Incident Commander Privacy Policy
Incident Commander values your privacy. We have prepared this Privacy Policy to explain how we collect, use, protect, and disclose information and data when you use the Incident Commander website and mobile applications (collectively, the “Site”) or Incident Commander services (“Services”). This Privacy Policy also explains your choices for managing information preferences, including opting out of certain uses of your Personal Information and other Information. By accessing or using the Site or Services, you consent to this Privacy Policy. If you have questions or concerns regarding this Privacy Policy, please e-mail us at sales@incidentcommander.org.
Information We Collect
The following are the specific types of information we collect from you.
Registration and Profile Information. When you register to use Incident Commander Services or update your profile, we may collect and store various kinds of information about you including your name, username, school or employer, school or employer identification number, mobile device number, phone number, e-mail address, date of birth, and emergency contact information (“Personal Information”). The decision to provide this information is optional; however, if you choose not to provide certain information, you may not be able to use some or all the features of the Site or Services.
Location Information. Incident Commander collects user location information through a combination of methods. Incident Commander generally only collects location information when the user launches the Administrative Application or Application, unless the user initiates an emergency alert or responds to a safety check-in request. When a user initiates an emergency alert or responds to a safety check-in request, Incident Commander continually collects location information from users regardless of whether the Administrative Application and Application are running in the foreground or background of the user’s device until the alert or check-in request is ended. Collection of location information can only be done if (i) you are a minor and your parent or legal guardian or a third-party administrator authorized by your parent or legal guardian has provided sufficient consent, or (ii) you are not a minor and agree that Incident Commander Services may use your location information. Users under the age of 13 must provide both Licensee and Incident Commander with verifiable parental consent before Incident Commander will enable the use of location information. Parents or legal guardians on behalf of their children may be able to disable location services on certain mobile devices. Turning off location services in your device settings will prevent the collection of location information but may disable some or all of the features of Incident Commander’s Services.
Incident Commander may log and store certain information about your use of Incident Commander’s Services, including but not limited to, time stamps for a positioning request (search, receipt notification), activation of the Services (search, call, receipt notification), etc. Such information shall be logged, stored and retained by Incident Commander for up to 90 days unless a request is made by law enforcement to maintain the data for a longer period.
Payment Information. Incident Commander does not directly collect, process or store financial or payment card information.
Automatically Collected Information. We automatically receive certain types of information when you interact with Incident Commander Services. For example, it is standard for your Web browser to automatically send information to every Web site you visit, including ours. That information includes your computer’s IP address, access times, your browser type and language, and referring Web site addresses. We may also collect information about the type of operating system you use, your account activity, and files and pages accessed or used by you. For mobile app users we also automatically collect UID and log.
Usage Data and Site Activity. We automatically collect information regarding the actions users take on the Site (“Usage Data”). For example, each time you use the Site we may automatically collect the type of Web browser you use, your operating system, your Internet Service Provider, your IP address, the pages you view, and the date, time and duration of your visits to the Site. This anonymous usage information may be associated with your username and profile or other Personal Information. We use this information to help us understand how people use the Site and Services.
Cookies and Web Beacons. We use cookies (a small text file placed on your computer to identify your computer and Web browser) to improve the experience of the Site and Services. The use of cookies enables “remember me” quick log-in functions and allows Incident Commander to improve its Services to allow you to visit Incident Commander Services without re-entering your member ID and/or password. We do not use cookies to collect Personal Information or to advertise or market any products or services to you. Most browsers automatically accept cookies as the default setting. You can modify your browser setting to reject our cookies or to prompt you before accepting a cookie by editing your browser options. We do not use web beacons.
We use Google Analytics to help us understand how users engage with our Services. For more information about how to opt out of having your information used by Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.
We also use Crashlytics to analyze mobile app crash data and improve Services. The information collected and how it is used is described at http://try.crashlytics.com/terms/. We also use Super Cookies to enable web push notifications.
How Incident Commander Responds to Do Not Track Signals. Do Not Track (DNT) technology exists, enabling you to communicate your desire not to be tracked online when you visit various browsers. We conduct online tracking as set forth herein and do not recognize “Do Not Track” browser signals as doing so would interfere with use of the Administrative Application and Application. It is possible that other parties using the Site and Services do the same.
How We Use Information and When We May Share and Disclose Information Generally
No Renting or Selling of Personal Information or Other Information. Except as set forth in Anonymized and Aggregated Usage Data, Incident Commander will not rent or sell your Personal Information or other information to third parties. We use Personal Information and other Information for internal purposes to provide you with the Site and Services and to communicate alerts and safety check-in requests. We may also share your Personal Information and other Information with emergency personnel and responsible government entities in emergencies, in exigent circumstances, in situations involving danger of death or serious physical injury, to respond to 9-1-1 requests, or other similar situations so that you can be notified and updated on the situations and, if necessary, located.
Alert Data. When an alert is initiated by the user, the following data is communicated back to Incident Commander: GPS coordinates, alert type, emergency account information, user’s name and email, audio communication (if initiated), and chat communication (if initiated) (“Alert Data”). What happens next depends on whether the user’s GPS coordinates are on-campus or off-campus.
If the GPS coordinates indicate the user is on-campus, then the administrators and on-campus resource officer (if applicable) will receive the Alert Data. If a second alert is triggered within five (5) minutes of the first alert, then local law enforcement officers will also receive the Alert Data if so configured.
If the user is off-campus, the administrators, on-campus resource officer and local law enforcement officers do not receive Alert Data if so configured. For off-campus alerts, Incident Commander’s server determines whether parent(s) or legal guardian(s) are linked to the account. If parent(s) or legal guardian(s) are linked, then Alert Data is sent to the parent(s) or legal guardian(s) if so configured. If there are no parent(s) or legal guardian(s) linked and the user is off-campus, then no Alert Data is shared if so configured.
