UnifiedEM — Privacy Policy

Effective Date: May 14, 2026 Last Updated: May 14, 2026

Plain-Language Summary

UnifiedEM is operated by Momentum CE LLC ("Momentum CE," "we," "us") on behalf of a tribal or local emergency management department (the "Jurisdiction"). We designed UnifiedEM to collect as little information about you as possible.

Here's what that means in practice:

The Public Dashboard does not run analytics. No Google Analytics, no Plausible, no tracking pixels of our own.
We do not keep persistent server logs of who visits the Public Dashboard. Short-term operational logs exist only as long as needed to keep the service running.
The Public Dashboard may ask for your location so the map can center on where you are. You can say no, and the dashboard will still work.
The Public Dashboard embeds third-party services (Facebook page embeds, Google Maps, NWS/NOAA/FEMA/AirNow data, and similar). Those third parties have their own privacy practices we do not control.
For Authorized Publishers, we keep enough information to operate accounts and to know who published what — that's it.

The full policy below explains each of these in more detail. If anything below conflicts with this summary, the formal terms control.

1. Scope of This Policy

This Privacy Policy describes how Momentum CE LLC collects, uses, and discloses information in connection with UnifiedEM, including:

The Public Dashboard — the public-facing branded web page that displays federal feeds, state feeds, and locally-published notices; and
The Publishing Tool — the authenticated internal application used by Authorized Publishers to publish notices to the Public Dashboard.

This policy applies to information collected by Momentum CE. It does not apply to:

Information collected by the Jurisdiction through its own separate systems;
Information collected by third-party services embedded in or linked from UnifiedEM (those services are governed by their own privacy policies); or
Information you provide directly to the Jurisdiction outside of UnifiedEM (for example, by calling 911 or contacting the Jurisdiction by phone or email).

Capitalized terms used but not defined in this policy have the meanings given in the UnifiedEM Terms of Use.

2. Information Collected — Public Dashboard

The Public Dashboard is designed to be usable without an account and without identifying you.

2.1 What We Do Not Collect

On the Public Dashboard, Momentum CE does not:

Run analytics services (such as Google Analytics, Plausible, Fathom, or similar);
Maintain persistent server logs that record who visited, from what IP address, or what they viewed;
Set first-party tracking cookies for advertising, profiling, or cross-site tracking;
Sell, rent, or share visitor information with data brokers;
Build profiles of Public Users.

2.2 What We Do Collect

Short-term operational logs. Our hosting infrastructure may temporarily process request data (such as IP addresses, request paths, and timestamps) for the limited purpose of keeping the service running — for example, to detect and respond to abuse, denial-of-service attacks, or technical failures. These records are not retained as persistent analytics or visitor logs.

Geolocation, only if you allow it. The Public Dashboard may ask your browser for your approximate location so the map can center on where you are during an event. This request is made through your browser's standard geolocation prompt. If you decline, the dashboard continues to work — the map will simply center on a default location. When you do grant permission, your location is used in your browser to position the map; Momentum CE does not retain your location on our servers.

No account information. Public Users do not create accounts on the Public Dashboard, and we do not ask for names, email addresses, or other identifying information.

2.3 Cookies and Similar Technologies

The Public Dashboard does not set first-party cookies for tracking or analytics. Some embedded third-party services (see Section 4) set their own cookies; those cookies are governed by the third party's privacy policy.

3. Information Collected — Publishing Tool

The Publishing Tool is the authenticated internal application used by Authorized Publishers (typically Jurisdiction staff). It necessarily collects more information than the Public Dashboard because users are signing in and acting on behalf of the Jurisdiction.

3.1 Account Information

For each Authorized Publisher, we collect and store:

Name (as provided by the Jurisdiction);
Work email address;
Role or permission level within the Publishing Tool;
Authentication credentials, which are one of the following depending on the Jurisdiction's configuration:
- An email address and a password hash (we do not store passwords in plain text); or
- A linked single sign-on (SSO) identity (for example, Microsoft Entra ID or Google Workspace), in which case the SSO provider — not Momentum CE — holds the credential itself.

3.2 Authentication Logs

We log authentication events for the Publishing Tool — specifically, the timestamp of each sign-in, the account that signed in, and the success or failure of the attempt. These records exist for security and account-integrity purposes (for example, to detect suspicious activity or to investigate a compromised account).

