SOPReady
Build my manual

Effective: April 12, 2026

Privacy Policy

This Privacy Policy describes how Gurfinkel Ventures LLC (“SOPReady,” “we,” “us”) collects, uses, and protects information when you use the SOPReady platform. By using the service, you consent to the practices described here.

1. Information we collect

Account information

Name, email address, rank, role, and the department you are associated with. For department administrators: department name, state, type, and billing information (processed by Stripe).

Department profile

Information entered during onboarding: apparatus inventory, staffing model, water supply, response district, specialties, and mutual aid agreements. This data is used to generate department-specific SOPs.

SOP content

Standard Operating Procedures generated through the platform, uploaded by your department, or manually created — including all versions, edits, and approval history.

Acknowledgment records

Timestamps, IP addresses, and version numbers for every member acknowledgment. These records are the compliance audit trail that departments rely on for insurance and legal purposes.

Uploaded files

Existing SOP documents (PDF, Word, text) uploaded for gap analysis, including extracted text content.

Usage data

Error logs, page views, and feature usage for the purpose of debugging and improving the service. We use Sentry for error tracking, which may receive error context including user identifiers.

Payment information

Processed entirely by Stripe. We store only the Stripe customer ID and subscription status — never credit card numbers, bank accounts, or other financial credentials.

2. How we use your information

  • To provide the service — generating SOPs, tracking acknowledgments, producing compliance reports, sending regulatory alerts.
  • To send transactional emails — member invitations, SOP distribution requests, review reminders, weekly compliance digests, password resets, and onboarding packet links.
  • To generate AI content — a subset of your department profile (name, state, type, apparatus, staffing, water supply) is sent to Anthropic (Claude) to generate department-specific SOPs. SOP content from other departments is never included in your prompts.
  • To maintain security— audit logging, rate limiting, and access control to protect your department’s data.
  • To improve the service — aggregated, anonymized usage patterns help us prioritize features. We never use individual department data for this purpose.

3. What we do NOT do

  • We do not sell, rent, or share your data with advertisers, data brokers, or marketing platforms. Ever.
  • We do notuse your department’s SOP content to train AI models or improve outputs for other departments. Your SOPs are yours.
  • We do not share your data with third parties except the subprocessors listed below, and only as necessary to provide the service.
  • We do not store credit card numbers or financial credentials.

4. AI data handling

SOPReady uses Anthropic’s Claude API under enterprise terms that prohibit Anthropic from using customer data for model training. When generating an SOP, we send your department profile context and the relevant SOP topic to the API. The AI response is stored in your department’s database. Anthropic does not retain your data after processing the request.

5. Subprocessors

ProviderPurposeData processed
SupabaseDatabase, authentication, file storageAll application data
VercelApplication hostingRequest/response data
AnthropicAI SOP generationDepartment profile context
StripeSubscription billingPayment and billing data
ResendTransactional emailRecipient email, email content
SentryError monitoringError context, user IDs

6. Data retention

  • Active subscription: All data retained for the duration of your subscription.
  • After cancellation: Data available for export for 30 days, then permanently deleted from active systems.
  • Backups: Purged within 90 days of deletion from active systems.
  • Audit logs: Retained for the duration of the subscription to support compliance and legal obligations.

7. Data security

We implement the following security measures to protect your data:

  • Row-level security— every database query is scoped to your department. Members of one department cannot access another department’s data.
  • Encryption — data is encrypted in transit (TLS) and at rest (AES-256 via Supabase).
  • Access controls — role-based permissions (admin, officer, member) restrict access to sensitive operations.
  • Audit trail — all compliance-significant actions are logged with actor, timestamp, and metadata.
  • Rate limiting — protects against abuse and unauthorized bulk access.

8. Your rights

  • Access: View your data at any time through the SOPReady dashboard, reports, and audit trail.
  • Export: Download all department data (SOPs, members, acknowledgments, audit trail) from Settings.
  • Correction: Update your profile information on the Profile page. Department admins can update department settings.
  • Deletion: Cancel your subscription and data will be deleted per the retention schedule above. For immediate deletion, email hello@sopready.com.

9. Children’s privacy

SOPReady is designed for fire department professionals. We do not knowingly collect information from children under 18.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect.

11. Contact

Privacy questions or data requests: hello@sopready.com

Gurfinkel Ventures LLC