Skip to content

Privacy Policy

Last Updated

March 28, 2026 (Updated: March 28, 2026)

Company Information

Ready to Serve Technologies LLC

A Texas Limited Liability Company

Website: readytoserve.io

Contact: support@readytoserve.io

1. Introduction and Scope

Ready to Serve Technologies LLC ("Company," "we," "us," or "our") operates readytoserve.io (the "Platform"), a two-sided SaaS marketplace connecting first responder and military candidates with recruiting agencies.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, use our mobile applications (including the RTS-OS mobile app), and interact with our services. It applies to all users, including candidates and recruiting agencies.

If you do not agree with this Privacy Policy, please do not use the Platform.

2. Definitions

  • "Candidate" means an individual user of the RTS-OS mobile app or Platform who is developing their qualifications for first responder or military positions.
  • "Agency" or "Recruiter" means an organization or individual using the Grow Your Force subscription product to search for and connect with candidates.
  • "Personal Information" means information that identifies, relates to, or could reasonably be linked with a particular individual or household.
  • "Sensitive Personal Information" means personal information that reveals race, color, religious creed, national origin, sex, sexual orientation, gender identity, genetic information, biometric information, health information, or criminal history.
  • "Baseball Card" means the candidate profile on the Platform, visible to agencies, that displays fitness scores, credential status, career milestones, and other public profile information.
  • "Service Providers" means third parties that process data on our behalf under contractual obligations, including Stripe (payment processing), Supabase (backend services), Vercel (hosting), and SendGrid (email).

3. Information We Collect

3.1 Candidate Information

When candidates register for RTS-OS or the Platform, we collect:

  • Identity Information: Full name, email address, phone number, date of birth, home address
  • Military Information: DD214 (Discharge Document), service branch, Military Occupational Specialty (MOS), discharge status, service dates
  • Employment History: Current and previous employers, job titles, employment dates, salary information (optional)
  • Education History: Schools attended, degrees earned, graduation dates
  • Fitness Data: Physical Fitness Test (PFT) scores, Candidate Physical Ability Test (CPAT) scores, workout logs, body measurements, weight tracking
  • Credential Information: Certifications (TCFP, EMT, Hazmat, CPR, etc.), training records, certification expiration dates, license numbers
  • Assessment Results: Civil service exam scores, interview feedback scores, polygraph results, background check results, personal history statements
  • Photos: Profile photo, credential photos, identification photos for verification purposes
  • Behavioral Data: Career pathway milestones reached, fitness goals, nutrition tracking, financial preparation progress, daily action planning entries
  • Account Settings: Password hash (not stored in plain text), two-factor authentication preferences, notification preferences
  • Biometric Data: Profile photos may be processed by face detection algorithms for display optimization and cropping. Fitness data may include biometric measurements such as heart rate, body composition metrics, and physical performance indicators. No biometric templates or facial recognition models are stored.

3.2 Agency/Recruiter Information

When agencies subscribe to Grow Your Force or register on the Platform, we collect:

  • Organization Information: Legal organization name, physical address, phone number, website
  • Contact Information: Recruiter names, email addresses, phone numbers, job titles
  • Billing Information: Billing address, subscription tier (Starter, Professional, or Enterprise), billing cycle, payment method (processed by Stripe, not stored by us)
  • Account Activity: Login history, candidate searches, saved candidate lists, outreach messages, connection requests
  • Usage Data: Features accessed, dashboard activity, analytics viewed

3.3 Usage Data and Cookies

We automatically collect information about your interaction with the Platform:

  • Device Information: Device type, operating system, browser type and version, IP address, device identifiers
  • Usage Analytics: Pages visited, features accessed, time spent on features, click patterns, search queries, filter selections
  • Cookies: Session identifiers, authentication tokens, user preferences, language settings, analytics tracking (Google Analytics)
  • Log Data: Access logs, error logs, API request data with timestamps and user identifiers

3.4 Information Provided by Third Parties

We may receive information about you from:

  • Background Check Providers: Background check results and status
  • Civil Service Testing Agencies: Exam scores and results
  • Credential Verification Services: Confirmation of certifications and licenses
  • Agencies: When an agency uploads candidate information, personal history statements, or assessment results
  • Service Integrations: Connected fitness trackers, financial services (Phase 2)

4. How We Use Your Information

4.1 Candidate Information Uses

We use candidate information to:

