Account Data

When you create an account, we collect your name, email address, and organization affiliation. Organization Administrators may also provide phone numbers and role assignments for team members.

Incident Data

During incident operations, the platform stores incident details, personnel check-in/check-out records, resource assignments, sector boundaries, GPS tracks, ICS forms, log entries, and related operational data as entered by authorized users.

Volunteer (Non-Account-Holder) Data

Walk-up volunteers who check in via QR code or kiosk provide their name, phone number, certifications, vehicle information, and optionally self-reported medical conditions. This data is collected for operational accountability during search and rescue operations.

We use your data solely to provide and improve the SARGOS platform. Specifically:

• To manage your account and organization membership
• To support incident coordination and operational accountability
• To generate ICS forms and operational reports
• To send operational notifications (SMS alerts, push notifications)
• To send transactional emails (account creation, billing, invites)
• To monitor and improve platform performance and reliability

SARGOS uses the following third-party service providers to operate the platform:

All data is stored in Supabase Cloud hosted in the United States. Data is encrypted at rest and in transit. Access to production systems is restricted and audited. We do not store sensitive data in browser localStorage or unencrypted cookies.

Walk-up volunteer PII (name, phone, medical conditions, vehicle info) collected via QR check-in is retained for the lifetime of the incident record. After incident closure, volunteer PII is retained for the same period as the organization's incident history.

Volunteers can request deletion of their data by contacting the organization or SARGOS support. On request, PII fields are nullified while preserving check-in/check-out timestamps for ICS compliance.

Incident data is retained according to the organization's subscription tier. Audit log entries are retained indefinitely for compliance and accountability purposes. Account data is retained for the duration of the account's existence.

Individual User Deletion

Users may request account deletion. Upon request, PII (name, email, phone) is pseudonymized. Incident participation records are preserved with pseudonymized references for operational audit integrity. Deletion is completed within 30 days of request.

Organization Deletion

Organization Administrators may request organization deletion. A 30-day grace period applies. After the grace period, all organization data is permanently deleted. A “Download your data” option is provided before deletion is confirmed.

Legal Basis Exception

Incident records involving active law enforcement investigations or legal holds may be retained beyond a deletion request. Actor identity in audit logs and incident logs is retained for legal accountability in life-safety operations.

SARGOS uses a single session cookie for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. See our cookie consent banner for more details.

SARGOS is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the SARGOS application and update the “Last updated” date at the top of this page.

For privacy-related inquiries or data deletion requests, contact us at:

[PLACEHOLDER — Contact email, mailing address, and Data Protection Officer contact to be added before production launch.]