Privacy Policy

FireOps Technologies Ltd is a fire safety software company based in Kingston, Jamaica. We operate the FireOps platform — a digital management system for fire inspection companies in Jamaica and across the Caribbean.

For data protection purposes, FireOps is the “data controller” for account and usage information, and the “data processor” for inspection data you enter on behalf of your clients.

Contact: privacy@fireops.app

The following table summarises the categories of personal data we collect:

We do not collect special category data (e.g. health data, biometric data) except to the extent that a signature captured during an inspection could be considered biometric — these are processed solely for the purpose of producing a legally valid inspection certificate.

We use your data for the following purposes:

• Providing, operating, and improving the FireOps platform
• Processing your subscription payments and managing your account
• Generating professional inspection reports and PDF certificates
• Sending transactional emails (account confirmations, password resets, report delivery)
• Sending service notifications (inspection reminders, overdue alerts)
• Responding to support enquiries
• Detecting and preventing fraud, abuse, and security incidents
• Complying with legal obligations (e.g. tax records, regulatory requirements)
• Conducting aggregate, anonymised analytics to improve the platform

We do not use your inspection data to train AI models or for purposes unrelated to providing the Services.

Where data protection law requires a legal basis, we process your data on the following grounds:

• Contract performance — processing necessary to provide the Services you have subscribed to
• Legitimate interests — security monitoring, fraud prevention, product analytics (where not overridden by your rights)
• Legal obligation — retaining financial records as required by Jamaican tax law
• Consent — marketing communications (where you have opted in)

We share your data only in the following circumstances:

• Service providers: Supabase (database hosting), Stripe (payment processing), WiPay (Caribbean payments), Resend (transactional email), Bunny.net (file storage/CDN), Sentry (error tracking). All providers are contractually bound to process data only on our instructions.
• Client portal: When you enable client access, your clients can view their own inspection reports and certificates. You control this sharing.
• Legal requirements: We may disclose data to comply with a court order, law enforcement request, or regulatory requirement, and will notify you where permitted by law.
• Business transfer: In the event of a merger or acquisition, data may be transferred to the successor entity, with notice provided to you.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

FireOps uses cloud infrastructure that may process data in multiple countries including the United States (Supabase, Stripe) and the European Union. When data is transferred outside Jamaica, we ensure appropriate safeguards are in place, including standard contractual clauses where required.

We implement the following security measures:

• All data transmitted between your device and FireOps is encrypted using TLS 1.3
• Data at rest is encrypted using AES-256
• Access to production systems is restricted by role-based access controls and multi-factor authentication
• Row-level security enforces company data isolation (your data cannot be accessed by other FireOps companies)
• Regular third-party security assessments
• Automatic session timeouts and secure password requirements

In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and any applicable regulator within 72 hours of becoming aware.

FireOps uses the following cookies and tracking technologies:

• Strictly necessary cookies: Authentication session tokens required for platform functionality. These cannot be disabled.
• Analytics cookies: Anonymised usage data via PostHog to understand feature adoption (can be opted out in Settings → Privacy).
• Error tracking: Sentry collects anonymised error reports to help us fix bugs. No personal data is included in error reports.

We do not use advertising or cross-site tracking cookies.

Under applicable data protection law, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — correct any inaccurate or incomplete data
• Erasure — request deletion of your data (subject to legal retention requirements)
• Portability — receive your data in a machine-readable format
• Restriction — request that we limit processing in certain circumstances
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, you may withdraw at any time

To exercise any of these rights, go to Settings → Data & Privacy in your FireOps account, or email privacy@fireops.app. We will respond within 30 days. Some requests may require identity verification.

FireOps is a B2B platform intended solely for professional use by adults. We do not knowingly collect personal data from individuals under 18 years of age. If you believe we have inadvertently collected such data, please contact us immediately.

Photos captured during inspections are stored securely on Bunny.net CDN with access controls. Photos are accessible only to your company account and to clients you explicitly share reports with. Photos are automatically deleted when you delete the associated inspection or when you close your account (subject to any legal hold period).

We retain your data for as long as your account is active. Upon account deletion:

• Inspection data, client data, and reports are queued for deletion within 30 days
• You may export your full data archive during this 30-day window
• Payment records are retained for 7 years as required by Jamaican tax law
• Anonymised, aggregated usage statistics may be retained indefinitely

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated by email and in-app notification at least 14 days before taking effect. The “last updated” date at the top of this page indicates when changes were last made.

If you have questions or concerns about our privacy practices, please contact our privacy team:

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.