Security & Data Handling

Last updated: March 25, 2026

Fireline is built for fire departments, and we take the security of your operational data seriously. This page explains how we protect your data, where it lives, and how we approach compliance questions that fire department customers commonly ask.

1. Infrastructure and Data Residency

All Fireline infrastructure runs on Amazon Web Services (AWS) in standard US regions. Your data is stored in the United States and never leaves US borders. Traffic is routed through Cloudflare for TLS termination, DDoS protection, and performance.

2. Encryption

• In transit: All connections to Fireline are encrypted via TLS, enforced at the Cloudflare edge. Unencrypted HTTP requests are automatically redirected to HTTPS.
• At rest: All data stored in our database (Amazon Aurora) is encrypted using AES-256 via AWS Key Management Service (KMS). This is enabled by default and applies to the underlying storage, automated backups, and snapshots.

3. Backups and Availability

Database backups are handled automatically by Amazon Aurora with continuous, incremental backups. Point-in-time recovery is available within the backup retention window. The application tier is stateless — no sensitive data is stored outside the database.

4. Access Controls

Access to Fireline is managed through our identity provider (Zitadel) with support for:

• Role-based access control (admin, officer, firefighter)
• Multi-organization support with per-org permissions
• Time-based one-time password (TOTP) for two-factor authentication
• Session management with secure, scoped cookies

Access to production infrastructure is restricted to authorized personnel and requires authentication.

5. Why Not AWS GovCloud?

AWS GovCloud is designed for workloads that involve classified data, export-controlled information, or data subject to ITAR/EAR regulations. Fireline does not process any of these data types.

Fireline handles operational and administrative data for fire departments — apparatus inspections, incident reports, and certification records. This data does not require GovCloud-level isolation, and standard AWS US regions provide the encryption, access controls, and compliance certifications appropriate for our use case.

This is a deliberate, informed decision — not an oversight.

6. CJIS Compliance

The Criminal Justice Information Services (CJIS) Security Policy applies to systems that access, store, or transmit Criminal Justice Information (CJI) — data like criminal history records, fingerprints, and law enforcement case files.

Fireline does not handle CJI. Our platform manages operational data: apparatus inspection checklists, NFIRS-style incident reports, and personnel certification tracking. None of this data falls under CJIS jurisdiction, so CJIS compliance requirements do not apply to Fireline.

7. HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) applies to systems that handle Protected Health Information (PHI) — individually identifiable health records, treatment histories, and similar medical data.

Fireline does not store or process PHI. While incident reports may reference that medical aid was provided, they do not contain patient-identifiable health information. Fireline is not a medical records system, electronic health record (EHR), or patient care reporting (PCR) platform.

8. Incident Response

Fireline is a Colorado LLC and complies with Colorado’s data breach notification law (CRS 6-1-716). In the event of a security breach involving personal information, we will:

• Conduct a prompt, good-faith investigation to determine the scope and likelihood of misuse
• Take immediate steps to contain the breach and prevent further unauthorized access
• Notify affected Colorado residents within 30 days of determining that a breach occurred, as required by state law
• Notify the Colorado Attorney General if the breach affects 500 or more individuals
• Provide a clear description of what happened, what data was involved, and what steps we are taking to address it

9. Questions

If you have questions about our security practices or need additional detail for your department’s review process, contact us at hello@fireline.co.