Privacy Policy

0. Our Roles

FSEN plays two different roles depending on the data:

• Service provider / processor for content the Customer (account holder) routes through the Service. This includes the bodies of SMS/voice communications, photos, addresses, worker rosters, schedule data, and other operational content. We process this data on the Customer's behalf and per the Customer's configuration. The Customer is the controller / business of that data.
• Independent controller / business for our own account, billing, security, and website-analytics data. This includes the Customer's billing contact, Stripe customer ID, login records, audit logs, error reports, and traffic to www.fsen.tech.

Where these roles overlap (e.g., a deletion request from a worker who was added by a Customer), we coordinate with the Customer to honor the request through the right channel.

1. Information We Collect

We may collect the following categories of information:

• Name, phone number, email address, and organization information
• SMS/MMS messages, photos, and attachments sent through the Service
• Job site addresses, access details, and other operational information you choose to send
• Worker browser geolocation (latitude / longitude / accuracy) captured ONCE when a dispatched worker opens the ETA share link sent after accepting an incident and taps "Send ETA." No background tracking. The single reading is used to compute a drive-time estimate for the calling customer and is discarded when the incident is marked complete.
• Device type, carrier, IP address, and message delivery metadata
• Billing contact information, invoice data, and transaction history (full payment credentials are never stored by us)
• Web portal usage data, session cookies, and analytics (if applicable)

Our service operates through a third-party SMS platform provider (Telnyx). This provider automatically processes phone number metadata, carrier information, message routing, and delivery status in accordance with their own privacy policies.

2. How We Use Information

We use information to:

• Route inbound calls and SMS to the recipients you have configured
• Send notifications, status updates, reminders, and service alerts via SMS and voice
• Verify authorized users and prevent fraud or unauthorized access
• Create audit trails, compliance reports, and SLA documentation
• Provide customer support and troubleshooting
• Improve service performance and develop new features in aggregated, de-identified form
• Comply with legal and regulatory requirements

2.1 What we never do with your data

We do not use Customer incident content, worker geolocation readings, SMS or voice message bodies, photos, attachments, or caller intake forms for: advertising, data brokerage, sale to third parties, cross-context behavioral profiling, or training general-purpose AI / machine-learning models on other customers' behalf. We do not send unsolicited marketing SMS.

Aggregate, de-identified usage data (e.g., "X% of incidents resolve within Y minutes across all customers") may be used to improve the Service or share in publicly-available reports. De-identification follows industry standards: removal of direct identifiers, generalization, and aggregation so individual customers, callers, or workers cannot reasonably be re-identified.

3. SMS Consent and Communications

By providing your phone number and using FSEN, you consent to receive SMS and voice communications related to the notifications the Service is configured to send, service operations, and active account activity.

• Message frequency varies based on your configuration and inbound activity
• Message and data rates may apply
• Reply STOP to opt out of optional messages at any time
• Reply HELP for assistance or contact support@fsen.tech

Opting out of SMS will prevent the Service from delivering notifications to you and may make the Service unusable. You cannot opt out of essential service communications (security alerts, billing notices, terms updates) while you maintain an active account.

4. How We Share Information

We may share information with:

• Other participants in a notification conversation you initiate or are added to
• The account holder you are associated with (message records, activity history, and usage data for their account)
• SMS, voice, and cloud infrastructure providers required to operate the Service
• Payment processors for billing transactions
• Legal authorities when required by law, court order, or to protect safety

All participants in a group conversation can see messages, attachments, and participant information shared in that conversation. This sharing is fundamental to the Service.

We do not sell or share personal data for advertising or third-party marketing purposes.

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity with prior notice.

