[Last Updated: June 19 2024]

This Privacy Policy (“Privacy Policy”) sets out how EPR Systems, Inc. (“EPR” or “we”) collects, uses, transfers, processes, and discloses Personal Data in accordance with applicable privacy laws. EPR provides advanced software solutions specifically designed for fire and emergency medical services (EMS) agencies, including designated devices, the “App,” and a web-based “Dashboard” (collectively referred to as the “Products”). Additionally, EPR operates a promotional website that allows prospective customers and other site visitors to receive information about company services, contact the Company, subscribe to its newsletter, and express interest in working opportunities within the Company (the “website”). For the purposes of this Privacy Policy, the Products and the website shall be collectively referred to as the “Services”.

This Privacy Policy explains what data we collect when using our Services, how such data may be used or shared with others, how we safeguard it, and how you may exercise your rights related to your Personal Data (as defined below), as required under applicable data protection laws. The Privacy Policy provides details regarding the processing of Personal Data in connection with:

  • Visitors: Individuals who visit or otherwise interact with the Website, including job applicants applying under our Career webpage.
  • Customers: Our customers (together with their employees and other personnel), who are typically fire and EMS agencies, purchase, register, and use the Dashboard and allow their end users (End Users, see below) to use the App for managing their services, for their benefit.
  • End Users: Customers’ end users, usually patients or citizens interacting with the EMS agencies. Such End Users’ data, to a very limited extent, is managed within the Services by the Customers (as elaborated below, we are not the legal owner of End Users’ data).

Visitors and Customers shall be further, separately and collectively, referred to herein as “you”.

Specifically, this Privacy Policy provides visitors who are residents of California, Virginia, Connecticut, Colorado, Utah, Texas, Oregon, Montana (effective of October 1, 2024), and effective of January 1, 2025 – Nebraska, New Hampshire, New Jersey, Delaware, and Iowa (“Covered States”) with the mandatory disclosures under their applicable state privacy laws (collectively referred to as “Data Protection Law(s)” where and to the extent applicable). The disclosure hereunder incorporates the specific disclosure required under the California Consumer Privacy Act (“CCPA”).

This Privacy Policy does not pertain to personal data relating to our employees, contractors and other staff or job applicants.

This Privacy Policy is an integral part of any other agreement between us and you (“Terms”). Any term not defined herein shall have the meaning ascribed to such term under the Terms or where applicable under the relevant Any capitalized terms not defined herein shall have the meaning ascribed to it under the Data Protection Laws or the Terms.



We reserve the right to change this Privacy Policy from time to time, at our sole discretion. The most recent version of the Privacy Policy will always be posted on the website and the update date will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any material amendments to the Privacy Policy will become effective within 30 days upon the display of the modified Privacy Policy.

We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.


Under Data Protection Laws, we are the Business or Data Controller of Visitors and Customers Personal Data.

In relation to the Personal Data of End Users, particularly concerning their interactions with fire and EMS services, we act as Processors or Service Providers on behalf of the Customers, who serve as “Businesses” or “Data Controllers”. Our processing as controllers is limited primarily to basic Account Data and Usage Data pertaining to the Customers. Therefore, any remainder of the End User data mentioned here is for informational purposes only. We process End User Personal Data strictly according to the instructions of the relevant Customer, who is entirely and solely responsible for the privacy practices concerning its End Users. Furthermore, each Customer is solely responsible for responding to any inquiries or requests from its End Users, including regarding their rights under applicable law. This Privacy Policy is limited to governing our data collection practices only.

As part of that, we neither collect nor process any “Sensitive Data” under applicable privacy laws, including medical-related data (“Sensitive Data” or “Health-Related Data“). Such data is collected, processed, and used within our Products by and on behalf of the Customers, who act as the Controllers and legal owners of such data. EPR does not act as the Controller for any such data and processes this data solely as a Processor following the Customer’s instructions.


You will find below information regarding the types of data we collect in our capacity as Business or Controller and the purposes for which we process your data. We collect two types of data, depending on your interaction with us:

Non-Personal Data”: This refers to aggregated, non-identifiable information that may be made available or gathered via your access to and interactions with the Services. We do not know the identity or other identifiers of the individual from whom the Non-Personal Data is collected. The Non-Personal Data being collected may include aggregated usage information, such as views of certain website pages and actions on the website, or statistical analysis regarding the use of the Products, as well as technical information transmitted by your device, such as the type of browser or device, type of operating system, device settings, and technical software data.

Personal Data” or “Personal Information”: This refers to individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual. For the avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed Personal Data as long as such connection or linkage exists. Depending on your jurisdiction, Data Protection Laws exclude certain types of data, including Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.

