Home Features About Blog Contact Help
🚧 PumpForge is currently in development. Browse the platform — subscriptions and registration will open soon.
Legal

Privacy Policy

Last updated: April 2026

1. Information We Collect

Account information: Name, email address, rank, station assignment, and department affiliation provided during registration. Training data: Simulation attempts, scores, PDP calculations, event logs, and certification records generated through platform use. Usage data: Login timestamps, browser type, and IP addresses for security monitoring and platform improvement. Support data: When you submit a support ticket, we automatically collect your browser type and version, operating system, screen resolution, preferred language, and IP address to help diagnose technical issues.

2. How We Use Your Information

We use collected information to provide and maintain the simulation platform; generate training reports, scores, and certifications; send transactional emails (account verification, password resets, assignment notifications, certification alerts); diagnose and resolve support issues using client environment data; monitor platform security and prevent unauthorized access; and improve platform features and performance.

3. Data Storage and Security

All data is stored on Amazon Web Services (AWS) infrastructure in the US East region. We implement encryption at rest (AES-256) and in transit (TLS 1.2+), bcrypt password hashing with salt, server-side session management via Redis, role-based access control, automated security monitoring, and regular automated backups.

4. Data Sharing

We do not sell or rent your personal information. We share data only with AWS for infrastructure hosting, Stripe for payment processing (department billing contact only), and law enforcement when required by valid legal process. Within the platform, data visibility follows role-based access: trainees see only their own records; instructors see their department's trainees; department administrators see department-wide data.

5. Data Retention

Training records and certification data are retained for the duration of your subscription plus 30 days. After account termination, data is available for export for 30 days, then permanently deleted. Audit logs are retained for 2 years for compliance purposes. You may request data export at any time through your department administrator.

6. Data Breach Notification

In the event of a confirmed data breach that compromises personal information, we will notify affected department administrators within 72 hours of discovery via email and in-platform notification. The notification will include the nature of the breach, the categories of data affected, the approximate number of records involved, and the measures taken to address the breach. We will cooperate with any applicable state or federal breach notification requirements. We maintain incident response procedures including immediate containment, forensic investigation, and remediation.

7. Government Agency Compliance

We understand that many of our customers are government agencies subject to public records laws. We cooperate with lawful public records requests directed to the subscribing department. We do not independently disclose department data in response to third-party requests without notifying the department first (unless prohibited by law).

8. Cookies and Tracking

Essential cookies: PumpForge uses session cookies required for login functionality. These expire when you log out or after 24 hours of inactivity. The platform cannot function without them.

Analytics: We use Microsoft Clarity and Google Analytics (GA4) to understand how the platform is used and to improve the user experience. These services may set their own cookies. Clarity records anonymized session replays (mouse movements, clicks, scrolls) to help us identify usability issues. GA4 collects aggregated page view and navigation data. Neither service collects training scores, PDP calculations, or any simulation data. We do not use advertising cookies or sell data to advertisers.

You may disable analytics cookies through your browser settings or by using a browser extension such as uBlock Origin. Disabling analytics cookies does not affect platform functionality.

9. Children's Privacy

PumpForge is designed for professional fire service training. We do not knowingly collect information from anyone under 18 years of age. If we learn that we have collected personal information from a minor, we will delete it promptly.

10. Your Rights

You may request access to your personal data, request correction of inaccurate data, request deletion of your data (subject to retention requirements), export your training records and certification data, and opt out of non-essential communications. Contact your department administrator or reach us at privacy@pump-forge.com.

11. Changes to This Policy

We will notify department administrators via email of material changes to this policy at least 30 days before they take effect.

12. Contact

For privacy questions: privacy@pump-forge.com or visit our contact page.