Privacy • UK GDPR / EU GDPR

Privacy & Cookies

How Fire Door App handles your data. This Privacy Notice explains how we ("Fire Door App", "us") process personal data — including workspace accounts, inspection data, Stripe billing, and support.

Separate customer workspaces UK/EU hosting Stripe billing Offline-friendly

Framework UK GDPR / EU GDPR · Hosting UK/EU regions · Payments Stripe (separate processor)

In most cases we provide the platform and act as a data processor for your workspace. Your organisation controls the data it enters into Fire Door App. This page is a high-level overview — not legal advice. Your own organisation remains responsible for its compliance obligations.

Section 1 of 3 Who this notice covers

1. Who this notice covers

Fire Door App is a multi-tenant platform used by fire door contractors, FM teams, and housing providers. Each workspace holds its own data. This notice covers everyone who interacts with the platform — workspace owners, team members, and end users.

Workspace owners

Usually the data controller for inspections, doors, and client records in their workspace

Platform provider

We act as processor for most in-app data; controller for our own account, billing, and service logs

End users

Team members using the app, portal users, and client contacts named on inspections, quotes, and invoices

Resident contacts

If you have questions about inspections at your building, contact the organisation that commissioned the work first

Workspace isolation

Separate tenants per customer

Isolated tenants per customer
Separate client data per workspace
Role-based user access
Audit and activity logs
Data not mixed between customers

Privacy overview

Three areas at a glance

Control: workspace-level control + tenant isolation
Records: inspections, doors, documents, portal activity
Billing: Stripe billing + audit/security logs

Section 2: Data we process Section 3: Cookies & storage

Section 2 of 3 Data we process and why

2. Data we process and why we use it

The platform stores different kinds of personal data depending on how your organisation uses it. We use that data for a small number of clear purposes, each with a defined legal basis.

Accounts & workspace

Team and tenant details

When you register or invite users into a workspace we process:

Name and email address of workspace owner and invited users
Organisation/company name and workspace configuration settings
Account credentials (passwords are hashed — we don't store them in plain text)
Invite tokens and account verification codes (time-limited)
Role assignments determining what each user can access within the workspace

Inspections, doors, clients & properties

Operational inspection data

Fire Door App is built to hold inspection-related records, including:

Door records with stable IDs, locations, and inspection history
Inspection findings, fail reasons, photos, and notes attached to door records
Remedial tasks with before/after evidence and sign-off records
Quotes, RAMS, and builder configurations linked to inspection outcomes
Client company names, site addresses, and named contact details on records
Portal user details for invited client contacts (name, email, access role)
Floorplan images and property-level location data where uploaded

Your organisation is the controller for this data. We process it on your instructions as a data processor. Do not upload special category data (e.g. health information) unless you have a clear lawful basis and appropriate controls in place.

Billing & Stripe

Subscription and invoice data

When a workspace owner chooses a paid plan or sends invoices we process:

Plan selection, subscription status, and billing period details
Invoice records including amounts, VAT status, and payment outcomes
Stripe customer and subscription identifiers (not full card numbers)
Payment method type (e.g. card brand, last four digits) from Stripe
Workspace owner name and email for billing correspondence
Client invoice contact details where workspace owners send invoices to clients

Card details are handled by Stripe. Fire Door App does not store full card numbers or security codes. Stripe acts as a separate data processor subject to its own privacy policy.

Logs & support

Security, audit and support data

To protect the service and help teams resolve issues we keep:

Login events and authentication logs (user ID, timestamp, device/browser info)
Door tag scan logs where QR/NFC tags are used
Error reports and performance logs (typically anonymised or pseudonymised)
Support request content and correspondence where you contact us
Admin-level service health data used to monitor cross-tenant platform reliability

Why we use this data — legal bases

We rely on a small number of straightforward legal bases under UK GDPR / EU GDPR.

Contract

Providing the Fire Door App service

Creating and administering workspaces, user accounts, and subscriptions
Storing and presenting inspections, doors, remedials, RAMs, quotes, and invoices
Sending essential service emails: invites, password resets, and important notices

Legitimate interests

Security, reliability, and improvement

Maintaining security: logging login events, door tag scans, and error reports
Generating anonymised analytics to understand feature usage and improve workflows
Responding to support requests and operating admin health dashboards

Legal obligations

Billing, tax, and compliance

Maintaining billing and invoice records for tax and accounting purposes
Recording plan choices, Stripe subscription status, and payment outcomes

Consent

Optional updates and marketing

Optional product updates sent only with appropriate consent or soft opt-in
You can opt out at any time
Workspace owners remain responsible for their own use of exported contact details

Section 3: Cookies & storage Back to section 1

Section 3 of 3 Cookies, storage, and data location

3. Cookies, storage, and data location

Fire Door App uses a small number of technical cookies and storage mechanisms to keep you signed in, remember your workspace, and support offline-friendly workflows on site.