We do not maintain general activity logs of every action taken inside the Publishing Tool beyond what is needed for the publishing audit trail described in Section 3.3.

3.3 Publishing Audit Trail

When an Authorized Publisher publishes a notice, polygon, or other Content, we record:

The identity of the publisher;
The timestamp of the publish action;
The Content that was published (text, image, polygon coordinates, targeting parameters).

This audit trail exists so that the Jurisdiction can answer the question "who published what, when?" — which matters for accountability during and after incidents. The audit trail is made available to the Jurisdiction on reasonable request.

3.4 Cookies and Sessions

The Publishing Tool sets functional cookies (or equivalent session tokens) that are strictly necessary to keep an Authorized Publisher signed in during a session. These cookies are not used for analytics, advertising, or tracking outside the Publishing Tool itself.

4. Third-Party Services Embedded or Loaded by the Public Dashboard

The Public Dashboard aggregates information from a number of external sources. Some of these are server-side data pulls (the data arrives at your browser through us, and the third party does not see you). Others are client-side embeds (your browser connects directly to the third party, which can see your IP address, user agent, and other standard browser information).

4.1 Server-Side Feeds (Third Party Does Not See You)

The following feeds are typically retrieved by our servers and then displayed to you. The originating service does not directly observe Public Users:

National Weather Service (NWS) alerts and graphicasts;
National Oceanic and Atmospheric Administration (NOAA) products;
AirNow air quality data;
State forestry burn restriction data;
FEMA-published resources (where displayed as content rather than as an embed);
Local city, county, and state data feeds configured for a particular Jurisdiction.

4.2 Client-Side Embeds (Third Party Can See You)

The following are loaded directly by your browser, which means the third party can see standard browser-level information (such as your IP address, the page you are viewing, and your device's user agent) and may set their own cookies according to their own privacy practices:

Google Maps — used to display the map view and to handle browser geolocation. Governed by Google's privacy policy and terms.
Facebook page embeds — used to display the Jurisdiction's (or a related agency's) Facebook posts inline on the dashboard. Governed by Meta's privacy policy and terms. Note that Meta can typically observe visits to pages containing Facebook embeds even if you do not interact with them.
Additional embeds that a Jurisdiction requests for its deployment (for example, an X/Twitter feed, a YouTube channel embed, or a specific agency's data widget). Each Jurisdiction's deployment may include different embeds, and any such embed is governed by the third party's own privacy practices.

Momentum CE does not control these third parties and is not responsible for their privacy practices. If you have concerns about a specific embed, you can typically block third-party content using your browser's privacy settings or extensions.

4.3 Why We Use Third-Party Embeds

These embeds exist because they materially improve the public information value of the dashboard during real events — official weather information from NWS, real-time air quality during a wildfire, and direct social channels from the Jurisdiction's own departments. We accept the trade-off that comes with embedding them, and we disclose it here.

5. How Information Is Used

We use the limited information described above to:

Operate UnifiedEM — display feeds, render maps, accept and publish notices, keep sessions active, and keep the service available;
Secure UnifiedEM — detect and respond to abuse, unauthorized access, and technical incidents;
Support the Jurisdiction — provide audit-trail and operational information to the Jurisdiction about its own UnifiedEM instance;
Communicate with Authorized Publishers — send account-related and service-related notices (for example, password resets, maintenance windows, or security advisories).

We do not use the information collected through UnifiedEM for advertising, profiling, or any purpose unrelated to operating the service.

6. How Information Is Shared

We share information only as described below.

6.1 With the Jurisdiction

Information collected through the Publishing Tool — including Authorized Publisher account information, authentication logs, and the publishing audit trail — is shared with the Jurisdiction whose UnifiedEM instance generated it. This is necessary so the Jurisdiction can administer its own deployment.

6.2 With Service Providers

We use a limited set of vendors and infrastructure providers to operate UnifiedEM — for example, hosting, email delivery, authentication providers, and error-monitoring services. These providers process information only on our behalf, under contractual obligations consistent with this Privacy Policy.