  • Operate and maintain the RTS-OS mobile app and Platform
  • Create and manage your Baseball Card profile visible to agencies
  • Calculate and display PFT/CPAT scores and fitness progression
  • Track credential status, expiration dates, and recertification reminders
  • Match you with recruiting agencies based on your qualifications, location, and career preferences
  • Facilitate communication between you and recruiting agencies
  • Provide candidate development content, career pathway guidance, and fitness programming
  • Process payment for premium features or career services
  • Send notifications, reminders, and communications related to your account
  • Monitor and enhance your experience with the Platform
  • Conduct data analytics and research to improve our services
  • Comply with legal obligations and respond to lawful requests
  • Prevent fraud and maintain security of the Platform
  • Marketing communications (with your consent)

4.2 Agency Information Uses

We use agency information to:

  • Provide access to the Grow Your Force recruiter dashboard
  • Process subscription payments and billing
  • Manage recruiter accounts and permissions
  • Enable candidate search, filtering, and connection features
  • Track recruiter outreach and hiring pipeline
  • Provide analytics and reporting on recruiter activity
  • Facilitate communication between recruiters and candidates
  • Monitor subscription usage and enforce service limits
  • Conduct data analytics to improve the Platform
  • Comply with legal obligations and respond to lawful requests
  • Prevent fraud and maintain security of the Platform

4.3 General Uses

For all users:

  • Improve and optimize the Platform, features, and user experience
  • Personalize content and recommendations
  • Conduct research, analytics, and measurement
  • Debug and troubleshoot technical issues
  • Monitor system performance and uptime
  • Enforce our Terms of Service and other agreements
  • Protect our rights, privacy, safety, or property
  • Respond to your requests and inquiries

5. Data Sharing and Disclosure

5.1 Candidate Information Shared with Agencies

Your Baseball Card and publicly visible profile information may be seen by agencies you match with or who search for candidates with your qualifications. This includes:

  • Public profile elements (name, photo, basic location)
  • PFT and CPAT scores
  • Credential status and expiration dates
  • Career milestones and training completion
  • Any information you elect to make visible on your profile

When an agency expresses interest in connecting with you, they may receive additional information you have shared, subject to your privacy settings.

5.2 Service Providers

We share information with service providers that process data on our behalf under data processing agreements:

  • Stripe: Payment processing (name, email, billing address, transaction history)
  • Supabase: Database and authentication services (all user data stored in encrypted form)
  • Vercel: Application hosting and CDN (application logs, analytics)
  • SendGrid: Email delivery (name, email address, email preferences)
  • Google Analytics: Website and app analytics (usage data, device information, anonymized identifiers)

All service providers are contractually obligated to use data only for providing the services requested and to maintain confidentiality and security of the information.

5.3 Legal Requirements and Lawful Process

We may disclose your information when required by law, legal process, or governmental request, such as:

  • Court orders, subpoenas, or warrants
  • Federal, state, or local law enforcement requests
  • Government agency investigations
  • Compliance with tax or regulatory obligations
  • Protection of law enforcement interests

We will attempt to provide notice before disclosing information unless prohibited by law.

5.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of Company assets, your information may be transferred as part of that transaction. You will be notified of any change in ownership or control of your information.

5.5 Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes.

5.6 With Your Consent

We will share your information with third parties when you provide explicit consent, such as authorizing a service integration, connecting your account to a financial service provider, or requesting a specific action.

6. Data Security

6.1 Security Measures

We implement administrative, technical, and physical security controls to protect your information:

  • Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using AES-256 encryption in our database
  • Authentication: Passwords are hashed using industry-standard algorithms; we support multi-factor authentication
  • Access Controls: Role-based access control (RBAC) limits data access to authorized employees and service providers based on job function
  • Vendor Standards: Service providers are certified SOC 2 Type II or equivalent, ensuring independently audited security controls

6.2 Limitations

While we implement security measures designed to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your password.

6.3 Data Breach Notification

If we discover a breach of security that compromises the confidentiality or integrity of your personal information, we will notify affected individuals in accordance with applicable state and federal laws:

  • Texas: We will notify affected individuals within 60 days of discovery of the breach, in accordance with Texas Business & Commerce Code § 521.053.
  • California: We will notify affected individuals in the most expedient time possible without unreasonable delay, in accordance with California Civil Code § 1798.82. If the breach affects more than 500 California residents, we will notify the California Attorney General.
  • Other States: We will comply with the notification requirements of all other applicable state laws.

