are described at stripe.com/privacy .
• Apple Push Notification service (APNs) and Google Firebase Cloud Messaging (FCM) — deliver push notifications to your device.
• Mapbox — provides address autocomplete and geocoding when a chief enters a station address during setup.
• Expo / EAS — builds and distributes the mobile app to the App Store and Play Store.
• An error-monitoring service (e.g. Sentry) may be enabled in production for crash and performance reporting; this policy will be updated when it is.

We may also disclose information when required by law (subpoena, court order, similar legal process), to enforce our Terms of Service, or to protect the rights, safety, or property of Station Pulse, our customers, or the public. We will challenge overly broad requests when we believe it is appropriate.

7. Retention

We retain your information for as long as your account is active and your department subscribes to Station Pulse. When you delete your account (see Section 9 and /account-deletion ), your name, email, phone, and avatar are removed from your member record and your authentication credentials are deleted so you can no longer sign in.

Historical operational records (check-ins, completed tasks, role assignments, announcements, activity log entries) are retained for the department's operational and audit history but are linked to an anonymized member record — not your name or contact details. Departments rely on these records for training history, accreditation, and incident response.

Backups are retained for a limited period (typically 30 days) for disaster recovery and are then automatically expired.

8. Security

We use industry-standard safeguards to protect your information, including encryption in transit (HTTPS/TLS), encryption at rest for our managed database, hashed passwords, row-level security to enforce department isolation, role-based access controls, and optional biometric (Face ID / Touch ID) re-authentication on the mobile app. No system is perfectly secure, but we work to keep ours that way.

9. Your rights and choices

Depending on where you live, you may have the right to access, correct, export, or delete personal information we hold about you, and to object to or restrict certain processing. To exercise these rights:

• Access and correction: view and update your name, phone, and avatar in the app under your profile.
• Deletion: use the in-app self-serve deletion flow at More → Security → Delete account, or follow the steps at /account-deletion .
• Data portability and other requests: email support@getstationpulse.com from the address associated with your account. We respond within 30 days.

California residents have additional rights under the CCPA / CPRA, including the right to know what categories of information we collect, the right to delete (subject to legal retention requirements), and the right to non-discrimination for exercising those rights. We do not sell or "share" personal information for cross-context behavioral advertising as those terms are defined in California law.

10. International transfers

Station Pulse is operated from the United States, and some of our sub-processors store or process information in the United States and other countries. Where required, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses to protect information transferred internationally.

11. Children

Station Pulse is intended for use by adult firefighters and department staff. The service is not directed to children under 16, and we do not knowingly collect information from anyone under 16. If you believe a minor has provided us with information, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you in the app or by email before the changes take effect. The effective date at the top of this page indicates when the current version was published.

13. Contact

For questions, concerns, or to exercise your rights, contact support@getstationpulse.com . The governing law for this policy is Alabama, USA.