Privacy Policy

1. Introduction

This Privacy Policy explains how OnFire Messenger Inc ("OnFire," "Company," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our mobile application, website, and related services (collectively, the "Service").

We are committed to protecting your privacy and being transparent about our data practices. By using OnFire, you consent to the practices described in this Privacy Policy.

1.1 Our Privacy Principles

Transparency: We clearly explain what data we collect and how we use it

Control: You have meaningful choices about your data

Security: We protect your information with industry-standard measures

Minimization: We collect only what we need to provide our services

No Data Sales: We never sell your personal information to third parties

1.2 Contact Information

Data Controller:

OnFire Messenger Inc

Email:

privacy@onfire.so

Address:

254 Chapman Rd, Ste 209, Newark, DE 19702

2. Information We Collect

2.1 Information You Provide

Account Information

Phone number and/or email address, name and display name, profile picture, date of birth (optional), bio and profile information, username.

Content You Create

Posts, photos, videos, and stories; messages and chat content; comments and reactions; voice and video call data; files and documents shared; reviews and ratings.

Transaction Information

Payment method details (processed by third-party providers), purchase and transaction history, billing and shipping addresses, marketplace listings, accommodation bookings.

Communications

Messages with other users, communications with our support team, survey responses and feedback.

Identity Verification

Government ID (when required for certain features), selfie verification photos, business documentation (for business accounts).

2.2 Information Collected Automatically

Device Information

Device type, model, and manufacturer; operating system and version; unique device identifiers; mobile network information; browser type and version.

Usage Information

Features you use and actions you take; time, frequency, and duration of activities; content you view and interact with; search queries; referral sources.

Location Information

Precise GPS location (when enabled), IP-based approximate location, location history (when enabled), check-ins and places you visit.

Log Data & Cookies

IP address, access times and dates, app crashes and error reports, performance data, session cookies, analytics cookies, authentication tokens, local storage data.

2.3 Information from Third Parties

We may receive information from social sign-in providers, payment processors, partners and integrations, and other users (messages sent to you, tags, mentions, and contact uploads with your permission).

3. How We Use Your Information

3.1 Providing and Personalizing Our Service

• Create and maintain your account
• Display your profile and content to others
• Personalize your feed and recommendations
• Enable messaging and communication features
• Process transactions and payments
• Facilitate marketplace and accommodation services
• Provide location-based features and services

3.2 Safety, Security, and Integrity

• Verify accounts and prevent fraud
• Detect and prevent spam and abuse
• Enforce our Terms of Service and policies
• Protect users from harmful content and conduct
• Secure our systems and infrastructure
• Detect child sexual abuse material (CSAM) using on-device and server-side scanning technologies
• Identify grooming patterns and predatory behavior in conversations using on-device AI safety classifiers
• Report confirmed CSAM to the National Center for Missing & Exploited Children (NCMEC) as required by law
• Restrict or lock conversations when critical safety risks are detected to protect users

3.3 Communication

Send service-related notifications, respond to your inquiries, notify you of policy updates, send transaction confirmations, and provide security alerts.

3.4 Improvement and Development

Analyze usage patterns, test and develop new features, fix bugs and improve performance, conduct research and analytics, and gather feedback.

3.5 Advertising

If we display ads, we may show relevant advertisements based on interests and measure ad effectiveness. We provide analytics to advertisers in aggregated form only. We do not sell your personal information to advertisers.

4. How We Share Your Information

With Other Users

Based on your privacy settings: profile information you make public, content you post or share, location (when you choose to share), activity status and presence, mutual connections.

With Service Providers

Cloud hosting and storage providers, payment processors, analytics services, customer support tools, security and fraud prevention services, communication service providers. These providers are contractually bound to protect your information.

For Legal Reasons

To comply with legal obligations, in response to valid legal requests (warrants, subpoenas), to protect our rights, property, or safety, and to protect users or the public from harm. We will notify you of legal requests when legally permitted.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and your options.

Aggregated Data

We may share aggregated or de-identified information that cannot reasonably identify you for research, analytics, or business purposes.

