Privacy Policy

1. Introduction

IgnisTrack Ltd ("we", "us", "our") operates the IgnisTrack mobile app and web dashboard, and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, Apple's App Store Guidelines, Google Play's User Data Policy, and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

Account Information:

• Full name
• Email address
• Password (encrypted, never stored in plain text)
• Company name (if joining a company account)

Survey and Inspection Data:

• Fire door inspection records and measurements
• Component inspection results and defect codes
• Photos of fire doors, components, and defects
• Survey notes and observations
• Site and door location descriptions within buildings
• Door reference numbers and QR codes

2.2 Information Collected Automatically

Device Information:

• Device type and model (e.g., iPhone 15, Samsung Galaxy S24)
• Operating system and version (e.g., iOS 17.2, Android 14)
• App version number
• Device identifiers (anonymised for analytics)
• Device language and region settings

App Usage Analytics:

• Screens viewed and navigation patterns within the app
• Features used (surveys, QR codes, reports, sync)
• Survey start, completion, and submission events
• Button taps and user interactions
• Session duration and frequency of app use
• Sync performance and success/failure rates

This analytics data is linked to your user account identifier to help us understand how you use the app and improve our services. We do not use this data for advertising purposes.

Crash and Error Reporting:

• Crash logs and stack traces when the app encounters an error
• Screenshots at the time of crash (for debugging purposes only)
• App state and memory information at time of error
• Device and OS information related to the crash
• Breadcrumb trail of actions leading to the crash

Crash reports are automatically scrubbed to remove any personal information such as email addresses before transmission. Screenshots captured during crashes are used solely for debugging and do not intentionally capture personal data.

2.3 Location (Optional, Photo Evidence Only)

When you capture a photo during a fire door survey, the app may attach GPS coordinates to that photo as metadata — exclusively to strengthen the integrity of the inspection record under the Building Safety Act 2022 "golden thread" obligations. Location access is optional: if you decline the permission, the app continues to work normally and photos are stored without coordinates.

• Only captured at the moment a photo is taken (never in the background)
• Only attached to that specific photo as evidence metadata
• Never used for tracking, advertising, or analytics
• You can revoke location access at any time via your device settings

2.4 Information We Limit or Do Not Collect

• Background location tracking – Location is only accessed at the moment you capture a survey photo (see §2.3). We never access location in the background or while the app is closed.
• Contacts or address book – We never access your contacts
• Calendar data – We do not access your calendar
• Biometric data – We do not access fingerprint, Face ID, or any biometric sensor
• Health data – We do not collect any health-related information
• Financial information – Payment processing is handled entirely by third-party processors (Stripe); we never see or store your card details
• Microphone or call data – We do not access your microphone or phone calls

3. How We Use Your Information

To Provide Our Services:

• Create and manage your user account
• Enable fire door surveys and inspections
• Store and sync your survey data across devices
• Generate PDF compliance reports
• Generate and manage QR codes for door identification
• Process company invitations and team management

To Improve Our Services:

• Analyze app usage patterns to improve user experience
• Identify and fix bugs and crashes
• Monitor app performance and stability
• Develop new features based on usage patterns
• Optimize sync performance and reliability

To Communicate With You:

• Send important service updates and security notices
• Respond to your support requests
• Notify you of changes to our terms or policies

4. Legal Basis for Processing (UK GDPR)

5. Data Retention

Fire door survey records are retained indefinitely for the lifetime of the building in order to comply with the Building Safety Act 2022 "golden thread" obligation, alongside:

• Regulatory Reform (Fire Safety) Order 2005
• Building Safety Act 2022 (indefinite digital record of building safety information)
• BS 8214:2026 requirements

Retention periods by data type:

• Survey data and photos: retained indefinitely (Building Safety Act 2022 — life of building)
• Audit logs and inspection records: retained indefinitely under Building Safety Act 2022 obligations
• Account information: duration of account plus 30 days after deletion
• Analytics data: 26 months (Firebase default)
• Crash reports: 90 days (Sentry default)

Account deletion: When you delete your account, personal identification data (name, email) is removed within 30 days. The underlying inspection records are anonymised rather than deleted — your name is detached from surveys, but the fire safety records themselves remain on file to satisfy Building Safety Act golden-thread obligations for the responsible person of the building. This approach meets both UK GDPR (personal data removed) and fire safety regulations (inspection evidence preserved).

