Privacy Policy

Effective Date: January 1, 2026
Last Updated: January 1, 2026

Who This Policy Applies To

  • Fire departments and emergency services organizations using our CPR training scheduling system
  • Public safety personnel and community members registering for CPR training classes
  • Visitors to our website and users of our services

What This Policy Covers

This Privacy Policy explains how Rescue Ready Communities collects, uses, protects, and shares your personal information in compliance with applicable federal and state privacy laws.

Security

All Rescue Ready Communities solutions have comprehensive security measures in place to protect against the loss, misuse, or alteration of information under our control. We take data security seriously and implement industry-standard protections:

  • Encryption in Transit: When you enter information into forms or receive content from our servers, we encrypt the transmission using secure 256-bit encrypted socket layer technology (SSL/TLS).
  • Encryption at Rest: All personal information stored in our databases is encrypted at rest.
  • Secure Password Storage: Passwords are hashed using bcrypt with automatic salting, ensuring they cannot be reversed or exposed.
  • SQL Injection Prevention: We use prepared statements throughout our application to prevent unauthorized database access.
  • Access Controls: Access to personal information is restricted to authorized personnel only and protected by authentication and session management.
  • Regular Security Testing: We conduct regular security assessments and penetration testing to identify and address vulnerabilities.

We follow generally accepted standards to protect personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet or method of electronic storage is 100% secure, however. Therefore, we cannot guarantee absolute security.

Users are responsible for maintaining the security and confidentiality of their account credentials and passwords.

Information Collected by Rescue Ready Communities

When you interact with Rescue Ready Communities, we may collect the following types of information:

Registration Information

When registering for CPR training classes or creating an account, we collect:

  • First and last name
  • Email address
  • Phone number
  • ZIP code
  • Password (stored in encrypted hash format only)

Class and Training Information

  • Training class selections and preferences
  • Attendance records
  • Certification status
  • Instructor assignments

Technical Information

We automatically collect certain technical information when you use our services:

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Pages visited and time spent
  • Referring website

We do not collect: Social Security numbers, driver's license numbers, credit card information, health insurance information, or medical/health information beyond what is necessary for safe training delivery.

How We Use Data We Collect

Rescue Ready Communities uses the information we collect for the following purposes:

Primary Service Delivery

  • Schedule and manage CPR training classes
  • Send class reminders, confirmations, and notifications
  • Maintain training and certification records
  • Coordinate with fire departments and instructors
  • Process class registrations and cancellations

Service Improvement

  • Improve our scheduling system and user experience
  • Analyze usage patterns to optimize class offerings
  • Respond to support requests and technical issues

Communication

  • Send important service updates and announcements
  • Provide customer support
  • Send training-related information and resources

We do NOT:

  • Sell your personal information to third parties
  • Share your information for marketing purposes without consent
  • Use your information for purposes unrelated to training services

How We Store and Secure Data

We use extreme care when handling your data and always use industry standards:

  • Secure Connections: We always use secure connections (TLS/SSL) to transmit data between users and our servers.
  • Database Encryption: We encrypt all data stored in our databases at rest.
  • Limited Access: Access to our database is limited to a select group of authorized employees who require access to perform their duties.
  • Payment Processing: We do not collect or store payment card information. If payment processing is added in the future, it will be handled by PCI-DSS compliant third-party processors.
  • Server Security: Our servers are protected by firewall rules, intrusion detection systems, and regular security updates.
  • Session Security: User sessions are protected with secure session management and automatic timeout.

How Long We Keep Data

We retain user data for varying lengths of time, depending on the type of data and legal requirements:

  • Account Data: We retain account data for the lifetime of the account. Users may request account deletion at any time.
  • Training Records: Training and certification records are retained to maintain historical records for fire departments and to comply with certification requirements. These may be retained for up to 7 years after account closure.
  • Inactive Accounts: Accounts with no activity for 3 years may be subject to deletion after notification to the user.
  • Legal Compliance: We retain data necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Data Sharing and Disclosure

Rescue Ready Communities does not sell or rent your personal information. We may share information only in the following limited circumstances:

With Fire Departments

Training records, attendance, and certification information are shared with the fire department or emergency services organization coordinating the training.

