PRIVACY POLICY

No tracking. No plaintext on our servers.

On-device by default. The department sync tier transmits only end-to-end-encrypted data — we never see plaintext. Full policy below.

Privacy Policy

FireHazmat for iOS, iPadOS, and Web · Effective May 28, 2026 · Last updated May 28, 2026

Short version: FireHazmat has no user accounts, no analytics, no advertising, and no third-party tracking. The reference app (ERG search, placards, materials, guides, wizard, map) runs entirely on your device with bundled offline data. If you redeem a Department License, the app also offers an opt-in encrypted-backup tier for Incident Command Board and roster data; that data is end-to-end encrypted on your device before it leaves, so even we can't read it. The full breakdown is below.

What this app does

FireHazmat is a hazmat reference application for fire department command officers. It provides offline access to the U.S. Department of Transportation's Emergency Response Guidebook 2024 (ERG 2024 — public domain) including chemical lookups, evacuation distance calculations, hazard classifications, an unknown-substance identification wizard, an evacuation-zone map with plume modeling, and an on-scene Incident Command Board worksheet. FireHazmat ships as a native iPhone app, a native iPad app, and a Progressive Web App at firehazmat.openscaffoldlabs.com.

Two tiers of behavior

FireHazmat has two distinct configurations. The first is the default for every user; the second is opt-in and applies only after a department license is redeemed.

Tier 1 — Default (everyone): on-device only

In its default configuration the app is fully offline-capable. Bundled ERG data lives on the device. Search queries, chemical selections, placard taps, wizard answers, map pin drops, and Incident Command Board entries are stored in a local SQLite database on your device and are never sent to our servers. No user account exists; no login is required.

The only outbound network requests in this tier are to a small set of third-party services initiated by user action — fetching weather data, geocoding an address you typed, loading map tiles. None of those requests include personal identifiers; see the third-party-services section for the exact data sent.

Tier 2 — Department License redeemed: opt-in encrypted sync

Department licenses are sold directly to fire departments. When a department's license JWT is redeemed on a device, the app additionally enables three sync features, all end-to-end encrypted on your device before transmission:

All three features go through dedicated edge functions that verify your department license JWT with our public key before scoping any read or write to your department. Because the encryption is end-to-end, neither Open Scaffold Labs nor any infrastructure provider (the relay host) can decrypt the contents. The relay sees ciphertext, nonce, ordering timestamp, and an opaque per-device public key — nothing else.

Tier 2 is opt-in: it activates only when you redeem a department license, and it persists only as long as the license is valid. Devices that have not redeemed a license (every individual iPhone purchaser, every unauthenticated PWA visitor) make zero calls to our relay.

What information we collect

We do not maintain user accounts, profiles, contact lists, or any personally identifiable information. We do not run analytics, advertising, social-media, or tracking SDKs in the app. We do not retain server-side logs of search queries, chemical selections, map locations, ICB content, or any other plaintext user data — we don't have it; only your device does.

For the Tier 2 (Department License) sync features described above, we do retain on our relay the following non-content metadata for as long as the license is active: the license id, the department id, an opaque per-device public key (for device-cap enforcement and revocation), and a write-ordering timestamp on each encrypted blob (so the newest save wins on restore). We do not retain anything decrypted, ever.

What information your device uses locally

Third-party services

Outbound network requests fall into a small, defined set, all initiated by user action. None of them include personal identifiers; the most that's ever sent is a coordinate pair or a typed address.

No third-party analytics, advertising, social-media, fingerprinting, or behavioral-tracking SDKs are integrated. The web tier loads one third-party script — the map renderer — which is required to display the evacuation map; no other remote scripts are loaded.

We may change which specific weather, mapping, or relay vendor we use over time as the product matures. Any change will continue to honor the data-minimization commitments above (we only ever send coordinates / typed addresses / encrypted ciphertext to those services).

Permissions the app requests

The app does not request access to your photos, microphone, camera, contacts, calendar, motion sensors, Bluetooth, or any other system data.

Data we do not collect

Across every tier, FireHazmat does not collect, log, transmit, or share:

Children

FireHazmat is designed for trained hazmat professionals and is not directed at children under 13. We do not knowingly collect any information from children.

Data retention

Tier 1. Because we do not collect any data, there is nothing to retain. The bundled ERG 2024 dataset ships inside the app at install time; no data flows outward to our servers because, for Tier 1, no such flow exists.

Tier 2 (department-licensed devices). We retain the encrypted ICB and roster blobs, plus license/device metadata, for the duration of your active license. If you (or your department admin) revoke a device, that device's public key is removed from the registry and it can no longer authenticate. When a license expires, the associated encrypted blobs and metadata are eligible for deletion. A department can request expedited deletion at any time by emailing the contact below.

Your rights

Tier 1 collects no personal data, so there is nothing to access, correct, delete, port, or restrict. If you uninstall the app, all on-device data — including any ICB entries — is removed from your device by the OS.

Tier 2 customers can email matt@openscaffoldlabs.com at any time to request deletion of the encrypted blobs associated with their department license or to revoke a specific device.

Changes to this policy

If we ever change how the app handles data, we will update this page and bump the "Last updated" date at the top. Material changes (any change that introduces new data collection, transmission, or sharing) will be reflected in a new app version released through the Apple App Store or shipped to the PWA, so you control whether to accept the change by updating to the new build.

Contact

Questions about this privacy policy can be sent to:

Open Scaffold Labs, LLC
matt@openscaffoldlabs.com · dale@openscaffoldlabs.com

Support and feature requests:
openscaffoldlabs.com

Disclaimer

FireHazmat is a reference tool for trained hazmat personnel. It does not replace official ERG documentation, professional hazmat training, or incident command authority. Always verify chemical information, isolation distances, and protective action recommendations with current official sources and qualified personnel before making operational decisions.