For all breaches involving candidate data, we will notify affected first responder agencies as appropriate. Notifications will describe the nature of the breach, the types of information affected, the measures being taken to prevent future breaches, and steps you can take to protect yourself.

7. Data Retention

7.1 Candidate Data Retention After Account Deletion

When a candidate account is deleted, we follow this retention schedule:

  • Baseball Card Profile: Deleted or de-identified within 30 days of account deletion
  • Fitness and Health Data: Deleted or de-identified within 30 days of account deletion
  • Messages and Communications: Deleted within 30 days of account deletion
  • Account Logs and Access Records: Retained for 1 year for security, fraud prevention, and audit purposes
  • Legal and Tax Records: Retained for 7 years if the candidate had a paid subscription, in compliance with tax and employment law requirements
  • Backup Data: We maintain backups for 30 days after deletion for disaster recovery purposes only
  • Anonymized Analytics: Retained indefinitely (cannot be linked to individual)
  • Legal Holds: If litigation or government investigation is pending, we retain data as required by law

7.2 Active Candidate Account

While your candidate account is active, we retain full data necessary to provide Platform services.

7.3 Agency Data

  • Active Subscription: We retain recruiter data while the subscription is active
  • Cancelled Subscription: We retain data for 90 days after cancellation for billing, audit, and dispute resolution
  • Business Records: Recruiter activity logs and hiring records may be retained longer for compliance and analytics purposes

7.4 Fitness and Credential Data

Fitness scores, workout logs, and credential records are tied to your candidate account. When your account is deleted, this data is deleted or de-identified within 30 days according to the schedule above. If an agency has saved this information in their own systems, those records are governed by the agency's retention policies.

7.5 Cookies and Tracking

Session cookies are deleted when you log out. Persistent cookies are retained for up to one year unless you clear them sooner. You can manage cookie preferences in your browser settings.

8. User Rights and Choices

8.1 Access and Portability

You have the right to request access to the personal information we hold about you. You may request a copy of your data in a portable format (such as CSV or JSON) suitable for transfer to another service. Submit requests to support@readytoserve.io.

8.2 Correction and Updates

You may update, correct, or amend your information at any time by logging into your account and editing your profile. If you need assistance, contact support@readytoserve.io.

8.3 Deletion

You have the right to request deletion of your account and associated information. Upon request, we will delete your account and de-identify your personal information within 90 days, subject to legal retention obligations. Some information may be retained in aggregated or anonymized form.

To request account deletion, log into your account or contact support@readytoserve.io with your request.

8.4 Opt-Out of Marketing Communications

We will not send you marketing communications unless you opt in. If you receive marketing emails from us and wish to unsubscribe, click the unsubscribe link in the email or adjust your notification preferences in your account settings. You may also contact support@readytoserve.io to opt out.

8.5 Cookie Preferences

Most browsers allow you to control cookies through settings. You can:

  • Delete cookies stored on your device
  • Block cookies from specific websites
  • Block third-party cookies
  • Block all cookies (note: this may affect Platform functionality)

If you disable cookies, you may not be able to use all features of the Platform.

8.6 Do Not Track

Some browsers include a "Do Not Track" feature. Currently, the Platform does not respond to Do Not Track signals. We encourage you to review your browser and privacy settings to understand your options.

8.7 Responding to Requests

We will respond to verified requests for access, deletion, correction, or portability within the timeframe required by applicable law (typically 30-45 days). We may ask you to verify your identity before processing your request.

9. California Consumer Privacy Act (CCPA) Compliance

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

9.1 Right to Know

You have the right to request what personal information we have collected, the categories of sources, and our business purposes for collection. We will disclose:

  • All information we have collected about you in the past 12 months
  • The categories of information
  • The purposes for which we collected it
  • The categories of third parties with whom we share it

9.2 Right to Delete

You have the right to request that we delete personal information collected from you, except where exceptions apply (such as legal obligations, fraud prevention, or legitimate business interests).

9.3 Right to Opt-Out of Sale or Sharing

We do not sell your personal information. We do not share your information with third parties for cross-context behavioral advertising. If our practices change, we will provide notice and obtain consent where required.

