Privacy Policy
Short version: FireHazmat has no user accounts, no analytics, no advertising, and no third-party tracking. The reference app (ERG search, placards, materials, guides, wizard, map) runs entirely on your device with bundled offline data. If you redeem a Department License, the app also offers an opt-in encrypted-backup tier for Incident Command Board and roster data; that data is end-to-end encrypted on your device before it leaves, so even we can't read it. The full breakdown is below.
What this app does
FireHazmat is a hazmat reference application for fire department command officers. It provides offline access to the U.S. Department of Transportation's Emergency Response Guidebook 2024 (ERG 2024 — public domain) including chemical lookups, evacuation distance calculations, hazard classifications, an unknown-substance identification wizard, an evacuation-zone map with plume modeling, and an on-scene Incident Command Board worksheet. FireHazmat ships as a native iPhone app, a native iPad app, and a Progressive Web App at firehazmat.openscaffoldlabs.com.
Two tiers of behavior
FireHazmat has two distinct configurations. The first is the default for every user; the second is opt-in and applies only after a department license is redeemed.
Tier 1 — Default (everyone): on-device only
In its default configuration the app is fully offline-capable. Bundled ERG data lives on the device. Search queries, chemical selections, placard taps, wizard answers, map pin drops, and Incident Command Board entries are stored in a local SQLite database on your device and are never sent to our servers. No user account exists; no login is required.
The only outbound network requests in this tier are to a small set of third-party services initiated by user action — fetching weather data, geocoding an address you typed, loading map tiles. None of those requests include personal identifiers; see the third-party-services section for the exact data sent.
Tier 2 — Department License redeemed: opt-in encrypted sync
Department licenses are sold directly to fire departments. When a department's license JWT is redeemed on a device, the app additionally enables three sync features, all end-to-end encrypted on your device before transmission:
- Encrypted Incident Command Board backups. When an incident is activated, an encrypted snapshot of the ICB scene (chemical, address, command roster, activity log) is pushed to FireHazmat's secure relay so other devices on the same department license can restore it. The relay stores ciphertext + a write-ordering timestamp + an opaque device public key only. The encryption key is derived from the dept license itself and never leaves your device.
- Encrypted personnel roster sync. A department's personnel roster syncs across the department's licensed devices the same way — encrypted on device, ciphertext relayed, keys never leave.
- Realtime cross-device hints. A short-lived signed token lets your device subscribe to a private channel on the same secure relay so updates from a sibling device land in under two seconds. The channel payload is opaque (a "something changed" hint, not the change itself); your device then pulls the encrypted blob over the normal path.
All three features go through dedicated edge functions that verify your department license JWT with our public key before scoping any read or write to your department. Because the encryption is end-to-end, neither Open Scaffold Labs nor any infrastructure provider (the relay host) can decrypt the contents. The relay sees ciphertext, nonce, ordering timestamp, and an opaque per-device public key — nothing else.
Tier 2 is opt-in: it activates only when you redeem a department license, and it persists only as long as the license is valid. Devices that have not redeemed a license (every individual iPhone purchaser, every unauthenticated PWA visitor) make zero calls to our relay.
What information we collect
We do not maintain user accounts, profiles, contact lists, or any personally identifiable information. We do not run analytics, advertising, social-media, or tracking SDKs in the app. We do not retain server-side logs of search queries, chemical selections, map locations, ICB content, or any other plaintext user data — we don't have it; only your device does.
For the Tier 2 (Department License) sync features described above, we do retain on our relay the following non-content metadata for as long as the license is active: the license id, the department id, an opaque per-device public key (for device-cap enforcement and revocation), and a write-ordering timestamp on each encrypted blob (so the newest save wins on restore). We do not retain anything decrypted, ever.
What information your device uses locally
- Location (GPS / browser geolocation). When you tap the GPS button on the Map screen, FireHazmat reads your device's current location to center the evacuation map at your scene. On native iOS/iPadOS the request is "When In Use" only; on the web the prompt is the browser's standard geolocation dialog. The coordinates stay on the device.
- Map pin + plume polygon. The pin you drop and the computed isolation circles + downwind plume polygon are rendered locally from the bundled ERG data and the current wind value. None of those are transmitted.
- Incident Command Board entries. Incident name, location, chemical, command staff names, team rosters, and activity-log notes you type into the ICB are written to a local SQLite database on your device and persist across app launches. They are not transmitted to our servers unless you are on Tier 2 (department-licensed), in which case they are end-to-end encrypted on your device and the ciphertext is pushed to our relay so other devices on your license can restore the same incident.
