CIR Privacy Policy

July 6, 2026

Effective Date: July 6, 2026

Last Updated: July 6, 2026

Controller / Responsible Entity: SIREN ANALYTICS SAL, a Lebanese joint stock company duly registered under number 1026485, having its elected domicile at Beirut Digital District, Building 1227, 9th Floor, Beirut, Lebanon. 

CIR ("CIR", "we", "our", or "us"), designed and developed by Siren Analytics, is a critical event management, command-and-control, and operational readiness platform for organizations. CIR helps organizations prepare for, activate, coordinate, monitor, communicate, and improve their response to day-to-day operational disruptions and critical incidents. Because CIR may be used in sensitive operational environments, including government, security, education, healthcare, finance, aviation, retail, and other sectors, we are committed to protecting the privacy, confidentiality, integrity, and security of personal data and operational data processed through the CIR website, platform, mobile application, web application, dashboards, administrative portals, integrations, and related services (collectively, the "Services"). This Privacy Policy explains how personal data may be collected, used, disclosed, retained, and protected in connection with CIR.

By accessing or using CIR, including through an account created or managed by your organization, you acknowledge that you have read and understood this Privacy Policy. CIR is primarily provided as an enterprise and organizational solution, and your use of the Services may also be governed by your organization’s internal policies, contractual arrangements with CIR, and applicable operational procedures.

  1. Scope

This Privacy Policy applies to the CIR website, platform, mobile application, web application, dashboards, administrative portals, operational tools, notifications, integrations, and any related services made available by or on behalf of CIR. CIR is not merely a general online subscription platform. It is an enterprise critical incident response and operational control solution designed to help organizations transform preparedness plans into live operational control before, during, and after an incident. CIR may support multi-scenario plan management, one-click activation, live task deployment, communications, defined zones and operational positions, assigned personnel and assets, map-based planning, custom forms, documentation, resource management, personnel tracking, situational awareness, performance benchmarking, after-action review, and continuous improvement.

This Privacy Policy has been established in accordance with internationally recognized data protection principles. Our data processing practices are guided by the General Data Protection Regulation (GDPR) (EU 2016/679), and other applicable data protection and privacy laws in the jurisdictions where our Services are used.

Where CIR is deployed by or for an organization, that organization may act as the data controller for personal data and operational content entered, uploaded, configured, or generated through its CIR environment, while CIR may act as a processor, service provider, or independent controller depending on the specific processing activity and applicable agreement. This Privacy Policy should therefore be read together with any agreement, order form, data processing agreement, internal policy, incident response procedure, employee notice, or user notice issued by the relevant organization.

This Privacy Policy does not apply to third-party websites, applications, systems, devices, cameras, drones, sensors, communication tools, mapping services, weather services, risk intelligence feeds, identity providers, or other integrations that may be accessed through or connected to CIR, unless expressly stated. Such third parties may have their own privacy policies, contractual terms, security measures, and data practices.

  1. Personal Data Definition

Personal data refers to any information related to an identified or identifiable natural person. This includes direct identifiers, such as a name, email address or contact details, indirect identifiers, such as IP addresses, device data, or browsing activity and any other information that could reasonably be linked, directly or indirectly, to an individual.

Personal Data Provided by Customers:

We may collect personal data that you, your organization, or authorized users provide when CIR is deployed, configured, administered, or used. This may include name, work email address, phone number, job title, organization, department, assigned role, operational function, access level, login credentials, account settings, device or application identifiers, support requests, training participation, feedback, and communication preferences. Depending on the organization’s configuration and use case, CIR may also process operational and incident-related information such as emergency contacts, team memberships, shifts, availability, assigned personnel, incident plans, scenarios, standard operating procedures, response playbooks, zones, rooms, floor plans, maps, tasks, checklists, forms, reports, assets, resources, communications, alerts, notifications, acknowledgements, replies, escalation records, attachments, incident timelines, action logs, and after-action review information. Such information may relate to employees, contractors, responders, administrators, visitors, students, patients, customers, travelers, or other individuals only to the extent entered or enabled by the organization using CIR.

We apply technical and organizational safeguards to protect the confidentiality, integrity, and availability of personal data and operational data processed through CIR. We do not sell or rent personal data. Any access to personal data is limited to authorized persons who need such access for operational, administrative, security, support, or legal purposes.

