▲ EOC COMMAND
Privacy Policy
Last updated: July 2, 2026
This policy describes how EOC Command ("we," "us") collects, uses, and protects information when you use the
EOC Command platform and website (the "Service"). The Service is used by government jurisdictions to manage
emergency operations; each jurisdiction ("Jurisdiction") owns the data it enters.
1. Information We Collect
- Account information: name, email address, password (stored hashed), and the position/role you hold in
your Jurisdiction.
- Jurisdiction content: what your organization enters and generates while operating — incidents, tasks,
messages, activity logs, resource records, shelter and facility records, reports, and settings. This can include
personal information your Jurisdiction chooses to enter, such as staff contact details.
- Field damage reports: a field reporter's name, unit, phone number, report location (GPS and/or
address), damage details, and photos if provided — submitted without an account via your Jurisdiction's field
access link and belonging to that Jurisdiction.
- Voice and video: voice channels are live push-to-talk; we record session metadata (who connected to
which channel, when, for how long) for usage metering. We do not record voice audio. Video bridges run on your
Zoom account under Zoom's terms.
- Billing: subscription status, plan, and (if claimed) tax-exemption details including your entity name
and EIN. Payments are processed by Stripe — card numbers never touch our systems.
- Technical basics: logs necessary to operate and secure the Service (timestamps, IP addresses in
infrastructure logs, error reports). We do not use advertising trackers.
2. How We Use Information
- To provide the Service: coordination, mapping, communications, reporting, and the features your Jurisdiction configures.
- To operate subscriptions: billing, trial and renewal notices, payment-failure warnings.
- To secure and support the Service: authentication, abuse prevention, troubleshooting.
- We do not sell personal information, use your data for advertising, or train AI models on your data.
3. AI Features (Bring Your Own Key)
AI features (AI Triage and the assistant) run only if your Jurisdiction connects its own Anthropic API
key. When enabled, the content being triaged (for example an inbound message or damage report) and relevant
operational context are sent to Anthropic under your account and Anthropic's terms, solely to produce the
proposal or answer. Removing the key (or pausing AI Triage) stops all such processing. We never send your data to
any AI provider under our own account.
4. Service Providers (Subprocessors)
| Provider | Purpose |
| Supabase | Database, authentication, file storage, server functions (primary hosting of Jurisdiction data) |
| Cloudflare | Web hosting and content delivery |
| Stripe | Payments, subscriptions, invoices, and payment-related emails |
| LiveKit | Real-time voice (push-to-talk) transport |
| Esri / ArcGIS | Basemaps, geocoding of addresses, and map layers (including layers under your own ArcGIS account) |
| Anthropic | AI features — only under your Jurisdiction's own API key (Section 3) |
5. Security
- Every Jurisdiction's data is isolated with database row-level security; users can only reach their own Jurisdiction's records.
- Credentials you connect (API keys, GIS and radio credentials) are encrypted at rest in a server-side vault and are never sent to browsers.
- Traffic is encrypted in transit (TLS). Access to production systems is limited and credentialed.
- No internet service can guarantee absolute security; report suspected issues to [email protected].
6. Retention
- Jurisdiction data is retained while the subscription is active.
- If a subscription lapses, data is not deleted — the account goes dormant and data is retained so access can resume upon payment.
- Data is deleted upon verified written request of the Jurisdiction's owner, or after prolonged dormancy only with prior notice to the account email.
- Jurisdictions are responsible for their own public-records and retention obligations (see Section 8).
7. Cookies and Local Storage
We use browser storage for sign-in sessions and per-device preferences (theme, sounds, layout). We do not use
third-party advertising cookies or cross-site tracking.
8. Government Records
Content a government Jurisdiction stores in the Service may be a public record under applicable law (for
example, state public information acts). The Jurisdiction is the records custodian and is responsible for
responding to records requests, retention schedules, and litigation holds; we will reasonably assist with exports.
The Service is not certified for CJIS, HIPAA, or classified information — do not store data requiring those
regimes.
9. Your Choices and Rights
- Account holders can update their profile information in the app and request account deletion.
- Jurisdiction owners control membership, data entry, connected services, and can request export or deletion of
their Jurisdiction's data at [email protected].
- Field reporters who submitted damage reports may direct questions to the Jurisdiction that collected the report.
10. Children
The Service is intended for use by government personnel and authorized responders, not children under 13, and we
do not knowingly collect information from them.
11. Changes
We may update this policy; material changes will be posted here with a new date and, for subscribed
Jurisdictions, noted in the app or by email.
12. Contact
[email protected]