Privacy Policy

Effective Date: April 2026 — Last Updated: April 2026

RunBoard LLC (“RunBoard,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and protect information when you use RunBoard (“the Service”).

Our commitment: We will never sell your data to third parties. Your operational data belongs to you. Period.

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and password (stored as a cryptographic hash — we never store plaintext passwords).

Organization Information: Department name, station name, and other organizational details you provide during setup.

Operational Data: Data you enter into RunBoard modules, including but not limited to vehicle records, inventory items, crew schedules, training records, equipment logs, and reports (“Your Data”).

Usage Data: We may collect information about how you access and use the Service, including browser type, device type, pages visited, and features used. This data is used solely to improve the Service.

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Authenticate your identity and manage your account
Scope your data to your organization (multi-tenant isolation)
Send important service-related communications (account verification, security alerts, billing notices)
Monitor for security threats and unauthorized access
Generate anonymized, aggregate analytics to improve the Service (no individual data is shared)

3. Data Storage & Security

Your Data is stored in secure cloud infrastructure provided by Supabase (backed by AWS). We implement the following security measures:

All data is encrypted in transit (TLS 1.2+) and at rest
Row-level security (RLS) policies enforce organization-level data isolation
Passwords are hashed using industry-standard cryptographic algorithms
Authentication tokens are managed securely with automatic expiration
Access to production databases is restricted to authorized personnel only

4. Data Sharing

We do NOT sell your data. We may share information only in the following limited circumstances:

Service Providers: We use Supabase for database hosting and authentication. These providers process data on our behalf under strict contractual obligations.
Legal Requirements: We may disclose information if required by law, subpoena, or court order, or to protect the rights, property, or safety of RunBoard, our users, or the public.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

5. Data Ownership & Portability

You own your data. RunBoard claims no ownership over the operational data you enter into the Service. You may export Your Data at any time using the built-in CSV and JSON export features available in every module.

Upon account termination, you will have 30 days to export Your Data before it is permanently deleted from our systems.

6. Cookies & Local Storage

RunBoard uses browser local storage to:

Maintain your authentication session
Store your display mode preference (Simple, Standard, or Advanced)
Store your language preference
Cache module statistics for dashboard display

We do not use third-party tracking cookies or advertising cookies. We do not participate in ad networks or cross-site tracking.

7. Third-Party Services

The Service uses the following third-party services:

Supabase: Database hosting, authentication, and real-time sync
Google Fonts: Font delivery (Barlow and Barlow Condensed typefaces)
GitHub Pages: Static file hosting

Each of these services has their own privacy policies. We encourage you to review them.

8. Children’s Privacy

RunBoard is designed for use by fire departments, EMS agencies, and emergency service organizations. The Service is not intended for use by individuals under the age of 18. We do not knowingly collect information from children under 18.

9. Data Retention

We retain Your Data for as long as your account is active or as needed to provide the Service. After account termination:

Your Data will be available for export for 30 days
After 30 days, Your Data will be permanently deleted from our production systems
Backups containing Your Data may persist for up to 90 days before being purged
Anonymized, aggregate analytics data may be retained indefinitely

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate personal information
Deletion: Request deletion of your personal information
Export: Export Your Data at any time using built-in tools
Objection: Object to certain processing of your personal information

To exercise any of these rights, contact us at [email protected].

11. HIPAA Notice

RunBoard has not yet been certified as HIPAA-compliant. During the beta evaluation period, users must NOT enter Protected Health Information (PHI) into the Service. This includes patient names, dates of birth, Social Security numbers, medical records, or any data that could identify a patient.

We are actively working toward HIPAA compliance and will provide written notice when the Service has been certified for use with PHI.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

RunBoard LLC
Email: [email protected]