Where enabled by your organization, CIR may process location-based, map-based, personnel-tracking, asset-tracking, camera, drone, sensor, communication, weather, risk intelligence, identity management, directory, or other integration data. This may include approximate or precise location data, geofencing information, affected zones, check-ins, distress signals, task status, delivery and response confirmations, and information needed to identify who or what may be affected by a critical event. CIR processes this information only as required to provide the Services, support operational control, enable timely alerts and coordination, protect people and assets, maintain audit trails, secure the platform, and assist with post-incident review and improvement.

Special Categories and Sensitive Operational Information.

CIR is not designed for the routine collection of sensitive personal data unless this is necessary for the organization’s operational, safety, emergency, healthcare, public authority, or legal use case. References to students, patients, visitors, travelers, or other individuals are intended to cover organization-controlled deployments where the customer organization determines the relevant categories of data subjects and is responsible for ensuring that any processing is lawful, necessary, proportionate, and subject to appropriate safeguards. CIR does not intentionally collect information relating to minors as a standalone service feature; where an organization uses CIR in a context involving minors, the organization is responsible for confirming the applicable minimum age, providing required notices or consents, restricting access, applying appropriate safeguarding measures, and ensuring compliance with applicable child-protection and data protection laws. If sensitive personal data is entered into CIR, including health information, disability-related information, safety status, distress information, security-related information, biometric identifiers, or information relating to minors, the organization using CIR is responsible for ensuring that such processing is lawful, necessary, proportionate, and subject to appropriate safeguards.

  1. Automatically Collected Data

When you access or use the CIR website, platform, or application, we may automatically collect technical and usage-related information, including IP address, browser type, device identifier, operating system, application version, log-in and log-out times, session information, usage patterns, feature interactions, error logs, performance data, security logs, and details of your interactions with the Services. We use this information to operate the Services, authenticate users, maintain platform availability, improve functionality and usability, troubleshoot issues, monitor security, detect misuse, generate aggregated analytics, support customer service, and ensure that CIR remains reliable during operational and critical incident contexts. We may also use cookies and similar technologies on the CIR website and web application to support essential functionality, security, preferences, and analytics.

  1. Data Retention

We retain personal data and operational data only for as long as necessary for the purposes for which it was collected, including to provide CIR, support organizational deployments, maintain operational records, comply with legal or contractual obligations, preserve security logs, resolve disputes, and meet legitimate business needs. Retention periods may vary depending on the type of data, the configuration selected by the organization, applicable legal requirements, and the organization’s own retention instructions. Where appropriate, data may be deleted, returned, aggregated, anonymized, or securely archived after the relevant retention period ends. Anonymized data may be retained for analytics, service improvement, benchmarking, resilience, and planning purposes.

  1. Personal Data Disclosure

We may share personal data with the following recipients, only where necessary and subject to appropriate safeguards:

  1. Authorized CIR personnel, employees, consultants, and contractors who require access to provide, support, secure, maintain, or improve the Services.

  2. Your organization and authorized users, including administrators, incident managers, responders, operational teams, security personnel, or other designated users, where disclosure is necessary for account administration, incident planning, alerts, tasking, communications, reporting, audit trails, or operational response.

  3. Third-party service providers that support hosting, cloud infrastructure, cybersecurity, identity and access management, communications, push notifications, SMS, email, voice calls, analytics, payment processing, customer support, mapping, maintenance, and other technical or business functions. These providers may access personal data only as necessary to perform their services and are required to apply confidentiality and data protection safeguards.

  4. Integration partners and connected systems, where your organization enables integrations with cameras, drones, sensors, access-control systems, directories, identity providers, communication tools, mapping tools, weather services, risk intelligence tools, business continuity tools, or other systems connected to CIR. CIR does not use such integrations to create or process biometric identifiers for identification or facial-recognition purposes unless this is expressly enabled and controlled by the customer organization under a valid legal basis, documented safeguards, access restrictions, and applicable notices or consents.

  5. Emergency, safety, legal, regulatory, or governmental authorities where disclosure is required by law, court order, regulatory request, emergency protocol, public safety requirement, or where necessary to protect life, safety, security, rights, property, or lawful interests.

  6. Affiliates and related entities under common ownership or control, where necessary for the operation, support, governance, or administration of CIR and subject to appropriate safeguards.

When we transfer your personal data to third-party recipients, we will take all necessary measures to ensure that your personal data is adequately protected. We will only transfer your personal data to third-party recipients who provide sufficient guarantees to implement appropriate technical and organizational measures to protect your personal data and are using your personal data in accordance with this Privacy Policy.