Within the last twelve (12) months, we may have collected the following categories of personal information from our website visitors:

Category under the CCPA


Whether Collected and Purpose of collection

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

Yes. As part of our communications with you as a visitor, e.g., through a “Contact Us” form on our website, we may collect – basic contact info including full name, email and in certain cases phone number. We use such data to address your inquiry and identify you in our systems, as well as for further record keeping as part of our business conduct.

Further, we may retain Customers’ identifiers for managing their user Account within the Products, granting them with access to the Products, etc.

Further, we may use your contact info, subject to applicable law, to send you promotional emails and marketing content via email or SMS. You may withdraw consent at any time through the “unsubscribe” link within any email sent to you or by contacting us directly.

B. Personal information categories listed in the California Customer Records statute.

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.


*** note that such End Users’ data may be processed in our Products by the Customers in their capacity of the legal owners of such data.

C. Protected classification characteristics.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).


*** note that such End Users’ data may be processed in our Products by the Customers in their capacity of the legal owners of such data.

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Yes. As part of our business conduct, we may retain certain commercial information of the Customers (though most of the time our Customers are corporations).

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.


F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Yes. As part of our Services’ security, automatic monitoring, analytics and online advertising activities on our promotional website, including through Cookies as further elaborated below, we may collect information on a consumer’s interaction with a website, application, or advertisement.

G. Geolocation data.

Physical location, approximate location derived from IP address or movements.

Yes. As part of our monitoring, analytics or online marketing activities (on our promotional website), we may collect your approximate location derived from your IP address.

*** Note that such End Users’ data may be processed in our Products by the Customers in their capacity of the legal owners of such data.

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.



*** Note that such End Users’ data may be processed in our Products by the Customers in their capacity of the legal owners of such data.


I. Professional or employment-related information.

Current or past job history or performance evaluations.


J. Non-public education information (per the Family Educational Rights and Privacy Act.

Education records, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.


K. Inferences drawn from other personal information.

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.


L. Sensitive personal information.

Government-issued identifying numbers, financial account details, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, mail, email, text messages, biometric data, health data, and sexual orientation or sex life.


*** Note that such End Users’ data, including health-related data, may be processed in our Products by the Customers in their capacity of the legal owners of such data.



We do not collect any “Sensitive” information or data from our website visitors as such term is defined under the Data Protection Laws (though such data may be processed within the {Products by the customers as explained above).

Except for the purpose and context provided in the table above, we may use, or disclose the Personal Information we collect for one or more of the following business purposes:

  • For the specific reason you provided Personal Information. For example, if you contact us with an inquiry and share your name and contact information, we will use that Personal Information to respond to your inquiry. Similarly, we maintain Customers’ login information, such as usernames and passwords, to provide them with access to our Products.
  • Security and fraud detection purposes, monitoring and to maintain the safety, security, and integrity of the Services.
  • Customer Support and Communication with you as a Visitor or Customer.
  • Improving our business operation, which includes but not limited to, analyzing which types of content should be provided as part of the website or its usage, adapting the Products to your preferences, etc.
  • Market, advertise, and promote our Services.
  • Complying with legal and regulatory obligations, and to establish, enforce, and otherwise exercise our rights and defend against claims.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice. Please note that if eventually you become a user of our services or an employee of the Company, other privacy disclosures and policies may apply to you.


When you browse our website, we collect the Personal Information as follows:

  • Provided by you voluntarily – we will collect information if and when you choose to provide us with the information, such as in order to contact us (e.g., Contact Us form on the website or registration to a Product).
  • Automatically – through our third-party website providers – for example, in order to collect visitors’ IP addresses. As part of that, we may use cookies and similar tracking technologies such as pixels or web-beacons when you access to, interact with, or use our website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, enable automatic activation of certain features (e.g., shopping cart), for statistical purposes, as well as for advertising purposes. You can find more information about cookies here: allaboutcookies.org. further related information may be found under section 6 below. You can always review the list of Cookies on our website and control your cookies preferences by the designated cookies tool available on our website.  
  • From publicly available sources – such as through social media platforms where you open an Account through such platforms, credit bureaus, all to the extent permitted under applicable law.


We may disclose your Personal Information to a contractor or service provider for our business purposes. When we do so, we enter a contract that describes the relevant purposes, and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. We further restrict the recipient from selling or sharing your Personal Information.

In the preceding twelve (12) months, the Company has disclosed the following categories of Personal Information for a business purpose:

Category of Recipient

Shared Information (in accordance with the table above)

Purpose of Sharing

General Service providers.

All types of Personal Information.

We employ other companies and individuals to perform functions on our behalf. Examples include: sending communications, analyzing data, providing marketing and sales assistance (including advertising and event management), cloud hosting and computing, identifying errors and crashes, conducting customer relationship, etc.

