CampFire Privacy Policy
Effective date: December 23, 2025
CampFire Technology, Inc. (“CampFire”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use CampFire’s Contract Analytics Platform and CampFire’s other services, along with any associated software applications and websites (all together, “Services”). It also explains the rights you may have under applicable privacy laws and how to contact us. The policy applies to individuals who visit our public website as well as users of our subscription Services (customers and their Authorized Users).
If you are a California resident, please also see the “Your Rights” section below for information about California privacy rights.
1. What personal information we collect
We collect data necessary to deliver and improve the Services. Categories of personal information we collect include:
A. Information you provide directly
-
Account registration and profile information (name, email, company, job title, phone).
-
Billing and payment information (billing name, address, invoicing contact; payment tokens are processed by our payment processor).
-
Content you upload to the Services (documents, contracts, comments, annotations) (“Customer Data”).
-
Communications you send us (support requests, feedback).
B. Technical and usage information
-
Log data, IP addresses, internal messaging, device identifiers, browser type and version, operating system, pages visited, usage information, timestamps, error and diagnostic data, and cookies or other tracking technologies.
C. Derived and AI-related data
-
When you use AI features, we process the inputs you submit and the AI-generated outputs. Together with Customer Data, the “Content”)
2. How we use personal information
We use personal information to:
-
Provide, operate, maintain and improve the Services (including authentication, hosting, and backup).
-
Process and store Content and to perform the Services.
-
Provide customer support and communicate about your account and the Services.
-
Monitor, troubleshoot, and enhance security and performance.
-
Comply with legal obligations and protect legal rights.
-
Conduct research and development, analytics, and to train and improve our models and AI features (in accordance with the choices and contractual terms applicable to Content).
Legal bases (GDPR): For EU/EEA individuals, we will process personal data on legal bases that may include: (i) performance of a contract; (ii) compliance with legal obligations; (iii) legitimate interests (e.g., platform security, product improvement), balanced against your rights; and (iv) consent where required.
3. Cookies and tracking technologies
We use cookies, web beacons, and similar technologies for functional needs (authentication, load balancing), analytics (product usage, performance), and — with consent where required — advertising/marketing. You can control cookie preferences through your browser and, where provided, our cookie settings.
4. How we share personal information
We may disclose personal information to:
-
Service providers: vendors that provide hosting, analytics, payment processing, customer support, and other infrastructure services.
-
Affiliates and subcontractors: where necessary to provide the Services (Campfire remains responsible for acts of its subprocessors).
-
Professional advisors: legal, audit, technical, business and tax advisors where needed.
-
Legal and safety: to respond to lawful requests, enforce our terms, or protect rights, property, or safety.
-
Business transfers: in connection with a merger, sale, or reorganization.
We do not sell personal information for money. Where a jurisdiction uses a broader “sale” definition, we will respect opt-out rights required by local law.
5. Customer Data, ownership and controller/processor roles
You (the Customer) retain ownership of Customer Data. If you provide us personal data as part of Customer Data, you represent and warrant you have the rights to process and transmit it and to permit us to process it. When CampFire processes Customer Personal Data CampFire acts as a processor (or subprocessor) and will follow any applicable Data Privacy Addenda If CampFire collects personal data in its own capacity (e.g., for marketing, site visitors), CampFire acts as the controller.
6. AI features and model training
Some CampFire features may be powered by machine learning or AI models. You are responsible for the content you supply as inputs. We may use de-identified, aggregated data to improve our services and models, except where contractual commitments or law prohibit such use. Output generated by AI features may be imperfect and should not be relied on as legal advice.
7. Cross-border transfers and data hosting
Customer Data and other personal data may be stored and processed in multiple jurisdictions, including the United States and EU. Where required, transfers from the EU/EEA/UK will be protected by appropriate safeguards (e.g., Standard Contractual Clauses, binding corporate rules, or specific contractual terms).
8. Data retention and deletion
We retain personal information only as long as necessary for the purposes described in this Policy, or to satisfy legal, tax, dispute resolution or reporting obligations. For Customer Data, retention and deletion timelines are governed by the applicable terms of service; upon termination, we will make Customer Data available for retrieval for a limited period (e.g., 30 days) unless otherwise agreed.
9. Security
We implement reasonable and appropriate technical, administrative, and physical measures to protect personal data against loss, misuse, and unauthorized access or disclosure. These measures include access controls, encryption in transit and (where applicable) at rest, vulnerability management, logging, and regular security assessments. We maintain security documentation and certifications as applicable and will share relevant compliance information under NDA
10. Your rights and choices
Depending on your jurisdiction, you may have rights such as:
-
Access to the personal information we hold about you.
-
Correction or deletion of inaccurate or unnecessary personal information.
-
Restriction or objection to certain processing activities.
-
Portability of personal information you provided.
-
Withdrawal of consent where the basis for processing was consent.
If you are a California resident, you may have rights under the CCPA/CPRA, including the right to request disclosure of categories of personal information collected, categories of sources, business purposes, and categories of third parties with whom information is shared, and the right to opt out of the sale of personal information where applicable. To exercise rights, contact support@campfire.law or follow the request procedures described below. We will verify requests in accordance with applicable law.
11. Minors
Our Services are not directed to children under 18 (or the minimum age in applicable jurisdictions). We do not knowingly collect personal information from minors. If you believe we have received information about a minor, contact us to request deletion.
12. Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, legal requirements, or product features. If we make material changes, we will provide notice consistent with applicable law (for example, by posting a notice on the Services or emailing account contacts). Continued use of the Services after the effective date constitutes acceptance of the updated policy.
13. Contact and complaints
If you have questions, requests, or complaints about this Privacy Policy or our data practices, contact:
CampFire,
Email: support@campfire.law
If you are in the EU/EEA/UK and believe we have not addressed your request, you may have the right to lodge a complaint with your local supervisory authority.