Platform Privacy Policy

Last Revised: July 17, 2023

This Privacy Policy applies to the OnFire.ai Platform ('Platform') and outlines how OnFire, Inc. ('OnFire', 'we', 'us', or 'our') collects, uses, shares, and protects information related to the Platform. It also describes your rights regarding your personal information under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable laws. This Privacy Policy applies whether you access the Platform through our website or any other access point.

TYPES OF INFORMATION WE COLLECT
To deliver our services, we collect information you provide directly, automatically as you navigate our platform, or from third parties. The type of information collected includes: A. User Account Information: This encompasses any information you provide during your interactions with us, such as creating an account, contacting us for support, and providing feedback. This information can include names, email addresses, telephone numbers, and business contact information. B. Platform Usage Information: This includes details about how you use and interact with our Platform, such as pages visited, links clicked, log data, and other such information. We use this data to maintain and enhance our services. C. Customer End User Data: This includes information provided by you, or on your behalf, about your end users. This data may contain personally identifiable information ("PII"). D. Cookies and Other Tracking Technologies: We may use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole.

HOW WE USE THE INFORMATION
We use the information we collect in several ways, including: A. To operate and improve our Platform, to provide customer support, and to protect our legal rights and interests. B. To fulfill our obligations as per our agreements with our Customers. C. To analyze and develop new products, services, and features. D. To communicate with you, such as through emails, about updates, security alerts, and administrative messages.

SHARING OF INFORMATION
We do not sell, trade, or rent your personal information. We may share personal information with service providers to help us provide our services and fulfill our contracts with you, where required by law or to protect our rights.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout

INFORMATION SECURITY
OnFire is committed to providing an environment that safeguards your data. We are actively pursuing certifications for SOC2 and ISO 27001 - globally recognized standards for stringent data security requirements. Our data is hosted through authorized third-party service providers, such as Amazon Web Services, known for their advanced security features. While we strive to ensure the utmost security, no system is completely foolproof. We can't fully guarantee that unauthorized access to data will never occur, hence, any data transfers you make to us are at your own discretion and risk.

DATA RETENTION
OnFire retains (i) Customer End User Data as long as Customers need to use the Platform or as required or permitted by law; and (ii) Platform Usage Data for no longer than necessary to serve the legitimate business need for which it was collected.

RELATIONSHIP, LAWFUL BASIS, AND CUSTOMER END USER CHOICES
OnFire is considered a "data processor" and our Customers are "data controllers" under certain jurisdictions' laws when processing PII of Customer End User Data. We process PII solely for the purpose of providing services according to our agreements with Customers. For our Customers' privacy practices, Customer End Users should closely review the Privacy Policies of the applications, services, and websites they access.

INTERNATIONAL DATA TRANSFERS
Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

YOUR RIGHTS
A. Rights Under the GDPR (For EEA Residents)
If you are located in the EEA, you have the following rights regarding your personal data:
- Right of Access: Obtain confirmation whether we process your personal data and access to the data.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data under certain conditions.
- Right to Restrict Processing: Request that we limit processing of your personal data.
- Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format.
- Right to Object: Object to processing of your personal data based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time where we are relying on consent to process your personal data.
B. Rights Under the CCPA/CPRA (For California Residents)
If you are a California resident, you have the following rights regarding your personal information:Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of personal information we have collected from you.
- Right to Opt-Out of Sale or Sharing: Opt-out of the sale or sharing of your personal information to third parties.
- Right to Correct: Request correction of inaccurate personal information we hold about you.
- Right to Limit Use of Sensitive Personal Information: Limit the use and disclosure of your sensitive personal information.
- Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights.
C. Exercising Your Rights
To exercise any of these rights, please contact us at:
- Email: privacy@onfire.ai
‍- Mail: OnFire Inc., 16 Derech Abba Hillel, Ramat Gan, Israel
We may need to verify your identity before processing your request. We will respond to your request within the time frame required by applicable law.

FOR CALIFORNIA RESIDENTS
Please note that we may have collected and/or shared certain categories of personal information about you over the past 12 months. California residents may also have additional rights under the California Consumer Privacy Act. For more details, please send us an email at privacy@onfire.ai.

CHILDREN
Our Platform is not designed for or intended to be used by children. We do not knowingly collect or sell PII from children. If we learn that we have collected PII from someone under the age of majority in their jurisdiction, we will promptly delete that information.

YOUR RIGHTS
You have the right to access, correct, update, or request deletion of your personal information at any time. You can also object to the processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information.

CHANGES TO THE PRIVACY POLICY
OnFire reserves the right to change this Platform Privacy Policy at any time. Significant changes will be notified on our website at www.onfire.ai or by email. Changes are effective as of the stated "Last Revised" date. Continued use of the Platform after this date indicates your acceptance of the changes.

HOW TO CONTACT US
If you have any questions about this Platform Privacy Policy or about exercising your data protection rights, you can contact us at privacy@onfire.ai or via mail at OnFire Inc., 16 Derech Abba Hillel, Ramat Gan, Israel.