Privacy Policy

Prepared Hero (“we,” “us,” or “our”) operates the AI Emergency Preparedness Plan service. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding that information. By using our service you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following categories of personal information when you use our questionnaire and checkout process:

Household Information

• Home address (street, city, state, ZIP code)
• Home type, number of floors, year built
• Utility information (heating, water source, generator, solar)
• Emergency concerns and preparedness budget

Family Member Information

• Names, dates of birth, gender, and relationship
• Phone numbers (for members age 16 and older)
• School name and phone (for members ages 5–18)

Sensitive Health Information

With your explicit consent, we collect the following health-related data to personalize your emergency plan:

• Blood type
• Medical conditions
• Medications and dosages
• Allergies
• Mobility limitations
• Doctor name and phone number

Other Information

• Emergency contact names, phone numbers, and relationships
• Pet details (name, type, breed, special needs, vet contact)
• Vehicle information (type, fuel type)
• Email address
• Payment information (processed securely by Stripe — we never store card numbers)

2. How We Use Your Information

We use your personal information solely for the following purposes:

• Plan generation: Your household, family, and health data is used to create your personalized emergency preparedness plan.
• Plan delivery: Your email address is used to deliver your plan and send order-related communications.
• Plan updates: If you subscribe to Prepared Plan+, your data is used to generate quarterly plan refreshes.
• Payment processing: Your email and payment details are used to process your purchase through Stripe.
• Customer support: Your information may be accessed by our support team to assist you with your order.
• Analytics: We collect anonymized page views, click events, scroll depth, and questionnaire progress to improve our service. This data is not linked to your identity.
• Supply tracking: If you use the interactive supply checklist, your checked/unchecked item state is stored per plan to persist your progress.
• Sharing: If you share your plan summary, we log the share channel (e.g., Facebook, SMS) to measure feature usage. The shared summary contains only your top threats and readiness score — never your full plan, address, or health data.
• Weather and emergency alerts: Your location (ZIP code) is used to check for active NOAA weather alerts relevant to your area.

We do not use your personal information for advertising, profiling, or any purpose unrelated to delivering your emergency preparedness plan.

3. AI-Powered Plan Generation

Your household data — including address, family member details, health information, and emergency concerns — is sent to Anthropic's Claude AI service to generate your personalized emergency plan. This means your data is processed by Anthropic's servers.

• Anthropic does not use data submitted via their API to train their AI models.
• Data sent to Anthropic is subject to Anthropic's Privacy Policy.
• We sanitize and validate your data before transmission to minimize exposure.

4. Third-Party Services

We share your information with the following third-party service providers, only as necessary to operate our service:

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

5. Data Retention

• Order and plan data is retained for as long as your account is active or as needed to provide you with your plan and any updates.
• Payment records are retained as required by tax and accounting regulations (typically 7 years).
• Session data (browser sessionStorage) is cleared automatically when you close your browser tab.
• You may request deletion of your data at any time (see “Your Rights” below).

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of all personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request that we delete your personal data. We will delete your account, orders, generated plans, and household data. Payment records required by law may be retained.
• Portability: Request your data in a machine-readable format.
• Withdraw consent: Where processing is based on consent (e.g., health data), you may withdraw consent at any time.
• Opt out of sale: We do not sell your personal information. If this changes, we will provide an opt-out mechanism.

To exercise any of these rights, contact us at privacy@preparedhero.com. We will respond within 30 days.

7. Cookies & Local Storage

• We use sessionStorage (not cookies) to temporarily hold your questionnaire data while you complete the form. This data is automatically cleared when you close your browser tab.
• We use one httpOnly authentication cookie for administrator access only. This cookie is not set for regular users.
• We use Google Analytics 4 to collect anonymized usage data (page views, session duration, device type). This uses first-party cookies.
• We use the Meta Pixel for conversion tracking on checkout events. Meta receives hashed (SHA-256) email addresses for purchase events via server-side Conversions API — no raw PII is transmitted.

8. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS/SSL), encryption at rest for stored data, input validation and sanitization, rate limiting and abuse detection, and role-based access controls. While no method of electronic transmission or storage is 100% secure, we take reasonable steps to protect your data.

9. Children's Privacy

Our service is designed for use by adults (18+) to create emergency plans for their households, which may include children. We do not knowingly collect personal information directly from children under 13. Family member information for minors is provided by the adult account holder and is used solely for emergency plan generation.

10. For Users in the European Economic Area (GDPR)

If you are located in the EEA, the following applies:

• Lawful basis: We process your data based on your explicit consent (particularly for health data under Article 9) and contractual necessity (to deliver the plan you purchased).
• Data transfers: Your data is processed in the United States. We rely on standard contractual clauses and service provider agreements to protect cross-border transfers.
• Data Protection Officer: For GDPR-related inquiries, contact privacy@preparedhero.com.
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority.

11. For California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose.
• Request deletion of your personal information.
• Opt out of the sale or sharing of personal information (we do not sell your data).
• Not be discriminated against for exercising your privacy rights.

Categories of information collected in the preceding 12 months: identifiers (name, email), geolocation data (address), health information (medical conditions, medications), and commercial information (purchase history).

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes affecting how we use health data, we will notify you by email.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at: