Privacy Policy

1. Information We Collect

We collect information you provide directly, information generated through product use, and information received from integrations you authorize.

• Contact and account information: name, work email, company, organization, team, role, password credentials, invitation status, support messages, and waitlist requests.
• Workspace and customer content: investigations, prompts, agent plans, tool results, comments, runbooks, knowledge-base documents, uploaded files, incident notes, scheduled checks, approvals, and related metadata.
• Integration data: information from services you connect, such as GitHub, GitLab, Jira, Google Chat, Kubernetes, PostgreSQL, observability tools, MCP servers, and other customer-authorized systems. Depending on configuration, this may include repository metadata, pull requests, issues, alerts, logs, schemas, query results, messages, and infrastructure state.
• Infrastructure agent data: agent registration details, command status, discovery output, execution logs, health signals, and diagnostic metadata from customer-network agents you install.
• Usage and device data: IP address, browser, device, pages viewed, feature usage, timestamps, error logs, product analytics, cookies, and similar technologies.
• Billing and commercial data: plan selection, usage counts, invoices, payment status, and order details. Payment card data, if collected, is handled by payment processors rather than stored directly by us.

2. How We Use Information

We use information to:

• provide, operate, secure, and improve firstrespondr;
• authenticate users and manage organizations, teams, permissions, and invitations;
• run agent workflows, execute authorized tools, generate summaries, answer questions, and create recommendations;
• process waitlist requests, onboarding, support, billing, and product communications;
• monitor reliability, prevent abuse, debug errors, and maintain audit logs;
• measure usage, understand product adoption, and improve our website and application;
• comply with legal obligations and enforce our Terms.

3. AI Providers and Model Processing

firstrespondr uses AI providers and model infrastructure to deliver agent features. To perform a requested workflow, we may send prompts, connected-system context, tool outputs, investigation history, and other customer content to configured AI providers. We use commercially reasonable controls and provider settings, where available, to protect customer data and limit provider use. If you configure bring-your-own model keys or self-hosted model routing, your provider terms and settings may also apply.

4. How We Share Information

We do not sell personal information. We may share information with:

• Service providers and subprocessors that help us host, secure, analyze, support, and operate the service.
• AI and infrastructure providers needed to complete requested agent workflows.
• Third-party integrations you or your administrators connect or instruct us to use.
• Organization administrators who manage your workspace and can view team activity, settings, audit logs, and user access.
• Legal, safety, and compliance recipients when required by law, to protect rights and security, or to investigate abuse.
• Successor entities in connection with a merger, acquisition, financing, reorganization, or sale of assets.

5. Cookies and Analytics

We use cookies and similar technologies for site operation, security, analytics, and product improvement. Our marketing site and web app may use analytics tools such as PostHog to understand aggregate usage and improve the experience. You can control cookies through your browser settings. Where required, we will provide additional consent choices for non-essential cookies.

6. Retention

We keep information for as long as needed to provide the service, meet legal and security obligations, resolve disputes, enforce agreements, and maintain backups. Customer content retention may depend on your plan, workspace settings, and deletion requests. Some logs, backups, and audit records may remain for a limited period after deletion for security, compliance, or disaster recovery.

7. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, and disclosure. No system is completely secure, and you are responsible for protecting credentials, configuring integrations carefully, and limiting user access to appropriate team members.

8. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or export personal data. You may also opt out of marketing emails. Organization administrators may be responsible for responding to requests related to customer content controlled by their workspace.

To make a privacy request, email hello@firstrespondr.ai. We may need to verify your identity and account authority before acting on a request.

9. International Transfers

We may process and store information in countries other than where you live. When required, we use appropriate safeguards for cross-border transfers.

10. Children

firstrespondr is intended for business users and is not directed to children under 13. We do not knowingly collect personal information from children.

11. Changes

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users, such as updating the date above or providing in-product notice.

12. Contact

Questions about this Privacy Policy can be sent to hello@firstrespondr.ai.