Incident Commander may also use Alert Data to communicate the location of the incident to other users within that network. If an alert is not ended by a user within 24 hours (the pre-set threshold for a time-out), the system will automatically terminate the alert and GPS tracking will cease.
Sharing Personal Information and Other Information to Protect You. Ensuring the safety of Authorized Users is our highest priority. We may share Personal Information and other Information with emergency personnel and responsible government entities in emergencies, in exigent circumstances, in situations involving danger of death or serious physical injury, to respond to 9-1-1 requests, or other similar situations so that you can be notified and updated on the situations and, if necessary, located.
Broadcast messages. Personal Information may also be communicated via broadcast messages or direct alert messages. User information will also be stored in a list view so people managing the users can see to which Licensee the user belongs.
Anonymized and Aggregated Usage Data. Incident Commander may disclose to limited third parties certain anonymized Usage Data regarding the Site and Services. Your Usage Data may be aggregated with the Usage Data of others and will not identify you individually. Aggregate data is information we collect about a group or category of services or users from which individual user identities have been removed. In other words, no Personal Information is included in aggregate data. Aggregate data helps us understand trends in our users’ needs so that we can better consider new features or otherwise tailor our services. This Privacy Policy in no way restricts or limits our collection and use of aggregate data, and we may share aggregate data about our users with third parties for various purposes, including to help us better understand our customer needs and improve our services and to advertise and market our services.
Security Information. The Site and Services enable users to access and control personal security products and services provided by Incident Commander. Incident Commander will not share information that could provide access to any account or product or security, access, or usage information generated by any product unless such information is capable of and has been anonymized and aggregated with the information of many users, except as necessary to provide the Site and Services or with law enforcement.
Controlling Your Account
Managing Your Account. You can review, correct, update, or change your Personal Information. Personal information and other information that we collect and messages we send are a critical component of Incident Commander’s Services. Accordingly, you cannot opt out of providing Personal Information or other Information or receiving messages without deleting your account.
Delete Your Account. You can delete your account by logging out of the app and sending an account deletion request to sales@incidentcommander.org. Once your account is deleted, we will maintain your information and data for 90 days for purposes of preserving the emergency alerts already sent and to allow re-activation upon request.
Automatic Deletion. Your account will be deleted after 90 days from the date that you are no longer associated with Licensee. Once your account is deleted, we will maintain your information and data for 90 days for purposes of preserving the emergency alerts already sent and to allow re-activation upon request. Your information may persist in our backup system for additional time.
Service Providers
From time to time, we may contract with other businesses to provide certain features within Incident Commander’s Services and to provide services to Incident Commander (“Service Providers”). We only provide our Service Providers with the information necessary for them to perform these services on our behalf. For example, we may contract with Service Providers like Twilio to relay our audio data collected during an alert. We will not share any data with Twilio and audio files will not be stored on Twilio’s servers. Incident Commander will use Twilio’s servers to communicate audio data directly to our servers for storage for up to 90 days. Twilio’s privacy policy is described at http://www.twilio.com/legal/privacy.
Other Transfers
We may share information and data with businesses controlling, controlled by, or under common control with Incident Commander. If Incident Commander is merged, acquired, or sold, or in the event of a transfer of some or all our assets, we may disclose or transfer information or data in connection with such transaction.
Notice to California Residents/Your California Privacy Rights
Except as set forth in Anonymized and Aggregated Usage Data, Incident Commander will not share your Personal Information and other information with third parties for direct marketing purposes.
Marketing and Compliance with Laws and Law Enforcement
The Site and Services collect data directly related to the safety and security of the user’s environment. This Usage Data is provided to Licensee. Incident Commander may also share anonymized and aggregated data of many users for both marketing its services and with law enforcement. Incident Commander cooperates with government and law enforcement officials to enforce and comply with the law. We may disclose Personal Information and any other information about you to law enforcement or if we believe it is reasonably necessary to respond to legal requests (including court orders and subpoenas), to protect the safety, property, or rights of Incident Commander, to prevent or stop any illegal, unethical, or legally actionable activity, or to otherwise comply with the law.
Be Careful When You Share Information with Others
Please remember that when you share information with third parties, that information may be passed along or made public by others. This means that anyone with access to such information can potentially use it for any purpose, including sending unsolicited communications. You are solely responsible for securing your login credentials, access codes and mobile devices.
Security
We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of information transmitted to us. However, no data transmission over the Internet, WIFI or other network can be guaranteed to be 100% secure. You should be especially careful when using any public, wireless, or untrusted third-party networks. As a result, while we strive to protect information transmitted on or through the Site or Services, we cannot and do not guarantee the security of any information you transmit on or through the Site or Services, and you do so at your own risk.
Children’s Privacy
The Site and Services are intended for users who are 10 years old or older. Incident Commander will provide notice to parents and obtain verified parental consent before collecting information from users under 13. We do not knowingly collect information from children under 13 except where a parent has provided Incident Commander with verified parental consent. If we learn that we have collected the information of a child under 13 without first receiving verifiable parental consent, we will delete such information from our records.
Location of Servers
Please be aware that your information and communications will be maintained on servers or databases located throughout the United States and the European Union. By using the Site or Services, you agree that the collection, use, transfer, and disclosure of your information and communications will be governed by all applicable laws.
Privacy Policy Changes
We may change this Privacy Policy from time to time. If we decide to change this Privacy Policy, we will inform you by posting the revised Privacy Policy on the Site. Those changes will go into effect on the “Revised” date shown in the revised Privacy Policy. By continuing to access or use the Site or Services, you consent to the revised Privacy Policy.