With Instructors

Class rosters and participant information necessary for conducting training are shared with assigned instructors.

Legal Requirements

We may disclose information when required by law, such as:

  • In response to a subpoena, court order, or legal process
  • To comply with government or regulatory requirements
  • To protect the rights, property, or safety of Rescue Ready Communities, our users, or others
  • In connection with a merger, acquisition, or sale of assets (with notice to affected users)

Service Providers

We may share information with trusted service providers who assist in operating our platform, subject to confidentiality agreements and data protection requirements.

Notification of Security Breach

Rescue Ready Communities maintains comprehensive data breach notification procedures to protect our users:

Immediate Response

Upon discovery or notification of a security breach that compromises personal information, we will:

  1. Immediately investigate the scope and impact of the breach
  2. Take steps to contain and remediate the breach
  3. Document all aspects of the incident
  4. Engage law enforcement and legal counsel as appropriate

User Notification

We will notify affected users of any breach of security without unreasonable delay, consistent with:

  • The legitimate needs of law enforcement
  • Measures necessary to determine the scope of the breach
  • Measures necessary to restore the integrity of our systems

Notification will occur within 72 hours of becoming aware of a security breach or configuration weakness that could have exposed your data, unless a longer delay is necessary for the reasons stated above.

Notification Method

Breach notifications will be provided by one or more of the following methods:

  • Written notification to your postal address on file
  • Email notification to your email address on file
  • Substitute notification (if the cost would exceed $250,000 or affected class exceeds 500,000):
    • Email notification when email addresses are available
    • Conspicuous posting on our website
    • Notification to major statewide media

Notification Content

Breach notifications will include:

  • Description of the incident and when it occurred
  • Types of personal information involved
  • Steps we have taken to address the breach
  • Contact information for questions
  • Advice on steps you can take to protect yourself
  • Information about credit monitoring services if applicable

Additional Notifications

If more than 1,000 persons are affected, we will also notify consumer reporting agencies that compile and maintain files on consumers on a nationwide basis.

Your Rights and Choices

You have several rights that can be exercised at any time:

Access and Portability

  • The right to request a copy of your personal information in a structured, electronic format
  • The right to access your training records and account information

Correction and Update

  • The right to correct inaccurate personal information
  • The right to update your contact information and preferences

Deletion ("Right to be Forgotten")

  • The right to request deletion of your personal information
  • Note: Some information may be retained for legal compliance, dispute resolution, or legitimate business purposes

Objection and Restriction

  • The right to object to certain uses of your information
  • The right to request restriction of processing in certain circumstances

Withdrawal of Consent

  • The right to withdraw consent for data processing where consent is the legal basis

In some cases, we may not be able to comply with requests where:

  • Compliance would expose another user's personal information
  • We are legally required to retain the information
  • The information is necessary to complete a transaction you requested
  • The information is necessary to detect security incidents or protect against illegal activity

How to Delete Your Data

To request deletion of your account and associated data, please contact us using the contact information provided at the end of this policy. Include the following in your request:

  • Your full name
  • Email address associated with your account
  • Phone number (if applicable)
  • Detailed description of your deletion request

We will verify your identity and respond to your request within 45 days.

Please note: We may need to retain certain information for record-keeping purposes, to complete transactions, or to comply with legal obligations. Training and certification records may be retained for fire department requirements even after account deletion.

Market Metrics and Aggregated Data

Rescue Ready Communities may use aggregated, de-identified data across multiple fire departments and training programs to produce industry-level summaries and benchmarks ("Market Metrics"). These metrics help improve training programs and provide valuable insights to the emergency services community.