  1. Sub-processors

Where CIR engages third-party service providers that process personal data on behalf of CIR, such providers act as sub-processors and are subject to contractual confidentiality, security, and data protection obligations. CIR will maintain an up-to-date list of material sub-processors and will make that list available to customer organizations upon request, or through another maintained channel if adopted by CIR. Where required by the applicable agreement or data processing addendum, CIR will provide prior notice of material changes to its sub-processors and allow the customer organization to exercise any applicable objection rights.

  1. Use of Personal Data

We may use personal data for the following purposes:

  1. Provide, operate, maintain, secure, and improve the CIR website, platform, mobile application, web application, dashboards, administrative portals, and related services.

  2. Configure and administer organizations, sites, facilities, rooms, zones, users, teams, roles, permissions, access rights, workflows, scenarios, plans, forms, and operational resources.

  3. Enable critical event management and operational readiness functions, including planning, scenario management, plan activation, incident command, task deployment, alerts, notifications, communications, escalation, situational awareness, resource management, workforce scheduling, personnel tracking, asset tracking, mapping, geofencing, documentation, reporting, benchmarking, and after-action review.

  4. Identify affected users, locations, assets, or operational positions during a critical event, send targeted communications, request acknowledgements or replies, monitor task completion, and support coordinated response.

  5. Support organizational users, administrators, responders, and authorized personnel through onboarding, training, technical support, troubleshooting, maintenance, service communications, and operational assistance.

  6. Improve platform performance, resilience, reliability, analytics, usability, benchmarking, reporting, and future planning features, including through aggregated or anonymized data where appropriate.

  7. Protect the security, integrity, continuity, and lawful use of CIR, including preventing unauthorized access, misuse, cyber threats, fraud, abuse, and other harmful activity.

  8. Comply with legal, regulatory, contractual, audit, reporting, governance, public safety, employment, emergency management, and recordkeeping obligations.

  9. Manage commercial records, invoices, subscriptions, licenses, service orders, customer relationships, and related business administration where applicable.

  10. Enforce agreements, resolve disputes, protect rights, and safeguard users, organizations, personnel, assets, facilities, operations, and the Services.

We will not use personal data for purposes that are incompatible with the purposes described in this Privacy Policy. We do not use personal data to make decisions that produce legal or similarly significant effects based solely on automated processing, unless this is permitted by applicable law and, where required, the relevant data subject has been informed and provided with the required rights or consent.

  1. Data Subjects’ Rights

Data subjects have the following rights with regard to their personal data:

  1. Right to Access: Data subjects can request information on what personal data is being processed about them and obtain a copy of this data.

  2. Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller if they wish.

  3. Right to Rectification: Data subjects can request the correction or completion of any inaccurate or incomplete personal data.

  4. Right to Erasure: Data subjects may request the deletion of their personal data in certain circumstances, such as when the data is no longer needed for its original purpose or if they withdraw consent for processing.

  5. Right to Restrict Processing: Data subjects can request the restriction of their personal data processing under specific conditions, such as when the accuracy of the data is disputed or when they object to the processing.

  6. Right to object: Data subjects have the right to object to the processing of their personal data in certain circumstances, such as when the data is processed for direct marketing purposes or when the data is processed based on the legitimate interests of the controller.

  7. Right to lodge a complaint with a supervisory authority: Data subjects have the right to lodge a complaint with a competent data protection supervisory authority if they believe that the processing of their personal data infringes applicable data protection law.

To exercise any of these rights, please contact us at info@cir.live or use any dedicated privacy contact channel made available by CIR or by your organization. We will respond to rights requests within one month of receipt, unless a shorter or longer period applies under applicable law; where a request is complex or multiple requests are submitted, this period may be extended as permitted by law. Where CIR acts as a processor, we may refer or assist the relevant customer organization so that it can respond as controller.

  1. International Data Transfers

The personal data we collect may be transferred to and stored in countries outside of your jurisdiction, where we and our third-party service providers operate. When transferring personal data internationally, we take necessary measures to ensure its protection. These measures comply with the GDPR and any other applicable data protection regulations and may include encryption, data minimization, access controls, contractual protection, adequacy decisions where available, and the European Commission’s Standard Contractual Clauses (SCCs), together with any supplementary measures required by applicable law.

