Your medical information is among the most sensitive data there is. Here is how we protect it — and how we stay accountable.
Our security model is designed so that a first responder scanning your tag always sees the life-saving basics instantly — no account, no app, no password. Protection applies to everything beyond that emergency view. In any medical emergency, CALL 911 IMMEDIATELY.
Scanning a FirstAidTag does not expose your full medical record. Access is tiered:
Transparency is a security feature. When your tag is scanned or your emergency profile is viewed:
Note: No system is 100% secure. We take reasonable, industry-standard measures and improve them continuously.
Location features are consent-based and purpose-limited:
FirstAidTag is built for Canadian users first and operates in line with PIPEDA (Personal Information Protection and Electronic Documents Act):
Consent
We record when and how you consent to SMS messages, privacy terms, and data collection — and you can withdraw consent at any time.
Purpose limitation
Medical data is used to display emergency information and power the safety features you enable. Nothing else.
Access & correction
You can view and edit your complete profile at any time from your dashboard, and request a copy of your data.
Openness & accountability
Our Privacy Policy explains exactly what we collect. You can complain to the Privacy Commissioner of Canada if we fall short.
We do not sell personal information, share medical data for marketing, or use health information for advertising. For EU/UK users, we align with GDPR principles. See our Privacy Policy for full details.
Your data belongs to you. You can request account deletion at any time, and we will delete or anonymize your data within 30 days, except where the law requires us to keep records. Emergency-related records may be retained longer for legal compliance and safety documentation.
FirstAidTag runs on Amazon Web Services (AWS) cloud infrastructure with access restricted to authorized personnel on a need-to-know basis. Service providers we work with (such as our SMS gateway and email providers) are bound by confidentiality obligations and receive only the data needed to deliver their service.
Found a vulnerability, or have a question about how we handle your data? We want to hear from you.
FirstAidTag Security & Privacy Team
Security reports: security@firstaidtag.com
Privacy questions: privacy@firstaidtag.com
We ask that vulnerabilities be reported privately so we can fix them before details are shared publicly. We aim to respond within 7 business days.
This page summarizes our practices in plain language. The Privacy Policy and Terms of Service are the governing documents.