How Market Metrics Work

  • Aggregation: Data from multiple departments is combined to create statistical summaries
  • De-identification: All individual and department-specific identifying information is removed
  • Minimum Threshold: Metrics are only generated when data from at least 3 separate fire departments is available
  • Privacy Protection: Market Metrics cannot reveal any individual data from a specific department or person, either directly or through extrapolation

Examples of Market Metrics

Market Metrics may include information such as:

  • Average class completion rates across regions
  • Trending CPR training topics
  • Seasonal training patterns
  • Certification renewal timelines
  • Training program effectiveness benchmarks

Use of Market Metrics

  • All Market Metric information is the exclusive property of Rescue Ready Communities
  • Fire departments may not distribute, share, publish, sell, or otherwise use Market Metric information without express written consent
  • Market Metrics may represent industry standard metrics or proprietary models and calculations
  • Rescue Ready Communities reserves the right not to disclose proprietary calculation methods

Opting Out

Fire departments that do not wish to receive Market Metric information for their own use may opt out; however, their aggregated, de-identified data may still be used to support Market Metrics calculations for the benefit of the broader emergency services community, consistent with our Terms of Service.

Cookies and Similar Technologies

Our website uses cookies and similar technologies for the following purposes:

Essential Cookies

  • User authentication and session management
  • Security and fraud prevention
  • Remembering your preferences and settings

Analytics

  • Understanding how users interact with our services
  • Improving website performance and user experience
  • Analyzing usage patterns and trends

Cookie Management

You can manage cookies through your browser settings. Note that disabling cookies may affect the functionality of our services, including your ability to log in and use certain features.

Types of Cookies

  • Session Cookies: Temporary cookies that expire when you close your browser
  • Persistent Cookies: Remain on your device for a set period to remember your preferences

Third-Party Services

Our website may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

Google Analytics

We may use Google Analytics to understand website usage patterns. Google Analytics collects information such as:

  • IP address (anonymized)
  • Pages visited and time spent
  • Referring websites
  • Browser and device information

Google Analytics does not collect personally identifiable information directly. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to say no to the sale of personal information (we do not sell information)
  • Right to access and request deletion
  • Right to equal service and price (no discrimination for exercising rights)

State-Specific Privacy Rights

Residents of certain states have additional privacy rights under state law:

All States

Rescue Ready Communities does not sell personal information to third parties. If our practices change, we will update this policy and provide appropriate opt-out mechanisms as required by applicable state laws.

Additional State Rights

Depending on your state of residence, you may have additional rights regarding:

  • Access to personal information we collect
  • Deletion of personal information
  • Opting out of sales or sharing of personal information
  • Non-discrimination for exercising your privacy rights

To exercise any state-specific privacy rights, please contact us using the information provided at the end of this policy.

International Users

Our services are operated from the United States. If you are located outside the United States, please be aware that information we collect will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you by email if you have an account
  • Post a notice on our website
  • Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Legal Compliance

This Privacy Policy is designed to comply with:

  • Applicable state data security and privacy laws
  • Federal privacy and data protection regulations
  • Industry best practices for data security

Complaints and Concerns

If you have concerns about how we handle your personal information or believe your privacy rights have been violated, please contact us first so we can attempt to resolve the issue.

If you have unresolved concerns, you may have the right to file a complaint with:

  • Your state's Attorney General's Office
  • Your state's data protection authority (if applicable)
  • Other applicable regulatory bodies
  • The Federal Trade Commission (FTC)

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Rescue Ready Communities
Email: [email protected]
Support: [email protected]

Data Protection Requests:
For requests related to accessing, correcting, or deleting your personal information, please use the subject line "Privacy Request" and include:

  • Your full name
  • Email address associated with your account
  • Detailed description of your request
  • Verification of your identity

We will respond to your request within 45 days, or within the timeframe required by applicable law.

© 2026 Rescue Ready Communities. All rights reserved.