Overview
BlueLine SOCO is a law enforcement tool built for Colorado agencies to capture, manage, and export stop data reports in compliance with the Colorado Contacts schema v4.0. This policy explains what information the app and service collect, how that information is used, and how it is protected.
BlueLine SOCO is operated by Cameron Fore. By using the app or service, you agree to the practices described in this policy. If you have questions, contact us at support@bluelinesoco.com.
What We Collect
We collect only the information necessary to operate the service. The table below describes each category of data, what it contains, and why it is collected.
| Category | What It Includes | Why It's Collected |
|---|---|---|
| Account credentials | Username; password (stored as a bcrypt hash — your plaintext password is never stored) | Authentication and session management |
| Passkey public key | The public key component of your Apple Passkey, device name, and registration date | Biometric sign-in (Face ID / Touch ID). The private key never leaves your device. |
| Stop data reports | Contact date, time, location, initiation type, citizen demographics (as entered by the officer), contact reason, outcome, and any conditional fields (searches, use of force, arrests) | Core function of the service — capturing and storing agency stop data for state reporting |
| GPS / location | Current device location, used to reverse-geocode a street address and city | Auto-filling the address field on a report. Only accessed when you tap the location button — not tracked continuously. |
| Session data | Authentication tokens, session timestamps, login attempt counts | Maintaining your login session and enforcing rate limiting and session expiration |
| Agency settings | Agency name, ORI number, access code | Identifying your agency for correct data routing and state export formatting |
What We Do Not Collect
- Continuous location tracking or background location data
- Contacts, photos, or other device content
- Advertising identifiers or device fingerprints
- Analytics, crash reporting, or usage telemetry sent to third-party services
- Any biometric data — Face ID and Touch ID are processed entirely on your device by Apple
How We Use It
Information collected by BlueLine SOCO is used solely to operate and maintain the service. Specifically:
- Authentication — verifying your identity when you sign in and maintaining your session
- Report storage and management — saving drafts and submitted reports to your agency's database
- State export — generating schema-compliant submission files for your agency to file with the state of Colorado
- Account management — allowing administrators to create, update, and deactivate officer accounts within their agency
- Security enforcement — rate limiting login attempts, expiring sessions, and detecting unusual access patterns
Data Storage & Security
Dedicated Database per Agency
Each agency's data is stored in its own dedicated cloud-hosted database. Your agency's records are logically isolated from all other agencies — there is no data commingling between agencies.
Data Transmission
All communication between the app and the service is encrypted in transit using HTTPS (TLS). Data is never transmitted in plaintext.
Passkeys & Biometrics
Passkeys are implemented using the Apple Passkey standard. Your biometric data (Face ID / Touch ID) is processed entirely on your device by Apple's Secure Enclave and is never transmitted to or stored by BlueLine SOCO. Only the public key component of your passkey is stored on the server.
Session Security
- Sessions expire after 8 hours of inactivity
- Login attempts are rate-limited — 10 failed attempts within 15 minutes results in a temporary lockout
- Passwords are stored as bcrypt hashes and are never stored or logged in plaintext
Data Retention
Stop data reports and account records are retained for as long as your agency's subscription is active. Upon subscription termination, data retention and deletion are handled per the terms agreed upon with your agency. Contact us to discuss your agency's data retention requirements.
Data Sharing
We do not sell, rent, or share your data with third parties for advertising or commercial purposes. The limited circumstances in which data may be accessed or disclosed are:
Within Your Agency
Agency administrators have access to all reports submitted within their agency. This is a core function of the service — supervisors and authorized administrators can view, manage, and export all officer reports.
State Reporting
The state export function generates a submission file that your agency downloads and submits to the state of Colorado. BlueLine SOCO does not transmit data to the state on your behalf — the export file is delivered to your agency, and your agency controls when and how it is filed.
Service Providers
BlueLine SOCO uses cloud infrastructure providers to host the service. These providers process data on our behalf under data processing agreements and do not have independent access to your agency's data for their own purposes.
Legal Requirements
We may disclose information if required to do so by law, court order, or other governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of any person.
Your Rights
Because BlueLine SOCO is administered at the agency level, most account and data requests are handled through your agency administrator. The following rights apply:
Access
You may request a summary of the personal information stored about your account by contacting your agency administrator or emailing support@bluelinesoco.com.
Correction
Account details (name, username, call sign) can be updated by your agency administrator. Contact your admin to request a correction.
Deletion
Officers may request account deletion through their agency administrator. Submitted reports are agency records — their retention is governed by your agency's policies and applicable public records law. Account deletion removes your login credentials and passkeys; historical report records attributed to your account may be retained per agency policy.
Passkey Removal
You can remove any registered passkey at any time from the Account tab in the app. This does not affect your ability to sign in with a password.
Location Data
Location access is only requested when you explicitly tap the GPS button in the report form. You can deny location permission at any time in iOS Settings → BlueLine SOCO → Location, and manually enter addresses instead.
Children's Privacy
BlueLine SOCO is designed exclusively for use by law enforcement professionals. It is not directed at or intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a minor's information has been submitted in error, contact us at support@bluelinesoco.com.
Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the effective date at the top of this page. We encourage agency administrators to review this policy periodically.
Continued use of BlueLine SOCO after a policy update constitutes acceptance of the revised terms. If a change materially affects how we handle data, we will make reasonable efforts to notify affected agencies directly.
Contact
For privacy-related questions, data access requests, or concerns about how your information is handled, please reach out: