Privacy Policy

When you register as a volunteer:

• Full name
• Email address (stored in encrypted form)
• Phone number (optional; stored in encrypted form)
• Physical address or approximate location for operational area assignment
• Certifications and skills (e.g., First Aid, CPR, Search & Rescue)
• Languages spoken
• Volunteer application status and review history

When you use volunteer or admin features:

• GPS location coordinates registered for monitoring disaster-affected zones
• Emergency field reports including incident descriptions and photos
• Assigned H3 geospatial hexagon zones for operational coordination
• Activity and communication logs within the platform
• Authentication session data (magic link tokens, session timestamps)

Automatically collected data:

• Browser type and device information for session security
• IP address for access logging and fraud prevention

We use your data exclusively for disaster response and platform operations:

• Volunteer Matching: Matching volunteers with incidents based on location, skills, and language.
• Emergency Alerts: Sending real-time notifications via email or SMS when you are near an active incident.
• Operational Coordination: Assigning personnel to specific geographic sectors using H3 geospatial technology.
• Incident Reporting: Processing and routing your field reports to the appropriate incident command station.
• Authentication: Verifying your identity via secure magic-link email (no passwords stored).
• Platform Security: Detecting and preventing unauthorized access.

We do not sell, rent, or share your personal data with third-party advertisers.

We apply strict security measures to protect your information:

• Encryption at Rest: Email addresses and phone numbers are encrypted before being stored in Firestore.
• Deterministic Email Hashing: Lookups use one-way hashed email values, not plaintext.
• Passwordless Auth: Admin access uses Firebase magic links — no passwords are stored.
• Role-Based Access Control: Admin, volunteer, and user roles strictly limit what data each person can access.
• Expiring Session Tokens: Security tokens used for login and field dispatch expire after use or a defined time period.

By providing your contact information, you consent to receive:

• Emergency alerts related to incidents in your registered areas
• Volunteer dispatch notifications and assignments
• Platform system emails (account verification, status updates)

You may update your contact preferences or request removal from the volunteer roster by contacting your regional admin. We do not send marketing or promotional emails.

• Volunteer records are retained for the duration of your active engagement with the platform.
• Field reports and incident data may be retained for post-incident analysis and emergency management records.
• Rejected volunteer applications may be retained for up to 12 months for audit purposes.
• You may request deletion of your personal data by contacting the platform administrator.

DisasterNet uses the following third-party services to operate:

• Google Firebase: Authentication, database (Firestore), and cloud functions. Subject to Firebase's Privacy Policy.
• Twilio / SMS Provider: For emergency SMS notifications when you opt in.
• Email Provider: For delivery of magic link authentication and alert emails.

These services process data only as necessary to deliver platform functionality.

You have the right to:

• Request a copy of the personal data we hold about you
• Request correction of inaccurate information
• Request deletion of your account and associated data
• Withdraw consent to receiving non-emergency communications

To exercise these rights, contact your regional DisasterNet administrator.