Third-party services
Outbound network requests fall into a small, defined set, all initiated by user action. None of them include personal identifiers; the most that's ever sent is a coordinate pair or a typed address.
- Map tiles, address search, and reverse-geocoding. Map tiles, address-as-you-type search, and address resolution are provided by industry-standard mapping services. Sent: coordinates or typed address text. Not sent: any user identifier or device metadata.
- Weather data. Current weather conditions (temperature, wind speed, wind direction, weather code) for the location displayed on the Map are fetched from a third-party weather service. Sent: latitude and longitude only. Not sent: any user identifier or device metadata.
- FireHazmat's secure relay (Tier 2, department-licensed devices only). Encrypted ICB backups, encrypted roster snapshots, and realtime channel auth tokens. Every request is authenticated by your department license JWT. Payloads are ciphertext only; the relay cannot decrypt them. Operated by Open Scaffold Labs.
- App Store / in-app purchase services (native iOS only). If you purchase the iPhone Map subscription or the iPad Solo subscription, the transaction is processed by Apple via StoreKit. We never see your payment method. Apple's privacy policy governs.
No third-party analytics, advertising, social-media, fingerprinting, or behavioral-tracking SDKs are integrated. The web tier loads one third-party script — the map renderer — which is required to display the evacuation map; no other remote scripts are loaded.
We may change which specific weather, mapping, or relay vendor we use over time as the product matures. Any change will continue to honor the data-minimization commitments above (we only ever send coordinates / typed addresses / encrypted ciphertext to those services).
Permissions the app requests
- Location — When In Use (native iOS & iPadOS). Used only to center the evacuation map at your incident location. The app does not request "Always" access. You can deny this permission and continue to use every other feature; only GPS-based map centering will be unavailable. You can still type an address.
- Browser geolocation (web). Same purpose as native: to center the map at your current position. The browser prompts you the first time you tap the GPS button; you can dismiss the prompt and continue to use the app.
The app does not request access to your photos, microphone, camera, contacts, calendar, motion sensors, Bluetooth, or any other system data.
Data we do not collect
Across every tier, FireHazmat does not collect, log, transmit, or share:
- Names, email addresses, phone numbers, or contact info — there are no user accounts
- Advertising or fingerprinting identifiers (IDFA, IDFV, Advertising ID, MAC, etc.)
- Search queries, chemical lookups, placard taps, or wizard answers
- Plaintext Incident Command Board contents (Tier 2 sees ciphertext only)
- GPS coordinates beyond the in-app map session
- Crash reports, performance telemetry, or analytics
- Browser history, browsing patterns, page-view timestamps
- Photos, microphone, camera, contacts, calendar, motion, Bluetooth, or any other system data
Children
FireHazmat is designed for trained hazmat professionals and is not directed at children under 13. We do not knowingly collect any information from children.
Data retention
Tier 1. Because we do not collect any data, there is nothing to retain. The bundled ERG 2024 dataset ships inside the app at install time; no data flows outward to our servers because, for Tier 1, no such flow exists.
Tier 2 (department-licensed devices). We retain the encrypted ICB and roster blobs, plus license/device metadata, for the duration of your active license. If you (or your department admin) revoke a device, that device's public key is removed from the registry and it can no longer authenticate. When a license expires, the associated encrypted blobs and metadata are eligible for deletion. A department can request expedited deletion at any time by emailing the contact below.
Your rights
Tier 1 collects no personal data, so there is nothing to access, correct, delete, port, or restrict. If you uninstall the app, all on-device data — including any ICB entries — is removed from your device by the OS.
Tier 2 customers can email matt@openscaffoldlabs.com at any time to request deletion of the encrypted blobs associated with their department license or to revoke a specific device.
Changes to this policy
If we ever change how the app handles data, we will update this page and bump the "Last updated" date at the top. Material changes (any change that introduces new data collection, transmission, or sharing) will be reflected in a new app version released through the Apple App Store or shipped to the PWA, so you control whether to accept the change by updating to the new build.
Contact
Questions about this privacy policy can be sent to:
Open Scaffold Labs, LLC
matt@openscaffoldlabs.com
·
dale@openscaffoldlabs.com
Support and feature requests:
openscaffoldlabs.com
Disclaimer
FireHazmat is a reference tool for trained hazmat personnel. It does not replace official ERG documentation, professional hazmat training, or incident command authority. Always verify chemical information, isolation distances, and protective action recommendations with current official sources and qualified personnel before making operational decisions.