9.4 Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

9.5 Right to Limit Use and Disclosure

You have the right to limit our use of your sensitive personal information to purposes necessary to perform services you request or as otherwise permitted by law.

CPRA Update: Under the California Privacy Rights Act (CPRA), you have the right to limit the use of your sensitive personal information, which includes:

  • Fitness data and health information
  • Biometric information (profile photos, biometric measurements)
  • Any other information that reveals health or medical conditions

You may submit a request to limit use of sensitive personal information by contacting support@readytoserve.io with "Limit Sensitive Data Use" in the subject line.

9.6 Right to Correct Inaccurate Information

Under the California Privacy Rights Act (CPRA), you have the right to request that we correct inaccurate personal information we maintain about you. You may submit a correction request by contacting support@readytoserve.io with "Correct Personal Information" in the subject line. We will verify your identity and respond within 45 days.

9.7 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny goods or services, charge different prices, or provide lower quality service based on your exercise of privacy rights.

9.8 How to Submit CCPA/CPRA Requests

To submit a California Consumer Privacy Act request, contact:

support@readytoserve.io

Include "CCPA Request" in the subject line and specify whether you are requesting to know, delete, opt-out, correct, or limit use. We will verify your identity and respond within 45 days.

You may also authorize an agent to submit requests on your behalf by providing valid power of attorney documentation.

10. Children's and Minors' Privacy

Ready to Serve Technologies recognizes that the Platform serves candidates of varying ages who are preparing for first responder and military careers. We distinguish between different age groups in our privacy practices:

10.1 Children Under 13 (COPPA Compliance)

The Platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. We do not knowingly market to, or collect information from, children under 13.

If you are a parent or guardian and believe we have collected information from a child under 13, please contact support@readytoserve.io immediately, and we will delete such information promptly.

We comply with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.

10.2 Minors Ages 13-17 (Parental Consent Required)

Ready to Serve Technologies recognizes that minors ages 13-17 may have legitimate interest in exploring first responder and military career pathways. We permit minors ages 13-17 to use the Platform, subject to the following requirements and protections:

Parental Consent: We require verifiable parental consent before collecting personal information from any user under 18. Parents or guardians must affirmatively consent to their child's use of the Platform and data collection. We use reasonable measures to verify parental consent, which may include:

  • Email confirmation from a verified parent/guardian email address
  • Parental acknowledgment of our Terms of Service and Privacy Policy
  • Phone or SMS verification

Data Minimization for Minors: For users under 18, we limit data collection to what is necessary to provide the Platform services:

  • We do not collect sensitive personal information (health data, biometric data, criminal history assessments) from minors without express parental consent
  • We do not use minor users' data for targeted behavioral advertising
  • We limit fitness and health data collection to basic progress tracking (with parental consent)

Parental Access and Control Rights: Parents or guardians of minor users (under 18) have the right to:

  • Request access to all information we have collected from their child
  • Request correction or deletion of their child's information
  • Revoke consent and require deletion of their child's account and data
  • Opt out of non-essential data uses and marketing communications on behalf of their child

To exercise these rights, parents/guardians should contact support@readytoserve.io with proof of parental relationship and identification.

Account Deletion: When a minor user's account is deleted at parental request, we will delete or de-identify the minor's personal information within 30 days, consistent with our general data retention practices, except where retention is required by law.

10.3 Users 18 and Older

Users 18 and older are subject to the standard terms of this Privacy Policy and consent to all data collection and use practices described herein.

10A. Biometric Information Notice

10A.1 Use of Biometric Data

Ready to Serve Technologies processes biometric information, including profile photographs, in limited and specific ways:

Profile Photo Processing: When you upload a profile photo, we may process it using face detection algorithms to:

  • Optimize photo display and cropping on your Baseball Card profile
  • Ensure photos meet quality standards for visibility and usability
  • Detect and flag images that do not contain a face (to help you provide a valid profile photo)

Fitness and Health Biometrics: Fitness data collected through the Platform may include biometric measurements such as:

  • Heart rate data and heart rate variability
  • Body composition metrics (body fat percentage, muscle mass estimates)
  • Physical fitness test scores and performance data
  • Sleep and recovery metrics (where integrated with fitness trackers)

10A.2 Data Security and Non-Storage of Biometric Templates

  • No Biometric Templates: We do not create, store, or maintain facial recognition templates, facial recognition models, or other biometric identifiers derived from your biometric information.
  • No Facial Identification: We do not use biometric data for facial identification, facial surveillance, or cross-platform biometric matching.
  • Temporary Processing: Biometric processing is performed temporarily during the upload and optimization process. Results are used only to optimize photo display.

