PRIVACY POLICY
FireDesign.ai — AI Fire Protection Design LLC
AT A GLANCE. FireDesign is a software tool for fire protection and MEP design professionals. We collect account and billing information to operate your subscription, and we process the project files (drawings, layouts, and design parameters) you upload to generate the Output you are entitled to under your subscription. We do not sell personal information. We do not serve advertising. Payment card data is handled directly by our payment processor, Stripe, and is not stored within our Platform. We retain uploaded project files to operate the Platform for you and to develop and improve our underlying models — Section 6 explains this in detail.
1. Introduction
This Privacy Policy describes how AI Fire Protection Design LLC, a New Jersey limited liability company doing business as FireDesign.ai ("FireDesign", "we", "us", or "our"), collects, uses, shares, and protects information in connection with the FireDesign.ai website, web applications, and related services (collectively, the "Platform"). It applies to all visitors to our website, to individuals who create an account to use the Platform, to the authorized users of customer organizations that subscribe to the Platform, and to any other individuals whose information we collect in connection with the Platform.
This Privacy Policy is incorporated by reference into the FireDesign Terms of Service, which governs your use of the Platform. Capitalized terms used but not defined here have the meanings set forth in the Terms of Service.
2. Scope and Our Role
2.1 Scope
This Privacy Policy applies to information processed in connection with the Platform. It does not apply to products, websites, or services operated by third parties, even if those products or services are linked from, or integrated with, the Platform. We are not responsible for the privacy practices of third parties.
2.2 Our Role
For information that we collect directly from our customers and our customers' authorized users for the purpose of operating the Platform, we act as a controller (or "business" under California law). For information that a customer organization uploads into the Platform as part of its use of the service — for example, project files, drawings, and design parameters that may include limited contact or property information — we generally act as a processor (or "service provider" under California law) on behalf of that customer organization. The customer organization determines the purposes and means of processing for that content; we process it as directed by the customer organization and in accordance with our Terms of Service.
3. Information We Collect
We collect the following categories of information.
3.1 Account and Profile Information
When you create an account or are invited to an account by your organization, we collect information such as your name, business email address, business phone number, job title, company name, account credentials, and authentication-related information. Authentication is handled through our authentication provider, which may also process information about the sign-in methods you use (for example, single sign-on, multi-factor authentication, and session tokens).
3.2 Billing and Subscription Information
To process subscription payments and keep billing records, we collect information such as your billing contact, billing address, subscription tier, invoice history, tax identification information (where applicable), and payment-method indicators (for example, the last four digits and brand of a card on file).
We use Stripe, Inc. ("Stripe") as our third-party payment processor. Stripe collects and processes payment-card and bank-account information directly, and FireDesign does not receive or store complete payment-card numbers or complete bank-account numbers in its own systems. Stripe's handling of payment information is governed by Stripe's own privacy policy and by Payment Card Industry Data Security Standard (PCI DSS) requirements.
3.3 Customer Content
When you or your organization uses the Platform, you upload or submit project files (including DWG and DXF drawings), project parameters, design inputs, notes, and related material (collectively, "Customer Content"). Customer Content is generally commercial project information about buildings and systems and is not intended to contain personal information about individuals. Your organization is responsible for the Customer Content it submits, including for ensuring that Customer Content does not contain sensitive personal data prohibited by the Terms of Service.
3.4 Output
The Platform generates Output (layout-ready draft files in DWG and DXF format) from Customer Content. Output is stored in connection with your account so that you can access, download, and work with it. Output is generally not personal information.
3.5 Usage and Device Information
When you access or use the Platform, we automatically collect information about your device and how you interact with the Platform. This may include your IP address; browser type, version, and settings; device type and operating system; referring and exit pages; pages and features you access; the date, time, and duration of your visits and sessions; the actions you take in the Platform; and similar technical and usage information. We may also collect diagnostic and error information to operate, secure, and improve the Platform.
3.6 Cookies and Similar Technologies
We and our service providers use cookies, local storage, pixels, and similar technologies to operate and secure the Platform, to authenticate users and maintain sessions, to remember preferences, and to understand how the Platform is used. You can control cookies through your browser settings, though disabling certain cookies may prevent parts of the Platform from functioning.
3.7 Communications With Us
If you contact us (for example, through the info@firedesign.ai address, through support, or through a contact form), we collect the information you provide, such as your name, contact details, and the content of your communication. We use this information to respond to you, provide support, and maintain records of the communication.