5. Data Retention

We retain information as long as needed to provide the Service, comply with legal obligations, and resolve disputes:

• Worker geolocation readings: deleted when the incident is marked complete (typically minutes to hours after the worker arrives on site).
• Incident records and timelines: retained up to 7 years unless a longer period is required for legal, insurance, dispute, or customer-contract reasons. After the retention period, records are anonymized: caller name, phone, address, and photos are removed; timeline structure is kept for aggregate analytics.
• Financial / billing records: 7 years per US tax regulations.
• Active accounts: duration of active use.
• Inactive accounts: 24 months without activity, then deletion or anonymization after a 90-day grace period.
• Technical logs: 30 days for verbose application logs; up to 13 months for aggregated access metrics.

Information may be retained longer when required for ongoing legal proceedings, regulatory holds, or active disputes.

6. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect your information against unauthorized access, alteration, disclosure, or destruction. Specific safeguards evolve as the threat landscape and our infrastructure change; current examples include encrypted transport for data in motion, encrypted storage for sensitive data at rest, role-scoped access for our own personnel, Row-Level Security for tenant data isolation on our database, and audit logging for administrative actions.

No system is unbreachable, and we do not warrant that the Service will be secure against every possible attack. We do commit to investigating reasonable reports of security issues promptly and to notifying affected customers and regulators within timeframes required by applicable law if a confirmed breach affects their data.

SMS limitation. Standard SMS is not end-to-end encrypted. This is an inherent limitation of mobile carrier networks, not specific to FSEN. Messages pass through cellular carrier infrastructure and may be accessible to carriers and other intermediaries.

Report suspected security issues to support@fsen.tech.

7. Your Rights

Depending on your location, you may have the right to:

• Access, correct, or request deletion of your personal information
• Obtain your data in a portable format (JSON/CSV)
• Opt out of optional communications
• Limit the use of sensitive personal information

Deletion requests are subject to legal retention requirements (e.g., 7-year event record retention). Historical event records generally cannot be edited as they serve as legal documentation.

To exercise your rights, contact contactus@fsen.tech with your name, registered phone number, and a description of your request. We will acknowledge requests within 10 business days and respond within 45 days.

8. U.S. State Privacy Rights

Residents of U.S. states that have enacted consumer privacy laws have rights that may include: the right to know what personal information we collect, the right to access and port that information, the right to correct inaccurate information, the right to delete it (subject to legal retention obligations), the right to limit the use of sensitive personal information, and the right to opt out of targeted advertising, sale, sharing, or significant profiling. If we deny a request, applicable laws may give you the right to appeal.

States with such laws in force or scheduled to take effect include California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Delaware (DPDPA), Nebraska (NDPA), New Hampshire (NHPA), New Jersey (NJDPA), Tennessee (TIPA), Minnesota (MCDPA), Maryland (MODPA), Indiana (ICDPA), Kentucky (KCDPA), and Rhode Island (RIDPPA). Applicability depends on the thresholds defined in each statute.

Sensitive data (including precise geolocation):

When FSEN captures a worker's browser geolocation reading (Section 1 above), several state laws treat that as sensitive personal information. We collect it only with consent, use it only to compute a one-time ETA estimate, do not retain it past the close of the incident, and do not sell or share it.

We do not sell or share personal information for cross-context behavioral advertising. To exercise any state privacy right (or to appeal a denial), contact contactus@fsen.tech. We will acknowledge requests within 10 business days and respond within the period required by the applicable state law (typically 45 days, extendable).

9. Children's Privacy

Our service is designed for commercial and professional use by adults. We do not knowingly collect information from anyone under 18. If we learn we have collected information from a minor, we will delete it promptly. Contact contactus@fsen.tech if you believe we have collected information from a minor.

10. Not a 911 Service

FSEN is not a 911 service, dispatcher, monitoring service, or telecommunications carrier. The Service is a notification platform only. For life-threatening emergencies, always call 911.

11. International Data Transfers

FSEN is based in the United States. If you access our service from outside the U.S., your information will be transferred to and processed in the United States. For users in the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses and other approved transfer mechanisms under GDPR.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email, SMS, or website notice at least 30 days before taking effect. The current version is always available at this page.

13. Contact

Based in Boston, Massachusetts