5. Your Privacy Controls and Rights

5.1 Account Settings

You can control profile visibility and privacy, who can message you, who can see your location and activity status, notification preferences, and connected accounts.

5.2 Data Access and Portability

You can access your account data through settings, download a copy of your data, and view your activity history.

5.3 Correction and Deletion

You can edit your profile information, delete individual posts and content, and request account deletion.

5.4 Communication Preferences

You can opt out of promotional emails, manage push notification settings, and control in-app notifications.

5.5 Location Controls

You can enable or disable location services, control location sharing with specific people, and delete location history.

5.6 Additional Rights

Depending on your jurisdiction, you may have rights to object to certain processing, restrict processing of your data, withdraw consent, and lodge complaints with supervisory authorities.

6. Data Retention

We retain your information for as long as your account is active, as needed to provide our services, and as required by law or for legitimate business purposes.

After Account Deletion

Profile and content are removed within 90 days. Some data may persist in backups temporarily. Certain information is retained for legal compliance. Aggregated/anonymous data may be kept indefinitely.

Specific Retention Periods

Messages: Until deleted by participants

Transaction records: As required by financial regulations (typically 7 years)

Log data: Up to 12 months

Account inactivity: Accounts inactive for 18 months may be deleted

7. Data Security

Security Measures

• Encryption in transit (TLS/SSL)
• Encryption at rest for sensitive data
• End-to-end encryption for private messages (where enabled)
• Secure authentication systems
• Regular security audits and testing
• Access controls and monitoring
• Incident response procedures

Your Role in Security

Use a strong, unique password; enable two-factor authentication; do not share login credentials; report suspicious activity; keep your device and apps updated.

Data Breach Response

In the event of a data breach, we will notify affected users as required by law, take steps to mitigate harm, and cooperate with authorities as appropriate.

8. International Data Transfers

OnFire operates globally, and your information may be transferred to and processed in countries outside your residence. For transfers from the EEA, UK, or Switzerland, we use Standard Contractual Clauses approved by the European Commission, adequacy decisions where applicable, and other appropriate safeguards as required by law.

9. Children's Privacy

OnFire is not intended for children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect information from children below this age.

For users between 13-17, enhanced privacy settings are applied by default, certain features may be restricted, sensitive content is filtered, and location sharing requires additional consent.

Parents and guardians can review their child's account settings, request deletion of a child's account, and contact us with concerns. If we learn we have collected information from a child without proper consent, we will delete it promptly.

10. Child Safety Scanning & CSAM Protection

OnFire is committed to preventing child sexual exploitation and protecting minors from grooming and predatory behavior. We employ multiple layers of safety technology, including on-device artificial intelligence and server-side systems, to detect and respond to potential threats.

10.1 On-Device Safety Scanning

OnFire uses on-device AI classifiers to analyze conversation patterns for indicators of grooming behavior. This scanning occurs locally on your device, meaning conversation content is processed without being sent to our servers for this purpose. The AI model evaluates anonymized conversation metadata and patterns against known grooming indicators, including age probing, isolation tactics, secrecy requests, boundary testing, sexual escalation, and other recognized risk categories.

On-device scanning produces a risk assessment score. If the risk score falls below a safety threshold, no data leaves your device. Only when risk indicators exceed defined thresholds may limited safety event data (risk score, risk category, and conversation identifier — not the conversation content itself) be transmitted to our servers for review.

10.2 Server-Side Safety Systems

When on-device scanning identifies elevated risk, our server-side safety systems may perform additional analysis, including cloud-based AI confirmation of risk assessments. Server-side systems also detect child sexual abuse material (CSAM) using content moderation APIs and perceptual hash matching against known CSAM databases. These processes are strictly limited to child safety purposes.