6.3 As Required by Law

We may disclose information when required by valid legal process (such as a subpoena or court order) or when we believe in good faith that disclosure is necessary to protect the safety of any person, to prevent fraud, or to address a security incident. Where legally permitted, we will notify the Jurisdiction or affected individual before complying.

6.4 In a Business Transaction

If Momentum CE is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction. We will require any acquirer to honor the commitments in this Privacy Policy or to notify users of any change.

6.5 We Do Not Sell Personal Information

Momentum CE does not sell personal information. We do not share personal information with third parties for their own marketing or advertising purposes.

7. Data Retention

Our retention practice is to keep information only as long as needed for the purpose for which it was collected.

Category	Retention
Public Dashboard short-term operational logs	Days, not months; flushed automatically by infrastructure providers.
Public Dashboard analytics or visitor logs	Not collected.
Browser geolocation	Not retained server-side. Held by your browser only for the active session.
Authorized Publisher account records	For the duration of the Jurisdiction's contract, plus a reasonable period to handle wind-down.
Authentication logs (sign-in timestamps)	Typically one year, or as required by applicable security or audit obligations.
Publishing audit trail	For the duration of the Jurisdiction's contract; transferred to the Jurisdiction on termination if requested.

Specific retention windows may vary based on legal obligations, security needs, or written agreements with a particular Jurisdiction.

8. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, alteration, disclosure, or destruction. These include:

Encryption of data in transit (HTTPS);
Encryption of stored credentials (passwords are hashed; we do not store plain-text passwords);
Access controls limiting administrative access to authorized Momentum CE personnel;
Monitoring for unauthorized access and abnormal activity;
Regular updates to underlying software and infrastructure.

No system is perfectly secure. We cannot guarantee that information will never be subject to unauthorized access. If a security incident occurs that materially affects information described in this policy, we will notify affected Jurisdictions (and, where applicable, affected individuals) as required by law and as required by the written agreement between Momentum CE and the Jurisdiction.

9. Children's Privacy

UnifiedEM is a general-audience public safety information service. We do not knowingly collect personal information from children under 13. Because the Public Dashboard does not require an account and does not collect identifying information from visitors, we generally do not receive children's personal information through it. If you believe a child has provided personal information to us through the Publishing Tool, please contact us using the information in Section 13 and we will take appropriate steps.

10. Your Choices

10.1 Geolocation

If you previously granted the Public Dashboard permission to use your browser's location, you can revoke that permission at any time through your browser's site settings.

10.2 Cookies and Third-Party Embeds

You can configure your browser to block third-party cookies or to block third-party content entirely. Doing so may cause embedded content (such as the Facebook embed or Google Maps) to display in a limited way or not at all, but the rest of the dashboard will continue to function.

10.3 Authorized Publisher Accounts

Authorized Publishers can update their account information by contacting their Jurisdiction administrator or by contacting Momentum CE using the information in Section 13. Account closure is typically handled by the Jurisdiction.

10.4 Rights Under Applicable Law

Depending on where you live, you may have additional rights under applicable privacy laws — such as the right to access, correct, or delete personal information about you, or to object to certain processing. To exercise any such right, contact us using the information in Section 13. We will respond as required by applicable law.

11. Tribal Data Sovereignty

When UnifiedEM is operated on behalf of a tribal Jurisdiction, Momentum CE recognizes the principle that information generated by or about that Jurisdiction — including publishing audit trails, configuration data, and notice content — belongs to and is subject to the governance of that Jurisdiction. The specific terms of data ownership, residency, access, and return are set out in the written agreement between Momentum CE and the Jurisdiction. Nothing in this Privacy Policy is intended to override those terms or to assert any Momentum CE ownership interest in tribal data beyond what is necessary to operate UnifiedEM under that agreement.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top reflects the most recent revision. Material changes will be communicated to the Jurisdiction and, where reasonably possible, posted on the Public Dashboard before they take effect. Continued use of UnifiedEM after changes take effect constitutes acceptance of the revised policy.

13. Contact

Questions about this Privacy Policy or about how UnifiedEM handles information may be directed to:

Momentum CE LLC 320 E Vine Dr #316 Fort Collins, CO 80524 privacy@momentumce.com

For questions about information collected by a specific Jurisdiction's UnifiedEM deployment, you may also contact that Jurisdiction's emergency management department directly.