IgnisCompetence ("we", "us", or "our") is a training and competence management platform for fire and rescue services, operated by IgnisCompetence Ltd, an IgnisTech development. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our platform.

We act as a data processor on behalf of your organisation (the data controller) for data entered into the platform by your users. We act as a data controller for data we collect about how you use our services.

We collect the following categories of personal data:

We use personal data to:

• Provide, maintain, and improve the IgnisCompetence platform
• Authenticate users and manage account access
• Generate training reports, compliance dashboards, and AI-assisted insights
• Support internal quality assurance (IQA) and assessment management
• Respond to support requests and communications
• Comply with our legal and contractual obligations
• Detect and prevent fraud, abuse, or security incidents

The platform uses third-party AI services (including OpenAI) to generate training summaries, assessment write-ups, scenario content, quiz questions, and operational insights. Data submitted to AI features may be processed by these services in accordance with their privacy policies.

We do not use Customer Data to train third-party AI models. AI-generated outputs are provided as decision-support tools and should be reviewed by a competent person.

We process personal data under the following legal bases (UK GDPR / GDPR):

• Contract — processing necessary to deliver the platform services under our agreement with your organisation
• Legitimate interests — improving and securing the platform, fraud prevention, and analytics
• Legal obligation — where we are required to retain or disclose data by law
• Consent — where you have provided explicit consent for specific processing activities

We do not sell your personal data. We may share data with:

• Cloud infrastructure providers (e.g., Railway, Neon) — for hosting and database services
• AI service providers (e.g., OpenAI) — for AI-powered features, subject to their privacy policies
• File storage providers — for storing uploaded documents and evidence
• Law enforcement or regulators — where required by applicable law

All third-party processors are subject to appropriate data processing agreements and security controls.

We retain personal data for as long as your organisation's subscription is active, plus a 30-day period following termination during which data exports are available on request.

After the retention period, data is securely deleted. Aggregated and anonymised analytics data may be retained indefinitely as it cannot be used to identify individuals.

Certain data may be retained for longer periods where required by applicable law or regulatory obligation.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including:

• Encryption in transit (TLS) and at rest
• Role-based access controls and audit logging
• Digital sign-off with integrity hashing for sensitive records
• Regular security monitoring and vulnerability management

Some of our service providers may process data outside the UK or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms.

Depending on your location and applicable law, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data in certain circumstances
• Restriction — request that we restrict processing in certain circumstances
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent

To exercise your rights, contact your organisation's administrator or contact us at privacy@igniscompetence.com. We will respond within 30 days.

We use cookies and similar technologies to operate the platform. For details, see our Cookie Policy.

We may update this Privacy Policy from time to time. We will notify you of material changes via the platform or by email. The date at the top of this page indicates when it was last updated.

For privacy enquiries, contact us at privacy@igniscompetence.com.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.