Security and Fraud Detection Providers.

Internet or other similar network activity.

Geolocation data.

We may disclose personal information to entities that detect, protect against, and respond to security incidents or other malicious, deceptive, illegal or fraudulent activity or actual or potential threats to the safety or well-being of any person.

Our Lawyers, Consultants and any other party related to Enforcement of our rights.

All types of Personal Information.

We may disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required.

Parties related to any Merger and Acquisition Activity.

All types of Personal Information.

We may disclose your personal information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment, or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and performing the proposed transaction.

Law Enforcement and Authorities.

Any type of Personal Information per such law enforcement authority request.

In certain cases, laws and regulations may require us to disclose personal information with these entities.

Our affiliated companies.

All types of Personal Information.

We may share Personal Information internally within our affiliates for the same purposes described in this Privacy Policy.



This section describes the categories of personal information we may disclose for “cross-context behavioral advertising” (“CCBA”) or “Targeted Advertising” as such terms are defined under the Data Protection Laws — i.e. delivering targeted advertising to consumers based on personal information we may obtain from their activity across businesses, distinctly-branded websites, applications, or services, other than those with which they intentionally interact. We do not “sell” information as most people would commonly understand that term, meaning we do not, and will not, disclose your Personal Information in direct exchange for money or some other form of payment.  We may “share” Personal Information for “interest-based advertising” or “cross-context behavioral advertising”. In other words, we may share your Personal Information with a third party to help serve personalized content or ads that may be more relevant to your interests, and to perform other advertising-related services such as enabling our partners to serve such personalized content. 

In the preceding twelve (12) months, we “sell” or “share” the following categories of Personal Information for a business purpose:

Category of Recipient

Shared Information

Purpose of Sharing

Marketing and Advertising Firms and Networks.

All types of Personal Information.

For the avoidance of doubt, we never share any sensitive information for such purposes.

We may disclose personal information to entities that perform marketing, advertising or market research on our behalf or help us determine the effectiveness of our marketing.


In general, we retain the Personal Information we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to optout, where applicable. Retention periods are determined according to the following criteria:

  • For as long as it remains necessary in order to achieve the purpose for which the Personal Information was initially processed. For example, if you contacted us, we would retain your contact information at least until we will address your inquiry.
  • To comply with our regulatory obligations. For example, transactional data will be usually retained for seven years as of termination of engagement (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes.
  • To resolve any dispute, we might have with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.

Except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice of our intention to do so.

Further, retention periods of End Users’ data are set by the Customers as the legal owners of such data, per their business needs, legal obligations and other consideration upon their sole discretion.



Securing your Personal Information is of high priority. We design our systems and Services with data security and privacy in mind. For that, we have implemented in the Services website physical, technical, and administrative security measures that comply with applicable laws and industry standards.

Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.


In general, we maintain Personal Information that we collect from you in secured cloud storage environments provisioned by third party cloud providers in the United States. Nevertheless, any such information will be maintained and processed by us and our authorized affiliates and service providers which are located in various locations around the world, including, without limitation, the United States and in our facilities in Israel. Any transfer of your personal information is always done only after ensuring that the importing country provides sufficient data protection measures, and subject to contractual terms ensuring the recipient commitment to such practices.


If you are a resident of a Covered State, and subject to certain limitations at law you may be able to exercise the following rights as a visitor of our website (Nevada specific rights are separately detailed below):

Privacy Right


Right to Know and be informed.

You may have right to know what Personal Information we have collected about you, including the categories of personal information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information we have collected about you. That right is being also provided to you through our Privacy Policy and that Privacy Policy.

Right to Access Personal Information.

You have the right to obtain access to the personal data we have collected about you and, where required by law, the right to obtain a copy of the personal data in a portable and.

The Right to Correct Personal Information.

You may have the right to request that we correct inaccurate personal information that we maintain about you.

Right to delete personal information.

You have the right to request the erasure of certain Personal Data if specific conditions are satisfied. This right is not absolute. We may reject your request under certain circumstances, including where we must retain the data in order to comply with legal obligations or defend against legal claims, other legitimate interests such as record keeping with regards to our engagements, completing transactions, providing a good or service that you requested, taking actions reasonably anticipated within the context of our ongoing business relationship with you, fulfilling the terms of a written warranty, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, or prosecuting those responsible for such activities; debugging products to identify and repair errors that impair existing intended functionality; exercising free speech, ensuring the right of another consumer to exercise their free speech rights, or exercising another right provided for by law; and engaging in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

You do not need to create an account with us to submit a deletion request.

Non-Discrimination Right.

