Get in touch →

Privacy

IronCAD Privacy Policy

Effective date: June 14, 2026

This Privacy Policy explains how Ironclad Thor Industries LLC (“Ironclad Thor,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information in connection with the IronCAD dispatch and emergency-response platform, including the IronCAD mobile and desktop applications and related services (collectively, the “Service”). IronCAD is provided to public-safety agencies and their authorized personnel. Questions? Contact us at contact@ironcladthor.com.

Our role: agency deployments

IronCAD is sold to agencies (fire departments, EMS, search-and-rescue, emergency management, and similar organizations). When your agency deploys IronCAD, the agency generally determines what data is collected about its personnel and how it is used — it acts as the data controller, and Ironclad Thor acts as a service provider / data processor on the agency’s behalf. Ironclad Thor is an independent controller for limited purposes such as account administration, billing, and securing the Service. If you are a responder, please also review your agency’s own privacy and records policies.

Information we collect

  • Account information — name, email address, agency/organization, role or rank, and credentials your agency administrator issues.
  • Precise location — your device’s GPS location, including in the background while you are on duty, used to display team positions on the live operational map and to support situational awareness during active incidents. Background location is collected only with your device-level permission and is indicated by your operating system (e.g., the iOS blue status indicator / Android foreground-service notification).
  • Operational content — incidents, status updates, timeline notes, assignments, and similar records you create or interact with in the Service.
  • Device and notification data — device type and operating system, app version, and push-notification tokens used to deliver dispatch and incident alerts.
  • Usage and diagnostic data — limited log and technical data used to operate, secure, and troubleshoot the Service.

We do not collect advertising identifiers, browsing history, contacts, photos, or biometric data, and we do not use your data for advertising.

How we use information

  • Provide real-time dispatch, team tracking, incident management, and situational awareness.
  • Deliver dispatch alerts and incident notifications.
  • Authenticate users and secure the Service.
  • Provide support and respond to requests.
  • Maintain operational records for after-action review where your agency requires it.
  • Comply with legal obligations and protect the safety of users and the public.

Legal bases (EEA/UK users)

Where the EU/UK GDPR applies, we (and the deploying agency) rely on: performance of a contract (providing the Service); legitimate interests (coordinating emergency response, securing the Service); consent (device location and notifications, which you can withdraw via device settings); and legal obligation where applicable.

How we share information

We do not sell or rent your personal information, and we do not share it for advertising or cross-context behavioral advertising. We disclose information only:

  • To your agency — authorized administrators and personnel can see operational data, positions, and roster information as needed to coordinate response.
  • To service providers / subprocessors who process data on our behalf under contract, including cloud database and authentication hosting (Supabase), application hosting, and push-notification delivery (Apple Push Notification service and Google Firebase Cloud Messaging). These providers are bound to use the data only to provide their services to us.
  • For legal and safety reasons — to comply with law, respond to lawful requests, enforce our terms, or protect the rights, property, or safety of users, the agency, or the public.
  • In a business transfer — in connection with a merger, acquisition, or sale of assets, subject to this Policy.

Data retention

We retain personal information for as long as needed to provide the Service and as directed by the deploying agency. Operational and incident records may be retained by your agency for legal, audit, or after-action purposes under the agency’s retention policy. We delete or de-identify data when it is no longer needed, subject to legal retention requirements.

Security

We use technical and organizational measures designed to protect personal information, including encryption in transit (HTTPS/WSS), row-level access controls that scope data to authorized users, and secure credential storage on the device. The Service is architected with awareness of the FBI CJIS Security Policy for handling sensitive public-safety data. No method of transmission or storage is completely secure, but we work to protect your information and continually improve our safeguards.

Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal information, and to withdraw consent. California residents have rights under the CCPA/CPRA to know, delete, and correct personal information, to opt out of sale or sharing (note: we do not sell or share for advertising), to limit the use of sensitive personal information, and to be free from discrimination for exercising these rights.

Because IronCAD is deployed by agencies, many requests are handled by your agency administrator. To exercise your rights, contact your agency or email us at contact@ironcladthor.com. We respond within the timeframes required by applicable law (generally 30 days under GDPR; 45 days under the CCPA/CPRA, each extendable where permitted). We will verify your identity before acting on a request.

Data deletion requests

To request deletion of your account and associated personal data, email contact@ironcladthor.com with the subject line “Data Deletion Request,” or ask your agency administrator. We will verify and process valid requests within 30 days. Operational records your agency is legally required to retain may be kept in accordance with that agency’s retention policy.

Children’s privacy

The Service is intended for use by professional first responders and is not directed to children. We do not knowingly collect personal information from children.

International transfers

We are based in the United States and may process information in the U.S. and other countries. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

Changes to this Policy

We may update this Policy from time to time. We will post the updated version here with a new effective date and, where appropriate, provide additional notice.

Contact us

Ironclad Thor Industries LLC
Email: contact@ironcladthor.com