3.8 Information From Third Parties
We may receive information about you from third parties in limited circumstances — for example, from our authentication provider when you sign in using single sign-on, from our payment processor when a payment is processed, from a customer organization that adds you as an authorized user, or from publicly available sources when we verify business information.
3.9 No Sensitive Personal Data in Customer Content
The Platform is not intended to collect or process Sensitive Personal Data (for example, government-issued identification numbers, payment-card or financial-account numbers submitted as part of Customer Content, protected health information, biometric or genetic data, or precise geolocation of individuals) as part of Customer Content. See Section 6.4 of the Terms of Service.
4. How We Use Information
We use the information described above for the following purposes:
- (a) To provide, operate, maintain, and support the Platform and the features of your subscription, including to generate Output from Customer Content, store your Output, and enable access by your authorized users;
- (b) To create and manage your account, authenticate you, enforce access controls, and maintain records of access and activity;
- (c) To process payments, invoice you, and administer your subscription (including renewals, overages, and cancellations);
- (d) To communicate with you about your account, subscription, service changes, security alerts, and other operational matters;
- (e) To provide customer support and respond to your inquiries;
- (f) To monitor, secure, and improve the Platform — including to detect and prevent fraud, abuse, security incidents, and other harmful activity, and to diagnose and fix technical issues;
- (g) To develop, train, evaluate, and improve the Platform and our underlying models, algorithms, and technology, as further described in Section 6;
- (h) To understand how the Platform is used — for example, through de-identified or aggregated analytics — so that we can improve features, performance, and user experience;
- (i) To send service updates, product announcements, and other communications about the Platform (subject to your communication preferences and applicable law);
- (j) To comply with legal obligations, respond to lawful requests from government authorities, enforce our agreements, establish or defend legal claims, and protect the rights, property, or safety of FireDesign, our customers, or others; and
- (k) For other purposes disclosed at the time of collection or with your consent.
5. Legal Bases for Processing
Where the General Data Protection Regulation (GDPR), the UK GDPR, or the Swiss Federal Act on Data Protection applies, our legal bases for processing personal information are:
- Performance of a contract — where processing is necessary to provide the Platform to you under the Terms of Service or a separately executed agreement;
- Legitimate interests — including operating and securing the Platform, preventing fraud and abuse, understanding and improving how the Platform is used, developing and improving our models and technology, and communicating with you about the Platform — where those interests are not overridden by your rights and freedoms;
- Compliance with legal obligations — including tax, accounting, recordkeeping, and law-enforcement cooperation;
- Consent — where we rely on consent for a specific purpose (for example, certain optional communications); and
- Other legal bases permitted by applicable law.
6. Use of Customer Content for Model Training and Platform Improvement
This section describes how we use Customer Content to develop and improve the Platform, including our underlying models. We treat this use transparently because it is a core part of how the Platform works and improves over time.
6.1 What We Do
The Platform's ability to generate accurate, useful Output depends on the ongoing development and refinement of our underlying models and algorithms. To support this development, we retain Customer Content — including pre-processing inputs (the drawings and parameters you upload) and post-processing Output (the layouts and DWG/DXF files the Platform produces) — and use it to develop, train, evaluate, validate, and improve our models, algorithms, libraries, templates, and other Platform technology.
6.2 Legal Basis and Contractual Authorization
This use is authorized by your acceptance of the Terms of Service, which grants FireDesign a license to use Customer Content for the operation and improvement of the Platform (see Section 6.2 of the Terms of Service). Where the GDPR or similar law applies, we rely on our legitimate interest in developing and improving the Platform for this processing, balanced against the rights and freedoms of the individuals whose information may be indirectly present in Customer Content.
6.3 How We Minimize Risk
Because Customer Content in our system is generally commercial project information (building drawings, design parameters, construction documents), the presence of personal information in Customer Content is incidental and limited. Nevertheless, we apply the following measures:
- We require customers to refrain from uploading sensitive personal data into Customer Content (Section 6.4 of the Terms of Service);
- We use access controls, encryption, and logging to protect Customer Content while it is in our systems;
- Wherever reasonably practicable, we de-identify or aggregate Customer Content before using it for model development, evaluation, and improvement;
- We do not use Customer Content for advertising, and we do not sell Customer Content; and
- We restrict access to Customer Content to personnel and authorized service providers who need it to operate, support, or develop the Platform.