You may have the right not to receive discriminatory treatment for the exercise of privacy rights, including (where relevant) an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information.

Data Portability Right

You may have the right, where feasible, to obtain a copy of the Personal Information you provided to us in a portable format.

Opt-Out of Sharing for Cross-Contextual Behavioral Advertising or from selling, where applicable.

You have the right to opt-out of the “sharing” of your personal information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising.”, you may opt out through the “do not sell or share my personal information” button available within the Websites’ footer. You may opt out through device settings (opt-out from tracking AAID, ADID, please see the following for information applicable to all devices: https://thenai.org/opt-out/mobile-opt-out/).

Further, you can opt-out from interest-based advertising, CCBA, by using Self-Regulatory Program for Online Behavioral Advertising such as:

Digital Advertising Alliance’s (“DAA”): https://www.aboutads.info/choices  and https://www.aboutads.info/appchoices, and the Network Advertising Initiative (“NAI”): https://www.networkadvertising.org/choices.

Last, you can join Global Privacy Control (“GCP”) for opting out generally through your browser: https://globalprivacycontrol.org/. Our Consent Management Platform (“CMP”) will know to read all of these signals and ensure compliance with your request.

In any event, please keep in mind:

–          Opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID. If you’re not signed-in to your customer account or don’t have a customer account, you will need to opt-out on each browser and device you use.

–          Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again.

–          If you opt-out, you will still see ads online, but these ads will not be based on your inferred interests.

–          Some automated means may still be used to collect information about your interactions with our online services for the other purposes such as to remember user preferences or enable specific functionality.

–          We use necessary cookies to make our properties work. Necessary cookies enable core functionality such as security, network management, and accessibility. You cannot disable those.

Right to opt out from Profiling and automated Decision Making

We do not profile you, thus we do not provide an opt-out mechanism in this regard.

If you want to exercise your rights, please fill in this DSR form to and sending it to us by mail: privacy@eprsys.com. Before processing your request, we will need to verify your identity and confirm you are a resident of a state that offers the requested right(s). In order to verify your identity, we may require you to provide additional personal information, including, but not limited to, your name, email address, mailing address, date of your last interaction with us, and the general nature of your interactions with us.  If we are able to verify your identity, we will respond to your request or provide an explanation as to why we are unable to comply with your request.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

A. Authorized Agents

In certain circumstances, and subject to applicable Data Protection Laws, you may permit an authorized agent to submit requests on your behalf. The authorized agent must provide a letter signed by you confirming the agent has permission to submit a request on your behalf or must provide sufficient evidence to show that the authorized agent has been lawfully vested with power of attorney. For security purposes, we may need to verify your identity and confirm directly with you that you have provided the authorized agent with permission to submit the request, and it may take additional time to fulfill agent-submitted requests. We may deny a request in the event we are not able to verify the authorized agent’s authority to act on your behalf. Please note that for privacy and security reasons, we will direct future communications to the individual on whose behalf the request was made.

B. Response Time and Format

We will respond to a verifiable request within the timeframes set by applicable Data Protection Laws (usually up to 45 days). We reserve the right to extend the response time by an additional period as permitted by Data Protection Laws. If we determine that the request warrants a fee, we will tell you why we made such a decision and provide you with a cost estimate before completing your request.

c. Appeal Rights

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request, by contacting us as instructed in our response. Please send your appeal request with a summary of the request and decision you want to appeal to privacy@eprsys.com.

Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions.

If you are not happy with our response, depending on your jurisdiction, you may have the right to lodge a complaint against us with the relevant State’s Attorney General:

  • Colorado Attorney General as follows: Colorado AG at https://coag.gov/file-complaint / .
  • Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or through phone (860) 808-5318.
  • Virginia residents, if the appeal is denied, you may submit a complaint to the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.
  • Utah Attorney General as follows: https://www.attorneygeneral.utah.gov/contact/complaint-form/.
  • Texas Attorney General as follows: https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint.
  • Oregon Attorney General as follows: https://www.doj.state.or.us/consumer-protection/contact-us/.

    11. Additional Information for California Residents

  1. Notice Of Financial Incentive

We do not offer financial incentives to consumers for providing Personal Information.

  1. Do Not Track Settings and Shine the Light Law for California Residents

Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.


Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and we will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to privacy@eprsys.com


The Services are not designated for children under the age of 18 and we do not knowingly collect information from children under the age of 18.


    • EPR Systems, Inc.
    • Email: privacy@eprsys.com
      • Post address: 1016 Lasalle Street, Jacksonville, FL 32207, US
      • Phone: (941) 328-3239.


We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the Website or App and the update date will be reflected in the “Last Updated” heading. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We will update this Privacy Policy at least every 12 months to the extent required by law.