[] BONFIRE · v0.1.0 · NOMINAL

// legal

Privacy Policy

Effective:

What the Bonfire website collects, why, how long, and what rights you have. Phase 1 draft; lawyer review required before payment flows.

1. What we collect

On the website: if you accept cookies via the consent banner, privacy-respecting analytics (PostHog) and error tracking (Sentry) fire. IP addresses are anonymized at collection time. Session data includes page views, scroll depth, and anonymized click events. Error reports include stack traces and a redacted user agent string.

If you reject cookies, nothing fires. Reject is the default until you explicitly accept.

In the open-source framework: nothing phones home. The framework is a Python package that runs entirely on your own machine with your own API keys. The operator has no visibility into framework usage unless you explicitly opt in to telemetry (Phase 2+ feature, not available today).

2. Why we collect it

Website analytics: to understand which pages hold attention, which docs get read, and which parts of the funnel lose people. Errors: to fix bugs before users report them.

We do not sell your data. We do not share it with advertisers. We do not use it for retargeting or lookalike audiences. The analytics exist to make the site better for the disillusioned professional developer, not to extract value from their visit.

3. How long we keep it

Analytics data: 30 days of session-level detail, then aggregated for longer-term trends. Error reports: 90 days or until the underlying bug is fixed, whichever comes first. Nothing is kept longer than 12 months.

4. Your rights

Under GDPR (if you are in the EEA / UK) and CCPA (if you are in California), you have the right to access, correct, delete, or export the data we hold about you. You also have the right to opt out of tracking at any time, including after you previously accepted. Use the DSR request mechanism below.

5. DSR request mechanism

Data Subject Requests (GDPR) and CCPA opt-out requests: open a GitHub issue on the framework repository with the label privacy, or contact the operator via the email address published on the GitHub profile. Requests are processed within 30 days. If you want the request deleted from GitHub after processing, say so in the request; the operator will oblige.

6. Changes

This policy may change as the site grows. When it does, the effective date at the top of this page updates. Material changes will be announced via the site before they take effect. No material change takes effect retroactively.