Privacy Policy

1. Who We Are & Our Role

Station Clipboard (operated by Station Automation Solutions LLC, Houston, Texas) provides the Department Portal, a cloud-based SaaS platform for Fire and EMS departments.

Data processor relationship: Fire and EMS departments that subscribe ("Organizations") are the data controllers — they determine what data is collected and why. Station Clipboard acts as the data processor on their behalf. When a department administrator collects, manages, or deletes member data inside the portal, they are exercising their role as the data controller. We process that data only as instructed.

For data collected through this marketing website (contact forms, email inquiries), Station Clipboard is the data controller.

2. Organization & Customer Data

When a department subscribes to the Department Portal, we collect and store:

• Department name, URL slug, and timezone
• Primary contact name, email address, and phone number
• Mailing address
• Organization logo (uploaded file)

This information is used to provision and operate the portal, send service communications, and provide billing and support.

3. User Account & Identity Data

Each member account within the portal may include:

• Username, first name, last name
• Email address (optional)
• Profile picture (uploaded file)
• Password — stored only as a bcrypt hash. We never store or transmit plaintext passwords.
• Kiosk PIN — a numeric PIN used for shared time-clock kiosk sign-in
• Role and permission assignments, account status (active/disabled), site-admin flag
• Last login timestamp, account creation and update timestamps

4. Biometric Data (Face Recognition Time Clock — Optional Feature)

The Department Portal offers an optional Face ID time clock feature that allows members to clock in and out at a kiosk using face recognition. This feature is opt-in and must be enabled by the department administrator.

What we store (and what we don't):

• We do NOT store face photos or raw images for recognition purposes. No photographs of members are retained for biometric matching.
• We store a mathematical face descriptor — a set of 128 floating-point numbers (a "faceprint") computed from the member's facial geometry. This numerical representation cannot be reverse-engineered into a photograph.
• Faceprints are encrypted at rest using AES-256-GCM.
• We also store enrollment metadata: enrollment status, the number of training samples used, who performed the enrollment (self or administrator), whether it was self-enrolled or admin-enrolled, and the date of the last training update.

How faceprints are created:

• A member can enroll themselves at a kiosk or through their account.
• An administrator can enroll a member using the member's uploaded profile photo (if one exists).

Your rights regarding biometric data:

• Members and administrators can disable or permanently delete face enrollment at any time.
• When enrollment is deleted, the faceprint and all associated metadata are removed from our systems.

Departments using this feature are responsible for complying with applicable state and local biometric privacy laws (including BIPA where applicable), including obtaining any required member consent before enrollment.

5. Time & Attendance Data

The portal records time-clock activity, including:

• Clock-in and clock-out timestamps and calculated shift duration
• Station or location label associated with each entry
• Clock-in/out method: web portal, kiosk, face recognition, or admin override
• Member notes and administrator notes attached to time entries
• Edit history: who modified a time entry and when
• Flags and administrative review status

This data is created and managed by the department (the data controller) and is accessible only to authorized personnel within that organization.

6. Credits, Training & Engagement Records

When departments use the Credits module, the following is stored per credit entry:

• Activity title, category, credit values, and date
• Status: approved, pending, denied, or voided
• Source of the credit and any custom field values
• Member notes and administrator notes
• Approval and denial history, including who acted and when

7. Certifications & Credentials

The Certifications module stores:

• Certification name and issuing organization
• Issue date and expiration date
• Uploaded certification documents (stored in cloud object storage)

8. Scheduling Data

The Scheduling module stores:

• Member availability submissions: dates, time ranges, status, and notes
• Scheduled shifts and shift assignments
• Shift trade requests between members
• Time-off requests: start and end dates, reason, status, and approval history
• Department-level staffing and hour-cap configuration settings

9. Communications & Notifications

The portal supports internal communications, including:

• Announcements posted by administrators and per-member acknowledgement status
• In-app notifications: title, body, type, priority, who triggered the notification, and read status

These communications are scoped to the member's organization and are not shared across departments.

10. Activity & Audit Logs

The portal maintains an audit log of significant actions taken within each organization. Each log entry records the event type, a human-readable description, the name of the acting user, and a timestamp. Audit logs are accessible to department administrators and are scoped to their organization.

11. Uploaded Files

The following types of files may be uploaded and stored in cloud object storage:

• Member profile pictures
• Organization logos
• Certification documents

Files are associated with the uploading organization and are accessible only to authorized users within that department.

12. Cookies & Technical Data

The Department Portal uses a session cookie to keep users authenticated between page loads. This is a strictly necessary cookie — no advertising, tracking, or analytics cookies are set by the portal itself.

Standard server logs may capture technical request information such as IP addresses, browser type, and request timestamps. These logs are used for security monitoring and troubleshooting.

This marketing website (stationclipboard.com) uses Cloudflare for performance and security, which may set its own cookies per Cloudflare's privacy practices.

13. What We Do NOT Collect or Store

To be explicit about what is outside the scope of the Department Portal:

• No Social Security Numbers or government-issued ID numbers
• No payment card data — billing for portal subscriptions is handled outside the portal via a third-party payment processor
• No GPS or real-time location tracking of members
• No raw face images are stored for biometric recognition (see Section 4)
• No third-party advertising trackers inside the portal

14. How We Use Your Data

Data collected through the portal is used to:

• Deliver and operate the Department Portal and its modules
• Authenticate users and enforce role-based access controls
• Generate time and attendance records, reports, and exports requested by department administrators
• Maintain audit trails for administrative accountability
• Provide technical support
• Improve the software based on usage patterns (aggregated and non-identifiable where possible)

We do not sell personal data to third parties.

15. Data Security

We apply the following security measures:

• Password hashing: All passwords are stored using bcrypt. Plaintext passwords are never stored or logged.
• Biometric encryption: Face descriptors (faceprints) are encrypted at rest using AES-256-GCM.
• No raw biometric images: We store only mathematical representations, not photographs.
• Session authentication: The portal uses session-based authentication — no long-lived API tokens are exposed to end users by default.
• Role-based access control: Users can only access data their role and permissions allow within their organization.
• Organization data isolation: Data is scoped per organization. Members of one department cannot access data from another.
• Cloud object storage: Uploaded files are stored in a cloud storage bucket with access controls.

16. Data Retention

Data is retained for as long as a department's subscription is active and as needed to provide the service. When an organization's account is closed, we will delete or de-identify their data in accordance with our data retention procedures. Individual member records (including biometric enrollments) can be deleted by administrators at any time.

17. Your Rights

If you are a member of a subscribing department: your data is controlled by your department. Requests to access, correct, or delete your personal information should be directed to your department administrator. We will cooperate with administrators to fulfill lawful data requests.

If you contacted us through this website (contact form, email, phone): you may request access to, correction of, or deletion of that information by emailing hello@stationclipboard.com.

18. Changes to This Policy

We may update this privacy policy as our product evolves or legal requirements change. When we do, we will update the "Last Updated" date at the top of this page. Continued use of the portal after changes constitutes acceptance of the revised policy.