10A.3 Right to Opt-Out of Biometric Processing

You may opt out of face detection processing of your profile photo by:

  • Contacting support@readytoserve.io with a request to disable biometric processing
  • Uploading a photo that has been pre-cropped or formatted according to our technical specifications

If you opt out of biometric processing, your profile photo will still be visible to agencies, but optimization features may be limited.

10A.4 Compliance Notice

This section is provided in compliance with:

  • Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq.
  • Texas Capture or Use of Biometric Identifier Act (CUBI), Texas Code § 502.009 et seq.
  • California Consumer Privacy Act (CCPA) sensitive personal information provisions, California Civil Code § 1798.100 et seq.

11. Third-Party Links and Services

The Platform may contain links to third-party websites, applications, and services that are not operated by Ready to Serve Technologies LLC. This Privacy Policy applies only to information we collect through the Platform. We are not responsible for the privacy practices of third-party services.

When you leave our Platform and access third-party services, the privacy policies and terms of service of those services apply. We encourage you to review the privacy policies of any third-party services before providing your information.

Examples of third-party services that may be integrated include:

  • Payment processors (Stripe)
  • Fitness tracking applications
  • Financial services (Phase 2)
  • Civil service testing agencies
  • Background check providers

12. Data Subject Rights (GDPR Equivalent)

Although the Platform is not subject to the EU General Data Protection Regulation (GDPR), we respect similar privacy principles for all users worldwide:

  • Right to Access: You may request access to your personal information
  • Right to Rectification: You may request correction of inaccurate information
  • Right to Erasure: You may request deletion of your information
  • Right to Restrict Processing: You may request that we limit how we use your information
  • Right to Data Portability: You may request your data in a portable format
  • Right to Object: You may object to processing for marketing or analytics purposes

To exercise these rights, contact support@readytoserve.io.

13. Policy Changes and Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on the Platform
  • Updating the "Last Updated" date at the top of this policy
  • Sending a notice to your email address if the changes materially affect your rights

Continued use of the Platform after changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:

Ready to Serve Technologies LLC

Email: support@readytoserve.io

Website: readytoserve.io

We will respond to your inquiry within 15 business days.

15A. AI and Automated Decision-Making

15A.1 Disclosure of AI-Powered Features

Ready to Serve Technologies uses artificial intelligence and automated decision-making in certain Platform features:

Candidate Matching: We use algorithmic matching to recommend candidates to agencies based on:

  • Qualifications, credentials, and fitness scores
  • Career preferences and location
  • Historical hiring patterns and agency needs

Face Detection Processing: As described in Section 10A, we use face detection algorithms to optimize profile photo display and cropping.

Readiness Scoring: We may calculate automated "readiness" scores based on factors such as:

  • Completion of career pathway milestones
  • Credential status and currency
  • Fitness test performance
  • Assessment and exam scores

15A.2 Right to Human Review

You have the right to request human review of any automated decision that significantly affects your access to Platform features or opportunities. This includes:

  • Candidate matching decisions
  • Readiness scores
  • Account suspension or removal due to automated systems

To request human review, contact support@readytoserve.io with "Request Human Review" in the subject line and describe the decision you are challenging.

15A.3 No Fully Automated Legal Decisions

We do not make fully automated decisions with legal or similarly significant effects on your rights or opportunities without human review and oversight. Any decision that could materially affect your ability to access Platform opportunities will include or be subject to human oversight.

15A.4 Transparency in Automated Processing

We are committed to transparency regarding our use of AI and automated decision-making:

  • We disclose when AI-powered features are used in matching, scoring, or decision-making
  • You may request explanation of how automated decisions were made
  • You may request correction of inaccurate data used in automated decisions

15. Jurisdiction and Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of law principles. By using the Platform, you consent to the jurisdiction of the Texas state courts for any disputes arising from this Privacy Policy or our privacy practices.

16. Entire Agreement

This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and Ready to Serve Technologies LLC regarding the protection of your information. If any provision of this Privacy Policy is found to be unenforceable, the remaining provisions will remain in effect.