← Back to Login

Privacy Policy

Effective date: [EFFECTIVE_DATE]  ·  Last updated: [LAST_UPDATED]

1. Who We Are

Rangemaster Pro ("we," "us," or "our") is a software-as-a-service platform for law enforcement agencies, military branches, and authorized firearms training organizations. Our registered address is [COMPANY_ADDRESS]. If you have any questions about this policy, contact us at [CONTACT_EMAIL].

2. Scope

This policy applies to all data processed through the Rangemaster Pro web application (therangemasterpro.com) on behalf of subscribing agencies ("Agencies"). It does not apply to third-party services linked from our platform. Agencies are the data controllers for their personnel records; we act as a data processor on their behalf.

3. Data We Collect

We collect and process the following categories of data on behalf of Agencies:

  • Personnel records — officer names, badge/personnel IDs, ranks, assignments, email addresses, and employment status.
  • Training records — qualification scores, range day attendance, course completions, certification dates, and instructor notes.
  • Firearm records — assigned weapons (serial numbers, make, model, caliber), qualification status per firearm, and maintenance/armorer logs.
  • Incident and performance data — range incidents, performance trends, and compliance flags required by your department or licensing body (e.g., TCOLE).
  • Account credentials — usernames and bcrypt-hashed passwords for system users. Plaintext passwords are never stored.
  • Audit logs — login events, failed attempts, and data-change actions (who changed what and when) for security and compliance purposes.
  • Technical data — IP addresses, browser user-agent strings, and session metadata collected to secure the platform and investigate incidents.

4. How We Use Your Data

  • Delivering and operating the Rangemaster Pro platform as contracted.
  • Enforcing authentication, role-based access, and MFA requirements.
  • Generating qualification certificates, compliance reports, and PDF exports.
  • Sending transactional emails (account setup, password reset, test emails) via Resend. We do not send marketing emails without your consent.
  • Detecting and preventing unauthorized access, fraud, and abuse.
  • Scanning uploaded PDF receipts with an AI model (Anthropic Claude) to extract purchase information for inventory records. Uploaded files are processed in real time and not stored by Anthropic.
  • Improving platform reliability and diagnosing technical issues.

5. Data Sharing

We do not sell, rent, or share your Agency's data with third parties for marketing purposes. We engage the following sub-processors to deliver the service:

  • Supabase (AWS us-east-2) — PostgreSQL database hosting. Data is encrypted at rest and in transit.
  • Vercel — Application hosting and serverless compute.
  • Resend — Transactional email delivery.
  • Anthropic — AI processing of PDF receipts (no training on your data; zero data retention policy applies).
  • Vercel Analytics / Speed Insights — Aggregated, anonymized performance and usage metrics.

We may disclose data if required by law, court order, or to protect the safety of persons. We will notify your Agency where legally permitted to do so.

6. Security

We implement industry-standard safeguards including: TLS/HTTPS in transit; AES-256 encryption at rest (Supabase); bcrypt-hashed passwords with minimum complexity requirements; multi-factor authentication (TOTP) for privileged roles; IP-based rate limiting and account lockout; HTTP security headers (HSTS, CSP with nonces, X-Frame-Options); idle session timeout; and comprehensive audit logging. No security measure is 100% effective — please report suspected vulnerabilities to [CONTACT_EMAIL].

7. Data Retention

Data is retained for the duration of your Agency's subscription and for [RETENTION_PERIOD] thereafter, unless a longer retention period is required by law. Upon written request, we will provide a full data export before deletion. Audit logs are retained for a minimum of [AUDIT_LOG_RETENTION] for compliance purposes.

8. Your Rights

Individual officers' rights (access, correction, deletion) are administered by their Agency administrator. Agencies may contact us to:

  • Request a copy of all data held for your Agency.
  • Correct inaccurate information.
  • Request deletion of your Agency's data (subject to legal retention obligations).
  • Restrict processing in specific circumstances.

9. CJIS and Law Enforcement Compliance

Agencies using Rangemaster Pro for data subject to the FBI Criminal Justice Information Services (CJIS) Security Policy are responsible for ensuring their use of the platform complies with applicable CJIS requirements. We implement the technical controls described in Section 6 to support CJIS-compliant deployments. We do not store, process, or transmit CJI (Criminal Justice Information) and are not a CJIS-covered entity.

10. Changes to This Policy

We may update this policy as our practices evolve or legal requirements change. Material changes will be communicated via in-app notice or email at least 30 days before taking effect. Continued use of the platform after the effective date constitutes acceptance.

11. Contact

Questions about this policy or your data? Contact us at [CONTACT_EMAIL] or at [COMPANY_ADDRESS].