Bonfiire Privacy Policy

We collect information you provide directly, including: (a) account information such as name, email, phone, company affiliation, and job title; (b) profile preferences, dietary restrictions, and accessibility needs; (c) booking details including event dates, guest counts, budgets, and special requests; (d) payment information such as credit card details and billing address, processed by our third-party payment processor; (e) communications with venues, support inquiries, and feedback; (f) user-generated content including reviews, ratings, and photos; (g) corporate account information including admin details, policies, and approval workflows; and (h) venue partner information including business name, address, tax ID, banking details, and insurance information.

We also collect information automatically, including: (a) device information such as device type, operating system, and browser; (b) log data such as IP address, access times, pages viewed, and referring URLs; (c) usage data such as features used, search queries, booking patterns, and Bonni interactions; (d) general location from IP address, or precise location if you permit it; and (e) cookies and similar tracking technologies. Bonni AI interactions, including conversations, preferences learned, and recommendations generated, may be used to improve the AI service. We may also receive information from third parties, including corporate directories, payment verification data, background check information for venue partners, analytics providers, and social media profiles if you connect social accounts.

We use your information for platform operations: processing bookings and transactions, providing Bonni AI assistance, routing meeting requests, processing payments as merchant of record, issuing venue payouts via virtual credit card, managing venue listings and availability, sending booking confirmations and event communications, and providing customer support. We also use it to improve the Platform: personalizing your experience, developing new features, training Bonni AI, conducting analytics, optimizing dynamic pricing, and detecting and preventing fraud.

For corporate customers, we use information to generate reporting and analytics dashboards, support approval workflows and policy compliance, provide spend visibility and tracking, support duty of care obligations, and enable integration with corporate travel and expense systems. We send service-related notifications (booking confirmations, changes, reminders), marketing communications (with consent and opt-out available), and platform updates and policy changes. We also use information to comply with legal obligations, enforce our Terms of Use, protect rights and safety, and detect fraud and abuse.

We share necessary booking information between Customers and Venues to fulfill events. For Venue Partners, we share your listing information, photos, descriptions, and availability publicly on the Platform and through third-party distribution channels. We share Venue Partner banking and payout information with our payment processors solely to facilitate virtual credit card payments. If you use an enterprise account, your organization’s administrators may access booking data, spend data, and usage data per the corporate agreement. We share information with service providers including payment processors, cloud hosting providers, analytics services, communication services, customer support tools, and insurance providers.

We may share information in connection with a merger, acquisition, or sale of assets; when required by law, legal process, or government request; to enforce our agreements; to protect rights, safety, or property; and with your explicit consent. We may share aggregated or de-identified data that cannot reasonably identify you for any purpose, including industry benchmarking, market research, and analytics.

All users may: (a) access their personal data; (b) correct inaccurate data; (c) delete their account; (d) opt out of marketing communications; and (e) manage cookie preferences.

California residents have additional rights under CCPA/CPRA, including the right to know what personal information is collected, used, and shared; the right to delete personal information; the right to opt out of sale or sharing; the right to non-discrimination; and the right to limit use of sensitive personal information. We do not “sell” personal information as defined by CCPA.

EU/EEA/UK residents have additional rights under GDPR, including rights of access, rectification, erasure, restriction, portability, and objection; the right to withdraw consent; and the right to lodge a complaint with a supervisory authority. International data transfers are protected by Standard Contractual Clauses or other appropriate safeguards. We also comply with applicable privacy laws in Canada (PIPEDA), Brazil (LGPD), and other jurisdictions. To exercise your rights, contact privacy@bonfiire.com.

We use essential cookies for platform functionality, analytics cookies to understand usage patterns, preference cookies to remember your settings, and marketing or advertising cookies with your consent where required. You can manage cookie preferences through your browser settings or our cookie management tool. We honor Do Not Track signals where technically feasible.

We protect your data with encryption in transit (TLS) and at rest, access controls and authentication, regular security assessments, incident response procedures, PCI DSS compliance for payment data, and employee training on data protection. No security system is perfect, and we cannot guarantee absolute security.

We retain account data while your account is active plus a reasonable period, booking and transaction data for 7 years for legal and tax compliance, Bonni interaction data for up to 3 years for service improvement, marketing data until you opt out, and venue partner data per the Venue Agreement terms. Anonymized or aggregated data may be retained indefinitely.

The Platform is not directed at children under 18. We do not knowingly collect data from children under 18; if discovered, we will delete such data promptly. Contact us if you believe a child has provided data. The Platform may contain links to third-party services; we are not responsible for their privacy practices, and we encourage you to review their policies.

We may update this Policy from time to time. Material changes will be notified via email or Platform notice. Continued use after changes constitutes acceptance. The date of last update is shown at the top of this Policy.