Privacy Policy
What this covers
This policy explains how Somerset Pulaski County Rescue Squad collects, uses, retains, and protects information about members, applicants, donors, and people we interact with through search-and-rescue and community-service operations.
Information we collect
- Member records: name, contact info (phone, email, address), emergency contact, medical/allergy notes relevant to operations, training records, certifications, attendance, photos, and similar membership-administration data.
- Applicant records: background-check status and supporting documents (handled per Kentucky and federal law).
- SAR incident records: subject information collected during a search (with the subject's family or law-enforcement permission), team activity, GPS positions of searchers while on a search, photos of clues, and similar operational records.
- Account & technical data: login logs, push-notification device tokens, IP addresses on form submissions, browser user-agent.
- Donations & finance: donor name and amount as required by Kentucky non-profit regulations.
SMS messaging
How we use SMS, opt-in/opt-out, frequency, and STOP/HELP keywords are described in detail in our SMS & Messaging Policy. We do not sell or share phone numbers with third parties for marketing.
How we use information
- To staff and run search-and-rescue, training, and community-service operations.
- To track training and certifications required by Kentucky Emergency Management and our credentialing bodies.
- To send operational messages (SMS, email, push) to members who have consented.
- To prepare incident-action plans, after-action reviews, and audit records.
- To comply with legal obligations (e.g. mutual-aid reporting, FOIA-equivalent requests when applicable).
Who we share with
- Government partners during a SAR operation: Pulaski County Sheriff's Office, Kentucky State Police, Kentucky Emergency Management, AFRCC, NCMEC, and adjacent agencies under mutual-aid agreements — only data relevant to the operation.
- Service providers: messaging vendors (e.g. Twilio), email/push providers (Microsoft Graph, Firebase Cloud Messaging), hosting and tunneling (Cloudflare), and similar infrastructure used to operate this site. They are bound by their own privacy policies and data-processing agreements.
- Legal requirements: we may disclose information when required by court order, lawful subpoena, or to protect the safety of a person.
We do not sell personal information.
Retention
We retain member records for the life of the membership and for the period required by Kentucky non-profit and credentialing regulations after departure. Operational records (incident logs, attendance, certifications) are retained for the life of the squad as part of the historical record. SMS consent records are retained at least three years after revocation.
Security
We use HTTPS for all web traffic, hash passwords with bcrypt, scope access by role (member, officer, admin), audit logins, and limit physical access to the systems hosting this data. No system is perfectly secure; if we discover a material compromise of personal information, we will notify affected members.
Your choices
- You can request a copy of your member record by contacting an officer.
- You can correct your contact info via your Profile page when logged in, or by asking an officer.
- You can opt out of SMS at any time per the SMS Policy.
- If you depart the squad, your record is retained per the Retention section above; ask an officer if you want sensitive items (medical notes, photos) removed.
Changes
Material changes will be communicated to active members via the channels in this policy. The effective date at the top reflects the most recent revision.
Contact
Questions about privacy or how we handle information:
- Email: [email protected]
- Mail: Somerset Pulaski County Rescue Squad, 50 Kennedy Way, Somerset, KY 42503
- Web: https://somersetpulaskirescue.com