Privacy Policy
Last Updated: January 12, 2026 | Version 1.0
ARK Enterprises LLC, doing business as ARK Fire RMS ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our fire department records management software and services ("Services").
Please read this Privacy Policy carefully. By using the Services, you consent to the practices described in this policy. If you do not agree with this policy, please do not use our Services.
1. Information We Collect
1.1 Information You Provide
Account Information:
- Name and contact information (email, phone number)
- Job title and role within your organization
- Login credentials
Organization Information:
- Department name and contact information
- Billing information (processed by our payment provider)
- Administrator contact details
Department Data:
- Member information (names, contact details, certifications, training records)
- Incident and call reports
- Apparatus and equipment records
- Scheduling and attendance data
- Nebraska tax credit point tracking (LB886)
- Gear inventory and assignments
- Any other data entered by your organization
Patient Care Information (if applicable):
If your organization uses EMS features, the Services may contain protected health information (PHI) subject to HIPAA. See Section 7 for HIPAA-specific information.
1.2 Information Collected Automatically
When you use the Services, we automatically collect:
- Usage Data: Features accessed, actions taken, pages viewed, time spent
- Device Information: Device type, operating system, browser type and version
- Log Data: IP address, access times, referring URLs, error logs
- Cookies and Similar Technologies: Session cookies for authentication and preferences
1.3 Information from Third Parties
We may receive information about you from:
- Your organization's administrators
- Authentication providers (if using single sign-on)
- Integrated third-party services you connect to the platform
2. How We Use Your Information
We use the information we collect to:
| Purpose | Description |
|---|---|
| Provide Services | Operate, maintain, and deliver the features and functionality of the Services |
| Account Management | Create and manage accounts, authenticate users, process transactions |
| Communication | Send service notifications, respond to inquiries, provide customer support |
| Improvement | Analyze usage patterns to improve and develop new features |
| Security | Detect and prevent fraud, abuse, and security incidents |
| Compliance | Comply with legal obligations and respond to lawful requests |
3. What We Do NOT Do With Your Information
We are committed to protecting your data. We do NOT:
- Sell your data to third parties for any purpose
- Use your data for advertising or marketing to third parties
- Share data between organizations without explicit consent
- Mine your data to build profiles for external use
- Access patient information except as necessary to provide support (with your permission)
4. How We Share Information
4.1 With Your Organization
Your organization's administrators have access to data within their organization's account, including user activity and audit logs.
4.2 Service Providers
We share information with third-party service providers who assist in operating the Services:
- Google Cloud / Firebase: Cloud infrastructure and database hosting
- Payment Processors: To process subscription payments (we do not store full payment card numbers)
- Email Services: To send transactional emails and notifications
- Analytics: To understand usage patterns (aggregated and anonymized)
These providers are contractually obligated to protect your information and use it only for the services they provide to us.
4.3 Legal Requirements
We may disclose information if required to:
- Comply with applicable law, regulation, or legal process
- Respond to lawful requests from public authorities
- Protect our rights, privacy, safety, or property
- Enforce our agreements
When possible, we will notify your organization before disclosing information in response to legal requests, unless prohibited by law.
4.4 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control.
5. Data Storage and Security
5.1 Where We Store Data
Your data is stored on servers provided by Google Cloud Platform and Firebase, located in the United States. By using the Services, you consent to the transfer and storage of your data in the United States.
5.2 Security Measures
We implement reasonable security measures to protect your information, including:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
- Encryption at Rest: Data stored in our databases is encrypted
- Access Controls: Access to data is restricted based on role and need
- Authentication: Secure authentication mechanisms protect account access
- Monitoring: We monitor for security incidents and unauthorized access
- Backups: Regular backups protect against data loss
5.3 Security Incidents
If we discover a security breach that affects your personal information, we will notify your organization's administrator promptly and provide information about the incident and our response.
6. Data Retention
6.1 Active Accounts
We retain your information for as long as your organization's account is active and as needed to provide the Services.
6.2 After Termination
Upon termination of your organization's subscription:
- Your organization has 30 days to export data
- After the export period, we will delete your data from our active systems
- Backups containing your data will be purged within 90 days
6.3 Legal Requirements
We may retain certain information longer if required by law or to protect our legal interests.
7. HIPAA and Protected Health Information
Important for EMS and Medical Response Features
7.1 Our Role
If your organization uses the Services to store protected health information (PHI), we may act as a "Business Associate" under HIPAA. Your organization remains the "Covered Entity" responsible for HIPAA compliance.
7.2 Business Associate Agreement
Organizations that transmit PHI through the Services must execute a Business Associate Agreement (BAA) with us. Contact us at info@arkfirerms.com to request a BAA.
7.3 User Responsibilities
Users who access PHI are responsible for:
- Following their organization's HIPAA policies
- Accessing PHI only when necessary for job duties
- Reporting any suspected breaches immediately
8. Your Rights and Choices
8.1 Access and Correction
You may access and update your account information through the Services. For other requests, contact your organization's administrator or us at info@arkfirerms.com.
8.2 Data Export
Your organization may export data using the export features in the Services.
8.3 Deletion
You may request deletion of your personal information by contacting your organization's administrator. Note that some information may be retained as required by law or for legitimate business purposes.
8.4 Communication Preferences
You may opt out of non-essential communications by updating your preferences in the Services or by contacting us.
8.5 Do Not Track
We do not currently respond to "Do Not Track" browser signals.
9. Cookies and Tracking Technologies
9.1 What We Use
We use cookies and similar technologies to:
- Keep you logged in (session cookies)
- Remember your preferences
- Understand how the Services are used
- Improve security
9.2 Types of Cookies
| Type | Purpose |
|---|---|
| Essential | Required for basic functionality (authentication, security) |
| Functional | Remember preferences and settings |
| Analytics | Understand usage patterns to improve the Services |
9.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the Services.
10. Children's Privacy
The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. Third-Party Links and Services
The Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
12. International Users
The Services are hosted in the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.
13. Changes to This Privacy Policy
13.1 Updates
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy with a new "Last Updated" date
- Providing notice through the Services or via email for significant changes
13.2 Review
We encourage you to review this Privacy Policy periodically to stay informed about our practices.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
ARK Enterprises LLC
d/b/a ARK Fire RMS
Email: info@arkfirerms.com
For data protection inquiries or to exercise your rights, you may also contact:
Data Protection Contact
Email: info@arkfirerms.com
Summary of Key Points
- Your organization owns its data - we do not claim ownership
- We do not sell your data - ever
- Data is encrypted - in transit and at rest
- You can export your data - at any time
- We notify you of breaches - promptly
- HIPAA compliance available - BAA upon request
By using ARK Fire RMS, you acknowledge that you have read and understood this Privacy Policy.