6. Data Sharing and Third-Party Services

We share limited data with carefully selected service providers who help us operate IgnisTrack. We engage providers in the following categories:

• Database and authentication hosting — stores survey data, photos, and account credentials. Data hosted in EU data centres.
• Payment processing — handles subscription billing. We never see or store your payment card details.
• Transactional email — delivers account, billing, and service notifications.
• Crash and error monitoring — captures technical diagnostics so we can fix bugs. Personal information is automatically scrubbed from reports.
• Product analytics — aggregated usage analytics to help us understand how the app is used and improve it. Not used for advertising.
• Marketing-site analytics and advertising — on our public marketing website and QR landing pages only (not inside the mobile app or web dashboard). Loaded only after you accept cookies.

A current list of named subprocessors, what they do, and where they are located is published at ignistrack.com/subprocessors and updated whenever we change providers.

We also share data with:

• Your employer or company administrators (if using a company account) — they can view surveys created by team members.

We do NOT:

• Sell your personal data to anyone.
• Share survey, door, or photo data with advertisers. Marketing-site advertising tools only see signup events, never inspection records.
• Use your inspection data for targeted advertising.
• Share data with data brokers.
• Transfer data outside the UK/EEA without appropriate safeguards (see §12).

7. Data Security

We implement industry-standard security measures to protect your data, including:

• Industry-standard encryption for data in transit and at rest.
• Encrypted local database on your device, so survey data stored offline is protected if your device is lost or stolen.
• Secure session management with automatic credential refresh and single-device session enforcement.
• Passwords stored only as one-way hashes — never in plain text.
• Outbound network traffic from the mobile app restricted to a known set of approved hosts, with additional certificate validation on direct API calls.
• Database access controls that ensure you can only see your own company's data.

No system can be guaranteed 100% secure, but we continually review our practices and follow recognised security standards.

8. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

• Right of Access – Request a copy of all personal data we hold about you
• Right to Rectification – Correct any inaccurate or incomplete data
• Right to Erasure – Request deletion of your personal data (subject to legal retention requirements)
• Right to Data Portability – Export your data in JSON, CSV, or PDF format
• Right to Object – Object to processing based on legitimate interests (including analytics)
• Right to Restrict Processing – Request limitation of how we process your data

To exercise any of these rights, email privacy@ignistrack.com. We will respond within 30 days.

You can also export your data directly from the app or web dashboard at any time.

9. Analytics Opt-Out

While analytics help us improve the app, we respect your choice to opt out:

• Firebase Analytics: You can limit ad tracking in your device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads)
• Crash Reporting: Contact us at privacy@ignistrack.com to request disabling crash reporting for your account

Note: Some basic analytics may still be collected by Apple (App Store) or Google (Play Store) as part of their platform services, which is outside our control.

10. Website Cookies

Our marketing website (ignistrack.com) uses cookies and similar technologies. This section applies to website visitors, not the mobile app.

Cookies we use:

Managing cookies:

• Most browsers allow you to refuse or delete cookies via settings
• You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on
• Disabling cookies may affect some website functionality

Legal basis: We rely on legitimate interests for analytics cookies to understand how visitors use our website and improve our services. You can object to this processing by blocking cookies in your browser.

11. Children's Privacy

IgnisTrack is a professional tool intended for use by fire safety professionals and is not directed at children.

• Users must be at least 16 years of age to create an account
• We do not knowingly collect personal information from children under 16
• If we discover we have collected data from a child under 16, we will delete it promptly

If you believe a child has provided us with personal information, please contact us at privacy@ignistrack.com.

12. International Data Transfers

Your survey data and account information are hosted in EU data centres. Some of our service providers — for example product analytics and crash monitoring — process limited diagnostic data in the United States.

Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the UK ICO.
• Data Processing Agreements with all service providers.
• Verification that recipients maintain adequate security measures.

Specific provider locations are listed at ignistrack.com/subprocessors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For significant changes, we will notify you by in-app notification or email
• Continued use of the app after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

14. Contact Us

For privacy-related questions or to exercise your rights:

• Privacy enquiries: privacy@ignistrack.com
• General support: support@ignistrack.com

Supervisory Authority: If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).