Privacy Policy
This Privacy Policy describes how SignOut LLC (“SignOut,” “we,” “us”) handles personal data in connection with the SavD emergency communications platform — including operator consoles, caller session links, and dashboards (the “Service”) — and this website.
SavD supplements your emergency call; it does not replace calling emergency services.
1. Our two roles
We handle personal data in two distinct capacities:
- Processor / service provider for our customers. When a response organization (a city, ambulance service, security company, campus, resort, or event operator — the “Customer”) uses SavD to communicate with a person seeking help (a “Caller”), the Customer decides why and how that data is used. We process it only on the Customer’s instructions under our agreement with them. Callers should direct privacy questions and rights requests about a session to the organization that assisted them; we will support our Customers in responding.
- Controller for this website and our business operations. For data we collect directly — demo requests, sales and support contacts, billing, and website operations — we decide the purposes and means, and this Policy applies directly.
2. Data we process on behalf of Customers (caller sessions)
During a caller session, the Service processes — with in-browser prompts and the Caller’s device-level permissions — data such as:
- Location data: GPS coordinates and accuracy readings shared from the Caller’s device for the duration of the session, used to help responders locate the Caller;
- Communications: two-way chat messages between the Caller and operators;
- Media: photos or other media the Caller chooses to capture or share from the scene;
- Session metadata: phone number the link was sent to, session timestamps, device/browser type, network identifiers (such as IP address), and operator actions recorded for auditing and evidence-integrity purposes.
This data can be sensitive — it may reveal a person’s location, health situation, or involvement in an incident. We process it solely to deliver the session to the responding organization, to secure and audit the Service, and as required by law. We do not sell it, use it for advertising, or use it to train marketing models.
Retention
Caller session data is retained according to the retention policy each Customer organization configures for its own data (for example, to satisfy its evidence, public-records, or regulatory obligations). When the configured period ends — or when a Customer’s agreement terminates and the export window closes — data is deleted from active systems on a scheduled basis, subject to legal holds applied at the Customer’s instruction and to limited backup cycles, after which backups are overwritten.
3. Data we collect as a controller
- Demo and contact requests: name, email, organization, and your message, plus the IP address of the request (used for abuse and rate-limit protection). We use this to respond to you and, with your permission, to keep you informed about SavD.
- Customer account data: names, work emails, roles, and authentication records for operator and administrator accounts; billing and contract information.
- Website data: standard server logs (IP address, user agent, pages requested) used for security and reliability. This marketing website sets no advertising or cross-site tracking cookies. If a CAPTCHA challenge (Cloudflare Turnstile) is enabled on our demo form, Cloudflare processes limited device and network data to distinguish humans from bots.
4. How we use and share data
We use personal data to provide and secure the Service, to communicate with you, to meet legal obligations, and to improve reliability. We share personal data only with:
- The responding organization: caller session data is delivered to the Customer whose operators run the session — that is the purpose of the Service;
- Subprocessors: vendors that host or carry the Service under contracts that bind them to protect the data. Our principal subprocessors are Amazon Web Services (cloud hosting, storage, email, and SMS text delivery via AWS End User Messaging) and Twilio (telephony and backup SMS delivery). A current subprocessor list is available to Customers on request;
- Legal and safety recipients: where required by law or legal process (with notice to the affected Customer unless prohibited), or where necessary to protect life or safety;
- Corporate transactions: a successor in a merger, acquisition, or sale of assets, subject to this Policy.
We do not sell personal data and we do not share it for cross-context behavioral advertising.
5. Mobile information and text messages
Mobile phone numbers and opt-in information collected to send SavD text messages (SMS) — across the caller, dispatch operator, responder, and administrator applications — are never shared with third parties or affiliates for marketing or promotional purposes. They are used only to deliver SavD messages and are disclosed to our messaging carriers solely to transmit those messages. Messaging is transactional and event-driven; recipients may reply STOP to opt out, or HELP for help, at any time. See the SMS Program Disclosure for how consent is collected, the sample messages, message frequency, and opt-out.
6. Security
We apply administrative, technical, and physical safeguards appropriate to the sensitivity of emergency communications, including encryption of data in transit and at rest, role-based access controls, per-organization data isolation, audit logging, and integrity controls on stored session evidence. No system is perfectly secure; we maintain incident response procedures and will notify affected Customers and regulators of breaches as required by law.
7. International transfers
The Service is hosted in the United States. Where we receive personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and UK equivalents) with our Customers and subprocessors.
8. Your rights — GDPR
Where the EU/UK General Data Protection Regulation applies, our legal bases are: contract performance (providing the Service and responding to your requests), legitimate interests (securing and improving the Service, preventing abuse), legal obligation, and — for caller sessions — the bases established by the responding organization, which may include vital interests or public task. You may have rights to access, rectify, erase, restrict, object to, or port your personal data, and to lodge a complaint with your supervisory authority. For caller session data, please contact the responding organization first; we will assist it in honoring your rights.
9. Your rights — California (CCPA/CPRA)
If you are a California resident, you have the right to know, access, correct, and delete personal information we hold about you as a business, the right to opt out of sale or sharing (we do neither), and the right not to be discriminated against for exercising your rights. We act as a “service provider” for caller session data processed for our Customers. To exercise rights, contact us as described below; we will verify your request and respond within the statutory period.
10. Children
Our website and Service accounts are intended for organizational users and are not directed to children. Caller sessions may, by their nature, involve minors seeking help; that data is processed on behalf of the responding organization solely for the response.
11. Changes to this Policy
We may update this Policy by posting a revised version with a new “Last updated” date. Material changes affecting Customer processing will be communicated to Customers in accordance with our agreements.
12. Contact
SignOut LLC — Privacy. Email: privacy@savd.io. Callers seeking information about a specific session should contact the organization that assisted them.