Privacy Policy
Last updated: 2026-06-17
Effective date: June 17, 2026.
We try to collect as little as possible, keep it as briefly as possible, and tell you exactly who else sees it. This page is the whole picture.
1. What we collect
| Data | When | Why |
|---|---|---|
| Address text you type | When you search for an address on the map | To find a starting location on the map |
| Map polygons you draw (latitude/longitude) | When you submit for analysis | To run the defensible-space analysis on that area |
| Questionnaire answers (optional) | When you complete the optional questionnaire | To refine the risk score |
| Your email address | When you submit for analysis | To send you the finished report |
| State/county selection | While using the map | To load the right building footprints |
| Server access logs (IP address, request metadata) | Whenever you visit the site | To operate and secure the service |
We do not use cookies, analytics, advertising trackers, fingerprinting, or any third-party measurement script.
2. Why we collect it
Strictly to run the analysis you requested and email you the result. We do not use your data for marketing, profiling, ad targeting, or training machine-learning models, and we do not sell or share it.
3. How long we keep it
- Analysis jobs (your polygon, questionnaire answers, email address, and generated report) are automatically deleted from our storage 7 days after submission.
- Building-footprint cache (no personal data) is deleted after 30 days.
- Server access logs are retained per our cloud provider's defaults; no longer than needed for security and debugging.
- Addresses are not stored anywhere in our app, they are briefly used to move the map and retrieve the user's county and state.
After 7 days we have no record of what you submitted.
4. Who else sees your data (sub-processors)
We rely on these third parties to operate the site. They each have their own privacy practices:
- Amazon Web Services (AWS) — hosting and storage. Privacy Notice
- Resend — transactional email delivery (used only to send you your report). Privacy
- Mapbox — map tile imagery. Your browser fetches tiles directly from Mapbox; they receive your IP address and the tile coordinates. Privacy
- OpenStreetMap / Nominatim — address geocoding. Privacy
- FCC Census Area API (geo.fcc.gov) — county and area lookups (U.S. federal service). Subject to federal privacy practices.
- Venmo (only if you choose to support us) — payment processing on a separate site. Privacy
That is the entire list.
5. Your California privacy rights
If you are a California resident, the California Consumer Privacy Act (CCPA/CPRA) gives you the right to:
- Know what personal information we have about you.
- Delete it (and we will, subject to legal-retention exceptions).
- Correct inaccurate information.
- Opt out of sale or sharing of personal information. We do not sell or share your personal information, so there is nothing to opt out of, but you may confirm this in writing on request.
- Limit the use of sensitive personal information. We do not collect sensitive personal information.
- Non-discrimination. We will not deny you service or charge you differently for exercising any of these rights.
We also honor browser-level Global Privacy Control signals.
To exercise any right, email prefire@prefire.online with your request. We will respond within 45 days as required by the CCPA. We may ask for limited information to verify the request relates to you.
Shine the Light (Cal. Civ. Code § 1798.83). We do not share personal information with third parties for their own direct-marketing purposes.
6. Children
The site is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have, email prefire@prefire.online and we will delete it.
7. Security
We use HTTPS site-wide, encryption at rest on AWS, and the principle of "delete it after 7 days." No system is perfectly secure. If you discover a vulnerability, please email prefire@prefire.online.
8. Accessibility
We target WCAG 2.1 AA. If you encounter a barrier using the site, email prefire@prefire.online and we will address it.
9. Changes to this policy
We may update this policy. The effective date at the top reflects the current version. Material changes will be noted at the top of the page for at least 30 days.
10. Contact
For any privacy question or request, email prefire@prefire.online.