Privacy Policy

Smoke Signal Solutions is a South Dakota-based partnership that develops software and educational tools for the emergency medical services (EMS) industry.

Information You Provide Directly

• Account registration information (name, email address, username, password)
• Profile information (job title, agency/organization, certifications)
• Payment information (processed securely by third-party processors — we do not store full card numbers)
• Communications you send us (support requests, feedback, inquiries)
• Training and assessment data (quiz results, progress records, completion status)

Information Collected Automatically

• Device information (device type, operating system version, unique device identifiers)
• Usage data (features accessed, session duration, app interactions)
• Log data (IP address, browser type, pages visited, timestamps)
• Crash reports and performance data

Information from Third Parties

• Authentication data from social login providers (if you sign in with Google, Apple, etc.)
• Agency or organization information provided by your employer during bulk account provisioning

• Create and manage your account
• Provide and improve our products and services
• Process payments and fulfill subscriptions
• Track your training progress and issue certifications or badges
• Send transactional emails (account confirmations, password resets, receipts)
• Send product updates and educational content (you may opt out at any time)
• Respond to support requests and customer service inquiries
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Analyze usage patterns to improve product features and user experience

We do not sell your personal information. We may share your information in the following limited circumstances:

Service Providers

• Amazon Web Services (AWS) — cloud hosting, storage (S3), and infrastructure
• Payment processors — to handle subscription billing (e.g., Stripe or Apple/Google in-app purchases)
• Email service providers — to send transactional and marketing emails
• Analytics providers — to understand how our products are used
• Apple App Store / Google Play Store — for mobile app distribution

Your Organization or Agency

If your account was created by or on behalf of an EMS agency, certain account and usage information may be accessible to designated administrators of that organization.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the safety of any person or to address fraud or security issues.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website.

We retain different categories of data according to the following schedule:

If you request deletion of your account, we will delete or anonymize personal data not subject to the above requirements. Data retained for legal or regulatory compliance will be securely stored and not used for any other purpose.

You have the following rights regarding your personal information:

• Access — Request a copy of the personal data we hold about you
• Correction — Request that we correct inaccurate or incomplete information
• Deletion — Request that we delete your personal data (subject to retention requirements above)
• Opt-out of marketing — Unsubscribe from marketing emails at any time using the link in any email
• Data portability — Request your data in a portable format

To exercise any of these rights, contact us at contact@smokesignalsolutions.com. We will respond within 30 days.

Our products and services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

If you believe a child under 13 has provided us with personal information, please contact us at contact@smokesignalsolutions.com.

Our web applications use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze how our web products are used

You can control cookies through your browser settings. Disabling cookies may affect the functionality of our web-based products. Our mobile applications do not use browser cookies but may use similar device-level identifiers for analytics and crash reporting.

We implement industry-standard technical and organizational measures to protect your data, including:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted data storage
• Access controls limiting who can access your data
• Regular security reviews and monitoring

No method of transmission over the Internet or electronic storage is 100% secure. If you believe your account has been compromised, please contact us immediately.

Our products may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use in connection with our products.

Our Role as a Business Associate

We operate as a HIPAA Business Associate as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HITECH Act. PHI stored in our systems includes data related to 911 emergency response calls and patient care records submitted by or on behalf of our agency clients. This data is stored in secured databases hosted on Amazon Web Services (AWS) infrastructure located in the United States.

Business Associate Agreements

We enter into a Business Associate Agreement (BAA) with each EMS agency or Covered Entity that uses our services to store or transmit PHI. The BAA governs our obligations with respect to the use, disclosure, and safeguarding of PHI and is incorporated by reference into our service agreements.

How We Protect PHI

We implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule, including:

• Encryption of PHI at rest and in transit
• Access controls limiting PHI access to authorized personnel only
• Audit logging of access to PHI
• Secure, US-based cloud infrastructure (AWS)
• Regular security risk assessments

Breach Notification

In the event of a breach of unsecured PHI, we will notify the applicable Covered Entity (your EMS agency) without unreasonable delay and in no case later than 60 days following discovery of the breach, per the HIPAA Breach Notification Rule. The Covered Entity is responsible for notifying affected individuals and, where required, the U.S. Department of Health and Human Services (HHS).

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your California rights, contact us at contact@smokesignalsolutions.com.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, by sending an email notification or displaying a notice within our products.

Your continued use of our services after any changes constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

We are committed to working with you to resolve any concerns about your privacy.