Technical cookies — strictly necessary

Always active · no consent required

Cookie / key	Purpose
`FIRE_DOOR_SUITE` PHP session cookie	Keeps you signed in across requests for your current session. Required for the service to function.
`firedoor_tenant`	Remembers which workspace you are currently working in so the correct data is loaded on each request.
`firedoor_tenant_scope`	Stores the scope of your current workspace session to apply correct role-based access controls.
`firedoor_tenant_sig`	A signed token that protects tenant selection and prevents cross-tenant access. Required for security.
`firedoor_cache_version`	Versions your device's offline caches for the current workspace login. Used when you choose "Clear offline cache" in Settings to invalidate stale cached data on your device.

These cookies are used only to provide the service. They are not used for third-party advertising or cross-site tracking.

Analytics — optional

Requires your consent · can be changed any time

If you opt in, we use Google Analytics 4 to understand site usage — for example, which pages are visited and how long people spend on the marketing site. This helps us improve the site and onboarding experience.

Analytics cookies are optional and are not loaded until you choose "Accept analytics".
You can change your preference at any time via Cookie settings in the footer.
We do not use analytics for third-party advertising or cross-site tracking.

Anonymous page statistics — no cookies

Does not require consent

We also keep anonymous page statistics for the marketing site and public demo — which pages are visited, approximate time on page, scroll depth and aggregate funnel drop-off. This runs server-side and does not set any cookies or store anything on your device.

No IP address, browser fingerprint, or persistent identifier is stored.
No personal data is collected — visits cannot be tied back to an individual.
Retained for 90 days, then deleted.

Local storage & offline queues

Browser-side · workspace scoped

Where enabled, Fire Door App can queue inspection data offline on your device so it can be synced when connectivity returns.

Offline queues are stored in browser storage (such as IndexedDB or localStorage) and are tied to your device and browser profile.
Offline queues and cached pages are scoped to your workspace and user account within this browser profile.
Queued data is submitted back to the workspace as part of your normal use of the app, or can be removed using "Clear offline cache" in Settings — this clears cached pages and any offline drafts for your current workspace login on this device.

Even with scoping, anyone with access to your device and browser profile may be able to view cached copies. Protect devices accordingly — OS login protection and disk encryption where appropriate.

Hosting & data location

Fire Door App is designed for UK/EU teams and typically stores data in UK/EU regions.

Core application and database hosting is provided by reputable infrastructure providers in UK or EU regions.
File storage (photos and floorplans) may use cloud object storage in a UK or EU region.
Stripe acts as a separate processor for payments and subscription billing.
Where we rely on service providers outside the UK or EU, we use appropriate safeguards such as standard contractual clauses or equivalent measures.

Subprocessors

Key service providers we rely on to operate Fire Door App. This list is intentionally high-level — procurement can request the current named subprocessor list and locations via the Contact page.

Category	What they do	Region
Hosting	Infrastructure providers that host the core application and tenant-isolated databases.	UK/EU
File storage	Object storage for uploads such as inspection photos and floorplans.	UK/EU
Email delivery	Transactional email services for signup verification, invites, and workspace notifications.	Varies
Payments	Stripe for subscription billing and payment processing. Stripe is a separate data processor subject to its own privacy policy. Card details are handled entirely by Stripe — Fire Door App does not store full card numbers or CVV codes.	Stripe (own DPA)

Need the named subprocessor list for procurement? Request it via the Contact page. We provide current names and locations on request.

Your rights and how to contact us

If you are in the UK or EU, you generally have the following rights over personal data. Contact your workspace owner or admin in the first instance for data held in a workspace.

Access & correction

Ask to see and update personal data held about you. Usually by contacting your workspace owner or admin for data inside the app.

Deletion & retention

Ask for deletion where we no longer need data. Note: some records must be retained for legal, tax, or audit reasons.

Objection & restriction

Object to certain uses of your data (for example direct marketing) or ask us to limit processing in specific situations.

Portability

Receive a copy of your personal data in a portable format where processing is based on consent or contract and is carried out automatically.

Complaints

Raise concerns with your local data protection authority if you believe your rights have been infringed. In the UK: the Information Commissioner's Office (ICO).

For questions about how the platform itself handles data: via the in-app Support area, or at privacy@firedoorapp.co.uk.

Need to discuss data handling in more detail? We can walk through where data lives in Fire Door App, how Stripe is used for billing, and how to export records for your own retention policies. Best next step: run a test building through your trial and review the resulting records with your compliance lead.