Privacy Policy

BlastFront Technologies LLC ("we," "us," or "our") operates EventWise with a privacy-first architecture. This policy describes what information we collect, how we use it, and how we protect it.

Core principle: EventWise is designed to retain as little data as possible for as short a time as possible. We are not in the business of storing sensitive security information.

Information you provide: When you generate a report, you provide event details including event name, dates, venue address, GPS coordinates, attendance estimates, and threat vector selections. This data is used solely to generate your report.

Payment information: Payment is processed by Stripe. We do not receive, store, or have access to your payment card details. We receive only a payment confirmation token from Stripe.

Usage data: We may collect standard server logs including IP addresses and request timestamps for security and rate-limiting purposes. This data is not associated with report content.

• To generate your requested threat assessment report
• To process your payment via Stripe
• To deliver your report via a secure, time-limited download link
• To enforce rate limits and prevent service abuse

We do not use your data for advertising, profiling, or sale to third parties.

Event intake data (venue details, GPS coordinates, threat selections, VIP information) is permanently deleted from our systems within 24 hours of report delivery.

Report metadata (report ID, payment status, threat level classification) may be retained for up to 90 days for billing reconciliation purposes, after which it is also deleted.

No personally identifiable information about event attendees, VIP principals, or venue staff is ever stored on our systems.

EventWise uses the following third-party services:

• Stripe — payment processing. Subject to Stripe's Privacy Policy.
• Google Firebase / Firestore — temporary report metadata storage. Subject to Google's Privacy Policy.
• Mapbox — venue map generation. Venue coordinates are transmitted to Mapbox solely to generate map images. Subject to Mapbox's Privacy Policy.
• OpenStreetMap / Overpass API — emergency infrastructure queries. Venue coordinates are transmitted to query nearby facilities. Subject to OpenStreetMap's terms.
• Google Cloud Run — backend processing infrastructure.

All data is transmitted over encrypted HTTPS connections. PDFs are stored in encrypted Firebase Storage and are only accessible via time-limited signed URLs. Public access to storage is blocked at the infrastructure level.

Given our minimal data retention policy, most user data is automatically deleted before a request to delete it could be received. If you have questions about data associated with a specific report, contact us with your report ID.

We may update this Privacy Policy periodically. Continued use of the Service following any changes constitutes acceptance of the updated policy.