Privacy Policy

1. Introduction

Bonfire Terminal ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of your information when you use our application and website.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, company name, and payment information (processed securely through NMI).

Usage Data: We collect analytics about how you use Bonfire Terminal—feature usage, performance metrics, error logs. This data is anonymized and helps us improve the product.

Local Credentials: API keys, credentials, and business data remain 100% local on your machine. We never store, transmit, or access these without your explicit action.

Communication: When you contact support, we store your messages to provide assistance and improve our service.

3. How We Use Your Information

We use collected information to:

• Provide and improve Bonfire Terminal
• Process payments and manage subscriptions
• Send transactional emails (receipt, password reset, etc.)
• Respond to your inquiries and provide support
• Comply with legal obligations
• Analyze usage patterns to optimize the product

4. Local Security & Zero-Knowledge Architecture

Your data stays on your machine. Bonfire Terminal operates on a zero-knowledge model:

• All credentials are stored locally in encrypted .env files on your machine
• API keys for Google Analytics, Meta Ads, Stripe, etc. never leave your machine
• Workflows execute locally on your hardware
• We have no ability to access your business data even if requested by law

5. Data We Never Collect

We explicitly do NOT collect or store:

• Your API keys or authentication tokens
• Your business data or customer information
• Personally Identifiable Information (PII) processed by workflows
• Your email account credentials
• Bank account or payment processing details (handled by NMI only)

6. Data Sharing

We do NOT sell your data. We only share information in these cases:

• Service Providers: NMI (payment processing), Google Analytics, hosting providers. All are bound by confidentiality agreements.
• Legal Compliance: When required by law or to protect our rights
• With Your Consent: When you explicitly authorize us

7. Data Retention

Account Data: We retain your account information as long as your subscription is active. After cancellation, we delete your account within 30 days upon request.

Support Communications: We retain support tickets for 1 year for reference and improvement purposes.

Analytics: Anonymized usage data is retained for product development and retained indefinitely in aggregated form.

8. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Opt-Out: Unsubscribe from marketing communications

To exercise these rights, email privacy@bonfireterminal.com.

9. Cookies & Tracking

We use cookies for:

• Session Management: Keeping you logged in
• Analytics: Understanding how you use our website
• Conversion Tracking: Tracking purchases via Facebook Pixel and Google Analytics

You can disable cookies in your browser settings, though this may affect functionality.

10. Security

We implement industry-standard security measures:

• HTTPS encryption for all data in transit
• Secure password storage with bcrypt hashing
• Regular security audits and penetration testing
• Zero-knowledge architecture means your data is never exposed to us

11. Third-Party Services

We use these third parties:

• NMI: PCI-compliant payment processing (their privacy policy applies)
• Google Analytics: Website traffic analysis
• Facebook Pixel: Conversion tracking

We recommend reviewing their privacy policies. We are not responsible for their practices.

12. GDPR & CCPA Compliance

For EU Users (GDPR): We comply with GDPR. You have rights to access, correct, and delete your data. Contact privacy@bonfireterminal.com to exercise these rights.

For California Users (CCPA): You have the right to know what data we collect, delete it, and opt-out of sales (we don't sell data). Contact privacy@bonfireterminal.com.

13. Changes to This Policy

We may update this Privacy Policy. We'll notify you of material changes via email or prominent notice on the website. Your continued use after changes constitutes acceptance.

14. Contact Us

Questions about this policy? Contact us:

Email: privacy@bonfireterminal.com
Mailing Address:
Bonfire Terminal
Privacy Matters
[Address to be added]

Last Updated: January 2, 2026
Version 1.0