In jurisdictions with specific data transfer restrictions, we take additional steps as required by local laws. These may include storing data locally, obtaining explicit consent, or securing approvals from competent authorities.

By using CIR, you acknowledge that personal data and operational data may be transferred and processed in accordance with this Privacy Policy, the applicable agreement with your organization, and applicable data protection laws.

  1. Data Breach Notification

We are committed to safeguarding personal data and operational data processed through CIR. In the event of a personal data breach affecting CIR, we will take appropriate steps to contain, investigate, assess, and mitigate the incident. Where required by applicable law or contract, we will notify the relevant organization, affected data subjects, and/or competent authorities without undue delay and, where the GDPR applies and notification to a supervisory authority is required, where feasible not later than 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. We will provide information about the nature of the breach, the data affected, likely consequences, and measures taken or proposed to address the breach. Where CIR acts as a processor, breach notification will generally be made to the relevant customer organization without undue delay in accordance with the applicable data processing agreement.

  1. Cookies and Tracking

We may use cookies and similar technologies on the CIR website and web application to support essential functionality, authentication, session security, language or preference settings, analytics, performance monitoring, and service improvement. Cookie categories may include: essential cookies required for secure access and operation of the Services; preference cookies used to remember language or interface settings; and analytics or performance cookies used to understand usage and improve reliability. Where the CIR website is public-facing, users should be provided with appropriate information and, where required by law, a mechanism to manage or withdraw consent for non-essential cookies. Where access is limited to a logged-in enterprise application, cookie use may be limited to functionality, authentication, security, preferences, and service operation. The final cookie categories and consent mechanism should be confirmed by the team responsible for the CIR website and application configuration.

  1. Data Security

We implement technical and organizational measures designed to protect personal data and operational data processed through CIR. These measures may include encryption in transit and at rest, access controls, authentication, role-based permissions, logging, monitoring, secure hosting environments, vulnerability management, backup and recovery measures, incident response procedures, and confidentiality obligations for personnel and service providers. Because CIR may be used in sensitive operational and critical incident contexts, authorized users should ensure that access credentials are kept secure and that information entered into the Services is limited to what is necessary for the relevant operational purpose.

User and Organization Responsibilities.

Because CIR supports operational control and critical incident response, organizations and authorized users are responsible for configuring the Services appropriately, assigning access rights carefully, keeping user credentials secure, limiting the personal data entered into CIR to what is necessary, verifying operational information before use, and ensuring that their use of CIR complies with applicable laws, internal policies, emergency procedures, and notices provided to personnel or other affected individuals.

  1. Consent

Where processing is based on consent, we will request consent in a clear and transparent manner. However, because CIR is primarily used in an organizational and operational context, many processing activities may be based on contractual necessity, legitimate interests, legal obligations, vital interests, public interest, or the instructions of the organization deploying CIR, as applicable under relevant data protection laws.

  1. Revisions

We may modify and revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify you of such changes by posting them on our application, on our website, or by sending you an email or other notification prior to the change becoming effective.

  1. Professional Use Disclaimer

CIR is intended to support organizations in planning, coordinating, monitoring, communicating, and managing operational activities and critical incident response. CIR provides tools for command and control, tasking, communications, mapping, documentation, reporting, situational awareness, resource management, and continuous improvement. CIR does not replace professional judgment, emergency protocols, legal obligations, internal procedures, or instructions issued by competent authorities. Users and organizations remain responsible for verifying the accuracy, completeness, suitability, and operational appropriateness of any plan, alert, task, report, integration, map, data layer, recommendation, or output used through CIR.

  1. Responsible for Processing

This Privacy Policy applies to data processing carried out by or on behalf of SIREN ANALYTICS SAL, a Lebanese joint stock company duly registered under number 1026485, having its elected domicile at Beirut Digital District, Building 1227, 9th Floor, Beirut, Lebanon, in connection with CIR, designed and developed by Siren Analytics. Where CIR is provided to an organization, the relevant organization may also be responsible for certain processing activities carried out through its account, configuration, users, and operational content.

  1. Contact Us

If you have any questions about this Privacy Policy or the processing of personal data in connection with CIR, please contact us at info@cir.live.

Ready to take command?

See CIR tailored to your workflows

Request a Demo

Sign up to receive the latest
resilience management news from CIR

CIR is designed and developed by Siren Analytics.

© 2026 Siren Analytics. All Rights Reserved.

Request a Demo