This Privacy Policy describes how BirdenMedia LLC, operator of CommandVault (the "Service"), collects, uses, and discloses information from customers (law-enforcement agencies) and the individual users those customers authorize to access the Service.
1. Information we collect
1.1 Account data
When an agency signs up, we collect the agency name, billing address, contact name/email, and a payment method (if applicable). For each individual user, we store the name, email, badge number, rank, unit, phone number (optional), and password hash.
1.2 Operational data
The Service is designed to store asset-management and accountability records, including: serial numbers, asset photos, assignment history, vehicle mileage and service records, fuel-receipt images, inspection checklists, and audit logs.
1.3 Technical data
We log IP addresses, user-agent strings, session timestamps, and error reports for security and debugging purposes.
2. What we do NOT collect
CommandVault is intentionally scoped to asset and fleet accountability. We do not collect, process, or store criminal justice information (CJI), case files, suspect data, NCIC/NLETS queries, prosecutorial evidence, or personally identifying information of private citizens.
3. How we use information
- To provide, maintain, and improve the Service;
- To authenticate users and enforce role-based access control;
- To generate operational reports the agency requests (e.g. assignment-history PDFs);
- To communicate with billing and support contacts;
- To detect abuse and enforce our Acceptable Use Policy.
4. Sharing & sub-processors
We share data only with a minimal set of sub-processors necessary to run the Service (cloud hosting, transactional email, optional payment processor). A current list is available on request at privacy@commandvault.app. We do not sell customer data.
5. Data residency & security
Customer data is stored in US-based data centers. At rest, data is encrypted with AES-256. In transit, TLS 1.2+ is enforced. Access to production systems is limited to authorized personnel and logged.
6. Retention & deletion
Operational records are retained for the duration of your subscription and the periods specified in the agency's data-retention policy (see Settings → Retention). Upon termination, customer data is deleted within 30 days unless a longer period is required by law.
7. Your rights
Depending on jurisdiction you may have rights to access, correct, port, or delete your personal information. Submit requests to privacy@commandvault.app. We will respond within 30 days.
8. Children
The Service is not directed to anyone under 16. We do not knowingly collect personal information from children.
9. Changes
We will post updates to this policy on this page and, for material changes, notify the billing contact of each agency at least 30 days in advance.
10. Contact
BirdenMedia LLC · Attn: CommandVault Privacy · privacy@commandvault.app