Privacy Policy

1. What we collect

Photos you upload during a scan. Stored in our secure cloud storage and analyzed by an AI vision model so we can grade the 29 home-hardening checkpoints.

Property address information. Used to label your scan, support address suggestions, associate the report with the property you are assessing, and pre-fill rescan reminders.

Account data. If you create an account: your email address, hashed password (or third-party OAuth identifier), and the scans you save.

Usage data. Standard server logs (IP address, user agent, referrer, pages viewed) and — only if you consent — anonymized analytics events that help us improve the product.

Cookies. A small set of essential cookies for authentication and consent state. Analytics and advertising cookies are only set if you accept them in the cookie banner.

2. How we use it

• To run your wildfire readiness scan and generate your report.
• To save your scans so you can return to them.
• To send you rescan reminders if you've opted in.
• To detect abuse, prevent fraud, and keep the service running.
• To improve our AI grader — only on aggregated, de-identified data.

We do not sell your personal data. We do not use your photos to train third-party AI models.

3. Who we share it with

We share data only with vendors who help us run the service:

• Cloud hosting and database processors — store your account, scans, and photos.
• AI inference (Google Gemini via the Lovable AI Gateway) — analyzes the photos you upload to grade checkpoints. Photos are sent on a per-request basis and are not retained by the provider for training.
• Analytics (Google Analytics 4) — only if you consent. Anonymized usage events.
• Advertising (Google AdSense) — only if you consent. May set cookies for personalized ads.
• Email — transactional email (sign-in, reminders) only.

We may disclose data if required by law, to enforce our Terms, or to protect the rights, property, or safety of users or the public.

4. How long we keep it

Scans and photos are kept as long as your account is active. If you delete a scan, it's removed from our systems within 30 days. If you delete your account, all associated data is removed within 30 days, except where retention is required by law.

To request deletion of a scan, account, or associated personal information, email privacy@firescores.net from the address connected to your account. We may ask you to verify your identity before completing the request.

5. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to opt out of certain processing. This includes rights under the California Consumer Privacy Act (CCPA) and the EU/UK General Data Protection Regulation (GDPR).

To exercise any of these rights, email privacy@firescores.net from the address on your account.

6. Children

FireScores is not directed at children under 13 and we do not knowingly collect personal information from them. If you believe a child has provided us data, contact us and we'll delete it.

7. Security

We use industry-standard encryption in transit (HTTPS/TLS) and at rest for stored data. No system is perfectly secure — please use a strong, unique password and report any suspected vulnerabilities to us.

8. Changes to this policy

We'll update the "Last updated" date at the top of this page when we make material changes. For significant changes, we'll notify account holders by email.

9. Contact

Questions about this policy? Email privacy@firescores.net or visit our Contact page.