10.3 Safety Event Data

When safety systems detect potential risks, we may collect and process the following data:

• Risk assessment scores and categories from on-device and cloud classifiers
• Conversation identifiers (not message content) associated with safety events
• Timestamps and metadata of safety events
• Actions taken (e.g., conversation restrictions, review requests)
• Evidence preserved for confirmed CSAM detections as required by law

Safety event data is retained for as long as necessary to fulfill legal obligations, complete investigations, and comply with reporting requirements. Evidence related to confirmed CSAM detections is retained in accordance with 18 U.S.C. § 2258A.

10.4 NCMEC Reporting

As a U.S. electronic service provider, OnFire is legally required under 18 U.S.C. § 2258A to report apparent child sexual abuse material (CSAM) to the National Center for Missing & Exploited Children (NCMEC) via the CyberTipline. When our systems detect confirmed or highly likely CSAM, we will:

• Preserve evidence as required by law
• Submit a CyberTipline report to NCMEC within 24 hours of detection
• Immediately restrict the associated accounts and conversations
• Cooperate with NCMEC, law enforcement, and other authorities as required

We are prohibited by law from notifying users when a CyberTipline report has been filed regarding their account.

10.5 Escalation and Conversation Restrictions

Our safety systems employ a tiered escalation model based on risk severity:

• Low risk: Events are logged locally for pattern monitoring. No user-facing action is taken.
• Elevated risk: Safety events are reported to our review team. Conversations may be placed under enhanced monitoring.
• High risk: Both participants may be asked to complete age verification. The conversation may be temporarily paused pending verification.
• Critical risk: The conversation is immediately locked for both participants. Our review team is notified with priority, and mandatory reporting obligations may be triggered.

Conversation restrictions are applied bilaterally to both participants in a flagged conversation. Users may request a review of safety restrictions through our support channels.

10.6 Apple Sensitive Content Analysis

On supported Apple devices (iOS 17+), OnFire integrates with Apple's Sensitive Content Analysis framework to detect potentially explicit images and videos before they are displayed. This analysis occurs entirely on your device using Apple's built-in technology. OnFire does not receive or process the content of images analyzed by this framework. When sensitive content is detected, it is blurred and you are presented with a warning before choosing whether to view it.

Your Privacy: On-device safety scanning is designed to protect your privacy. Conversation content is analyzed locally and is not transmitted to our servers unless critical safety thresholds are exceeded. We do not use safety scanning data for advertising, profiling, or any purpose other than child protection and legal compliance.

11. Special Categories of Data

We may process certain sensitive information only with your explicit consent or as permitted by law, including biometric data (face recognition for verification), health information, religious or political views, and sexual orientation (only if you choose to include these in your profile).

You control whether to share sensitive information. Such data is processed only for the specific purposes you authorize.

12. Third-Party Services

OnFire may integrate with third-party services including payment processors, maps and location services, analytics providers, and communication APIs.

Our Service may contain links to external websites. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies.

Note: If you interact with bots or third-party integrations, they may receive information you share with them. Their data practices are governed by their own policies. Use caution when sharing sensitive information.

13. Cookies and Tracking Technologies

Essential Cookies: Required for basic functionality

Authentication Tokens: To keep you logged in

Analytics Tools: To understand usage patterns

Local Storage: To store preferences

You can control cookies through browser settings, device settings, and our cookie preference center on the web. Note that disabling certain cookies may affect functionality.

14. Legal Bases for Processing (EEA/UK Users)

Contract Performance

Providing our services, processing transactions, managing your account.

Legitimate Interests

Improving our services, ensuring security, preventing fraud, marketing (with opt-out available).

Legal Compliance

Tax and financial regulations, law enforcement requests, legal obligations.

Consent

Location sharing, marketing communications, sensitive data processing, cookies (where required). You can withdraw consent at any time.

15. California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

Right to Know: Categories of information collected, sources, purposes, and third parties with whom we share.

Right to Delete: Request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out: We do not sell personal information. If this changes, you will have the right to opt out.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@onfire.so or through app settings.

16. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notice, update the "Last Updated" date, and provide at least 30 days notice before significant changes take effect. Your continued use after changes constitutes acceptance of the updated policy.

17. Contact Us

For questions, concerns, or to exercise your rights: