Last Updated: June 12, 2026

Campfire Software, Inc. ("Campfire," "we," "us," or "our") provides this Privacy Policy (the "Policy") to describe our practices regarding the collection, use, and disclosure of information about you. This Policy applies to the information we collect about you through our website and other online services on which we post this Policy (collectively, the "Site") and through other methods, such as when we collect information about you through offline means (such as at a conference) or from other parties, or in the course of administering our services to our customers (collectively with the Site, the "Services"). By providing us with information, accessing, or otherwise using our Services, you agree to our collection, disclosure, and use of information about you as described in this Policy.

This Policy does not apply to information we collect about employees, job applicants, and independent contractors. This Policy also does not apply to information that we process on behalf of our customers. We do not control how our customers use or otherwise process information we process on their behalf, and you should consult with the applicable customer to understand how they use information they receive from Campfire.

We collect information about you when you use our Services. The types of information we collect depend on how you use our Services. Please note that we need certain types of information to provide the Services to you. If you do not provide us with such information, or if you ask us to delete that information, you may no longer be able to access or use certain Services.

The information we collect may include data you directly provide to us, data we obtain automatically from your interactions with our Services, and data we obtain from other sources.

a. Information You Provide Directly to Us

We may collect information directly from you when you use the Services, including when you communicate with us. The types of information we may collect from you directly include: (1) name; (2) email address; (3) company or employer name; (4) job title; (5) company or employer size; (6) phone number; (7) information in communications with us; and (8) information related to transactions you've made with us.

b. Information We Collect Automatically

We or our third-party vendors may also collect certain information about your use of the Site and the devices you use to access the Site, including through cookies, web beacons, local storage, JavaScript, mobile-device functionality and other tracking technologies (collectively, "Cookies"). This information may include your IP address, browser types, browser language, operating system, the state or country from which you accessed the Site, software and hardware attributes (including device IDs) referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Site, error logs, and other similar information. We may also collect general location information (e.g., IP address, city/state and or postal code associated with an IP address) from your computer or mobile device.

You can choose to accept or decline Cookies. Most web browsers automatically accept Cookies, but your browser may allow you to modify your browser settings to decline Cookies if you prefer. If you disable Cookies, you may be prevented from taking full advantage of the Site, because the Site may not function properly. As we adopt additional technologies, we may also gather additional information through other methods.

c. Information We Collect from Other Sources

We may collect information about you from other parties. For example, users may provide us with information about colleagues or other prospective customers. We may combine information that we collect from you through the Services or elsewhere with information that we obtain from other parties and information derived from other products or services we provide.

We may use the information we collect about you for various business purposes, including to:

Provide the Services.

Administer and troubleshoot the Services.

Personalize and improve the Services.

Analyze, improve, modify, customize, and measure the Services.

Provide support, and otherwise to respond to your comments, questions, and requests.

Communicate with you about our products, experiments, services, surveys, events, content, and other news and information we think may be of interest to you.

Communicate with you by telephone (including through prerecorded, artificial, or AI-powered calls) and text message, with your consent as required by applicable law.

Comply with our legal obligations or as permitted by law.

Protect the safety and/or integrity of our users, employees, third parties, members of the public, and/or our Services, including to prevent, detect, investigate, and respond to fraud, unauthorized access/use of the Services, breaches of terms and policies, or other wrongful behavior.

Process payments or other transactions made with us.

Enforce our Terms of Use and any other agreements between you and Campfire.

Carry out any other purpose for which the information was collected.

As directed by you or with your consent.

We may combine information that we collect from you through the Services with information that we obtain from other sources. We may also aggregate and/or de-identify information collected through the Services. We may use and disclose de-identified or aggregated data for any purpose, including without limitation for research and marketing purposes.

We may disclose your information for various reasons as described below.

Vendors. We may disclose your information to employees, consultants, and other vendors who need access to such information to carry out work or perform services on our behalf, such as those who provide data storage, payment, technology support and services, customer service, analytics, fraud prevention, legal services, and marketing services.

Affiliates. We may disclose your information to our affiliates.

Law Enforcement, Regulators, and Other Parties for Legal Reasons. We may disclose information about you to third parties as required by law or if we believe in good faith that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) enforce our Terms of Use or to protect the security or integrity of our Services; and/or (c) exercise or protect the rights, property, or personal safety of Campfire, its agents and affiliates, our customers, or others.

Business Transactions. We may disclose information to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business, including for the purpose of determining whether to proceed or continue with such transaction or business relationship.

At Your Direction/Consent. We may disclose your information as otherwise permitted or required by law or as authorized by you.

Advertising and Analytics. We may disclose or make available some of your information to advertising and analytics partners to serve advertisements on our behalf across the Internet and to provide analytics services. These entities may use Cookies to allow us to, among other things, track and analyze data, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand your online activity. For more information about how to manage having your web browsing information used for advertising purposes, please see the "Online Analytics and Tailored Advertising" section below.

Aggregate/De-Identified Information. We reserve the right to create aggregate/de-identified data from the information we collect through the Services and our disclosure of such aggregate/de-identified data is in our discretion.

a. Online Analytics

We may use third-party web analytics services on the Sites, such as Google Analytics. These vendors use Cookies to help us analyze how users use the Sites, including by noting the third-party website from which you arrive. The information these Cookies collect will be disclosed to or collected directly by these vendors, which use the information to evaluate your use of the Sites. We also use Google Analytics for certain purposes related to advertising, as described in the next section. To prevent Google Analytics from using your information for analytics purposes, you may install the Google Analytics Opt-Out Browser Add-On.

b. Tailored Advertising

We may allow certain third parties (e.g., ad networks and ad servers such as Google Analytics) to serve tailored marketing to you and to access their own Cookies on your computer, mobile phone, or other device you use to access the Sites. We neither have access to, nor does this Policy govern, the use of these Cookies by non-affiliated third-party ad technologies, ad servers, ad networks, or any other non-affiliated third parties. Those parties that use these technologies may offer you a way to opt out of targeted advertising as described below.

If you are interested in more information about tailored browser advertising and how you can generally control Cookies for advertising purposes, you can visit the Network Advertising Initiative's ("NAI") Opt-Out Page and/or the Digital Advertising Alliance's ("DAA") Consumer Opt-Out Link to learn more about how to opt-out of receiving tailored advertising from participants of these programs. To opt out of Google Analytics for Display Advertising, or to customize Google Display Network Ads, you can visit the Google Ads Settings page. If your browsers are configured to reject Cookies when you visit an opt-out page, or you subsequently erase your Cookies, use a different device to access the Sites, or change web browsers, your opt out may no longer be effective.

Please note that to the extent advertising technology is integrated into the Sites, you may still receive advertising content, even if you opt out of tailored advertising. In that case, the advertising content may just not be tailored to your interests.

Campfire is considered the "data controller" of the "personal data" (as defined under the General Data Protection Regulation) we handle under this Policy. In other words, Campfire is responsible for deciding how to collect, use, and disclose personal data, subject to applicable law. The laws of the European Economic Area and the United Kingdom require data controllers to tell you about the legal ground that they rely on for using, sharing, or disclosing your personal data. To the extent those laws apply, our legal grounds are as follows:

Contractual Commitments: We may use, share, or disclose personal data to honor our contractual commitments to you. For example, we will process your personal data to comply with our agreements with you, and to honor our commitments in any contracts that we have with you.

With Your Consent: Where required by law, and in some other cases, we use, share, or disclose personal data on the basis of your consent.

Legitimate Interests: In many cases, we use, share, or disclose personal data on the ground that it furthers our legitimate business interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, such as customer service, analyzing and improving our business, providing security for the Services and our products and services, preventing fraud, and managing legal issues.

Legal Compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations.

Residents of the European Economic Area and United Kingdom may also have certain rights to their personal data. For example, you may request that we:

Provide access to and/or a copy of certain information we hold about you;

Prevent the processing of your information for direct marketing purposes (including any direct marketing processing based on profiling);

Update information which is out of date or incorrect;

Delete certain information that we are holding about you;

Restrict the way that we process and disclose certain information about you;

Transfer your information to a third-party provider of services;

Object to certain processing of your personal data; and

Revoke your consent for the processing of your information.

Please note that certain information may be exempt from such requests under applicable law. For example, we may retain certain information for legal compliance and to secure the Services. We may need certain information to provide the Services to you; if you ask us to delete it, you may no longer be able to use the Services.

In addition to the rights described above, you have the right to lodge a complaint with the relevant supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO), which you can contact at ico.org.uk or on 0303 123 1113. If you are located in the European Economic Area, you may lodge a complaint with the data protection authority in your country of residence. We encourage you to contact us first at [email protected] and we will do our best to resolve your concern. If you would like information regarding your rights under applicable law or would like to exercise any of them, contact us at [email protected]. To protect your privacy and security, we take reasonable steps to verify your identity and requests before granting such requests. If we are unable to verify your identity, we may be unable to respond to your requests.

Our Identity and How to Contact Us. Campfire Software, Inc. is the controller of your personal data. You can reach our Data Protection Officer at [email protected] or by writing to Campfire Software, Inc., 300 Montgomery St., Suite 500, San Francisco, CA 94104, Attn: Data Protection Officer. We have appointed Lewis Lowden as our representative in the United Kingdom pursuant to Article 27 of the UK GDPR. You may contact our UK representative at [email protected] or by writing to Suite 409, 131 Finsbury Pavement, London EC2A 1NT, Attn: UK Representative, in relation to any matter concerning the processing of your personal data.

Our website does not respond differently or limit their practices under the terms of this Policy when you access our site with a browser that uses a do not track signal.

Campfire may maintain links to other websites or services and other websites may maintain links to the Services. This Policy applies only to the Services and not to other websites or services accessible from Campfire or that you use to access Campfire, each of which may have privacy policies materially different from this Policy. If you visit other websites or use other services, Campfire is not responsible for the privacy practices or content of those sites. It is your responsibility to review the privacy policies of non-Campfire websites and service to confirm that you understand and agree with them.

Account Information. You may update, correct, or modify information about you at any time by logging into your account or emailing us at [email protected].

Cookies. Most web browsers are set to accept Cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser Cookies. The method for disabling Cookies may vary by device and browser, but can usually be found in your device or browser preferences or security settings. Please note that if you choose to remove or reject Cookies, this could affect the availability and functionality of the Site.

Marketing Emails. You may opt out of receiving marketing emails from us by following the instructions in those marketing emails. If you choose to opt out, we will still send you non-marketing communications, such as those about your account or our ongoing business relations.

We implement a variety of technical and organizational measures to protect your information against accidental or unlawful access, destruction, loss, misuse, change or damage. However, no Internet or email transmission is ever fully secure or error-free. Please keep this in mind when disclosing any information to us.

We retain personal data for as long as your account is active and thereafter for as long as necessary to fulfil the purposes described in this Policy and to comply with our legal, tax, accounting, regulatory, and reporting obligations. In general, we retain account and transaction records for up to six years following the end of our relationship with you. Where we provide account information services as an agent of Plaid, we retain the related records for a minimum of three years from the date your contract is terminated, in line with our regulatory obligations. We may retain certain information for longer where required to establish, exercise, or defend legal claims, after which it is deleted or anonymised.

The Services are not intended for minors under 18. If we discover that an individual under 18 has provided us with information, we will delete the information to the extent required by the Children's Online Privacy Protection Act or other applicable law.

Personal data we collect, including through the Services, is transferred to and processed in the United States, where the Services are hosted. The United States may not provide the same level of data protection as your home country. Where we transfer personal data from the United Kingdom or the European Economic Area to the United States or any other country that has not received an adequacy decision, we put in place an appropriate safeguard for that transfer, namely the UK International Data Transfer Agreement (or the UK Addendum to the EU Standard Contractual Clauses) and the European Commission's Standard Contractual Clauses, together with a transfer risk assessment. You may request a copy of the relevant safeguard by contacting us at [email protected].

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. We use automated tools and artificial intelligence features within the Services to assist with tasks such as categorising and reconciling transactions and detecting anomalies; this processing supports our customers' accounting work, operates under human oversight, and is not used to make decisions about you that produce legal or similarly significant effects. Account information accessed through Plaid is used solely to provide account information services.

Campfire Software Inc. is an agent of Plaid Financial Ltd., an authorised payment institution regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 (Firm Reference Number: 804718). Plaid provides you with regulated account information services through Campfire as its agent.

We may change this Policy to reflect changes in the law, our information practices, or the features of the Services. At the top of our Policy, we will indicate the date of the most recent update. If we make a material change to the Policy, you will be provided with appropriate notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Policy.

If you have questions or concerns regarding this Policy, you should contact us by email at [email protected]