For IT and security teams

Architecture summary

• Single Flutter binary across iOS, iPadOS, Android, macOS, Windows. Web admin console runs as a Jaspr (Dart) application.
• No central server is required for incident operation. Devices form a peer mesh on the local Wi-Fi network during an incident.
• Cloud features (Tier 2 and Tier 3) use Firebase: Auth, Firestore, Cloud Storage, Cloud Functions. Hosted in US region by default; on-premises and dedicated-Firebase-project options available at Tier 3.

Network requirements

• During incident: local Wi-Fi network with mDNS / Bonjour enabled. No internet required.
• For cloud sync (Tier 2+): outbound HTTPS to *.firebaseapp.com, *.googleapis.com, and *.safesignals.io.
• No inbound firewall rules required.
• Bandwidth: <100 KB per incident event in typical operation. An entire structure-fire incident archive is typically <50 MB.
• For the full network specification, email hello@safesignals.io.

Security

• All inter-device communication is encrypted with ChaCha20-Poly1305 AEAD.
• Every event is signed with Ed25519. Tampering breaks the signature chain.
• Cloud storage is encrypted at rest by Firebase / GCP.
• License tokens are signed RS256 JWTs with public key embedded in the app binary.
• No device-to-device communication is unencrypted.
• Public signing keys (trust-keys endpoint).

Data sovereignty

• Per-department data isolation. A guest department on a mutual-aid call retains sovereignty over its own personnel records.
• Incident data is used only to provide the service — no industry-aggregation analytics on customer data.
• Department admins can export the full event log at any time as a portable file with cryptographic signature.
• Tier 3 customers can opt for an isolated tenant database or a dedicated Firebase project.

Compliance

• NFPA 1550 / 1580: these are department-program standards, not product certifications. Muster is aligned with NFPA 1550 and 1580, providing the documentation, retention, and feature surface that align with the standards' requirements. Chapter-level mapping documents are available on request and will be published publicly when the documentation portal goes live. There is no third-party certification scheme for fire-service software conforming to NFPA 1550 or 1580 — claims to the contrary are marketing, not third-party-validated facts.
• HIPAA: Muster is not a covered entity. Vitals captured during rehab are limited to the minimum necessary to align with NFPA 1580 Chapter 22 and are access-controlled at the device level. Business Associate Agreements are not currently signed.
• SOC 2: Targeted for Phase 8+. Penetration test reports available to Tier 3 customers under NDA when commissioned.
• GDPR: US-based service. EU customers should contact sales for guidance.
• OSHA 1910.1020: Exposure record retention is built into Tier 2+ at 30+ year retention.
• NERIS: Designed for the National Emergency Response Information System. NERIS Integration Partner Program application is on the roadmap.

Single sign-on

SSO via SAML 2.0 or OIDC is a Tier 3 feature and is on the Phase 8+ roadmap. Until SSO ships, admin console access uses Firebase Auth with email-and-password or magic-link.

Certifications and audits

SOC 2, ISO 27001, and HIPAA certification are not currently held. These are on the roadmap as customer demand materializes. Detailed security walkthrough conversations are available for prospective IT teams.