6.4 Retention for Training Purposes
De-identified or aggregated data derived from Customer Content may be retained for the duration necessary to develop, evaluate, and improve the Platform, which may extend beyond the term of a customer's subscription. Identifiable Customer Content is retained in accordance with Section 11 (Data Retention) below and with the customer's instructions (for example, when a customer requests deletion).
7. How We Share Information
We share information only in the circumstances described below. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
7.1 Within Your Customer Organization
Information associated with your use of the Platform (including account profile, activity within your subscription, and Output) is generally accessible to your customer organization and to the authorized users and administrators your organization designates. Your organization is responsible for its own handling of that information.
7.2 Service Providers and Subprocessors
We engage third-party service providers and subprocessors to operate, secure, and support the Platform. These include providers of cloud hosting and infrastructure, database services, authentication, payment processing (Stripe), email delivery and productivity (including our business-email and collaboration provider), security monitoring and error-tracking, anti-abuse services (including reCAPTCHA or comparable services), and customer support tooling. These providers process information only on our behalf and are contractually bound to protect it consistent with this Privacy Policy and applicable law.
7.3 Legal and Compliance
We may disclose information if we believe in good faith that disclosure is necessary to (a) comply with applicable law, regulation, legal process, or a government request; (b) enforce our Terms of Service or other agreements; (c) protect the rights, property, or safety of FireDesign, our customers, or others; (d) detect, prevent, or address fraud, security, or technical issues; or (e) respond to an emergency. Where permitted, we will notify affected customers of such disclosure.
7.4 Business Transfers
If FireDesign is involved in a merger, acquisition, corporate reorganization, financing, sale of assets, or bankruptcy, information held by FireDesign may be transferred in connection with such transaction. We will ensure that any such transfer is subject to obligations consistent with this Privacy Policy or will provide you with advance notice and choices where required by applicable law.
7.5 Aggregated or De-identified Information
We may share aggregated or de-identified information — which cannot reasonably be used to identify you — for any lawful purpose.
7.6 With Your Consent
We may share information with other parties at your direction or with your consent.
8. Cookies, Analytics, and Tracking
We and our service providers use the following categories of cookies and similar technologies:
- Strictly necessary — required to authenticate users, maintain sessions, balance loads, and operate core Platform functionality;
- Functional — to remember preferences and customize features;
- Analytics and performance — to understand how the Platform is used, measure performance, diagnose errors, and improve the product; and
- Security — to detect and prevent fraud, abuse, and unauthorized access (including through services such as reCAPTCHA).
We do not use cookies or similar technologies for cross-context behavioral advertising. You can control cookies through your browser settings. Because we do not engage in cross-site tracking for advertising purposes, we do not currently respond to "Do Not Track" browser signals in a unique way.
9. International Data Transfers
FireDesign is based in the United States, and our Platform is hosted primarily in the United States. If you access the Platform or provide information to us from outside the United States, that information will be transferred to and processed in the United States and other jurisdictions where our service providers operate. Data-protection laws in these jurisdictions may differ from those in your country.
Where we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to the United States or another jurisdiction that has not received an adequacy decision, we use appropriate safeguards — such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum or IDTA, as applicable) — to protect that information.
10. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including to operate the Platform, comply with legal obligations, resolve disputes, enforce our agreements, and otherwise as described below.
General retention principles:
- Account and profile information — retained for the duration of your subscription and for a reasonable period after termination or account closure, for business continuity, legal defense, and fraud prevention purposes;
- Billing and transactional records — retained for the period required under tax, accounting, and audit requirements (generally at least seven (7) years in the United States);
- Customer Content and Output — retained during the subscription for your use, and for a reasonable period after termination or account closure to permit export and recovery, after which identifiable copies are deleted or de-identified in accordance with our standard processes;
- Usage logs, security logs, and audit logs — retained for a limited period appropriate to the purpose (for example, to investigate security incidents or comply with legal obligations);
- De-identified or aggregated data derived from Customer Content — may be retained for the period necessary to develop, evaluate, and improve the Platform, as described in Section 6; and
- Backups — retained in accordance with our backup and disaster-recovery policies; data deleted from production systems may persist in backups for a limited period before being overwritten.
When we no longer need personal information, we delete, anonymize, or securely destroy it, unless retention is required by law.
11. Information Security
FireDesign maintains an information-security program that includes administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our security program includes:
- SOC 2–aligned security controls covering security, availability, and confidentiality;
- Multi-factor authentication (MFA) for user sign-in;
- Role-based access controls, with access granted on a need-to-know basis;
- Encryption of data in transit (using industry-standard TLS) and encryption of data at rest (using industry-standard algorithms);
- Logging, monitoring, and alerting of access to systems and data, and routine review of access;
- Security reviews, vulnerability management, and patching processes for Platform components;
- Formal onboarding, training, and confidentiality obligations for personnel with access to personal information; and
- Contractual commitments from subprocessors to maintain appropriate security safeguards.
Notwithstanding the foregoing, no system is perfectly secure, and we cannot guarantee that personal information will never be subject to unauthorized access or disclosure. If we become aware of a security incident that affects your personal information, we will notify you in accordance with applicable law.
12. Your Privacy Rights
Depending on where you live and applicable law, you may have certain rights regarding your personal information. These rights may include:
- Access / Right to Know — the right to request confirmation of whether we process personal information about you, and to receive a copy of that information;
- Correction — the right to request correction of inaccurate or incomplete personal information;
- Deletion / Erasure — the right to request that we delete your personal information, subject to certain exceptions (for example, where we must retain information to comply with legal obligations);
- Portability — the right to receive your personal information in a portable, machine-readable format;
- Restriction or Objection — the right to restrict or object to certain processing of your personal information;
- Withdrawal of Consent — where we rely on your consent, the right to withdraw it at any time (without affecting the lawfulness of prior processing);
- Opt-Out of Sale or Sharing — FireDesign does not sell personal information and does not share personal information for cross-context behavioral advertising; and
- Non-Discrimination — we will not discriminate against you for exercising any of these rights.
To exercise any of these rights, please contact us at info@firedesign.ai. We may need to verify your identity before responding, and in some cases we may be unable to grant a request (for example, where required to retain information by law). If we decline your request, we will explain why. You may also have the right to lodge a complaint with a data-protection authority in your jurisdiction.
If you are an authorized user of a customer organization (for example, an employee of a firm that subscribes to the Platform), privacy requests relating to your use of the Platform are generally handled by your customer organization. Please direct such requests to your organization, or contact us and we will help route the request appropriately.
13. California Privacy Rights
This section provides additional information required by the California Consumer Privacy Act and the California Privacy Rights Act (collectively, the "CCPA/CPRA") for California residents. In the preceding twelve (12) months, we have collected, used, disclosed, and retained the following categories of personal information:
13.1 Sale or Sharing of Personal Information
FireDesign does not sell personal information and does not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We have not done so in the preceding twelve (12) months.
13.2 Sensitive Personal Information
To the extent any information we process is treated as "sensitive personal information" under the CCPA/CPRA, we use it only for purposes permitted by Section 7027(m) of the CCPA/CPRA regulations (including to provide the Platform, ensure security and integrity, detect and prevent security incidents, and perform services on behalf of a customer organization).
13.3 Exercising Your California Rights
California residents may exercise their rights of access, correction, deletion, portability, and limits on use of sensitive personal information by contacting us at info@firedesign.ai. You may designate an authorized agent to submit a request on your behalf; we may require the agent to submit proof of authorization and may require you to verify your identity directly.
14. European Economic Area, United Kingdom, and Switzerland
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described in Section 12 above under the GDPR, UK GDPR, or Swiss Federal Act on Data Protection, as applicable. You also have the right to lodge a complaint with your local supervisory authority.
The data controller for personal information processed in connection with the Platform is AI Fire Protection Design LLC. You can contact us at the address set forth in Section 17.
For transfers of personal information from the EEA, the UK, or Switzerland to the United States or other jurisdictions that have not received an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (including, where applicable, the UK International Data Transfer Addendum) or other valid transfer mechanisms.
15. Children's Privacy
The Platform is not directed to, and we do not knowingly collect personal information from, children under the age of 16. Our Terms of Service require that users be at least 18 years old. If you believe that a child has provided personal information to us, please contact us at info@firedesign.ai and we will take appropriate steps to delete it.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will provide reasonable advance notice, for example by email to the address associated with your account, by an in-Platform notice, or by updating the "Last Updated" date at the top of this Privacy Policy. Your continued use of the Platform after the effective date of a change constitutes acceptance of the updated Privacy Policy.
17. How to Contact Us
Questions, concerns, or requests regarding this Privacy Policy may be directed to:
AI Fire Protection Design LLC (d/b/a FireDesign.ai)
Attn: Privacy
15 Gates Place, Wayne, New Jersey 07470
Email: info@firedesign.ai
— END OF PRIVACY POLICY —