Bonfire Privacy Policy

We take your privacy seriously.


Bonfire Interactive Ltd. (“Bonfire”, “we”, “us”) has created this Privacy Policy (“Privacy Policy”) in order to set out how we collect, use, and disclose personal information through our competitive bidding and procurement software platform (the “Platform”) including through our provision and your use of the Platform Services (as defined in the Bonfire Terms & Conditions and the Portal Terms of Use). Our Platform is an adaptive sourcing procurement tool which enables registered users as buyers, (“Customers”) to administer a competitive bidding process with prospective vendors (“Vendors”).

The privacy of our Customers, Vendors, and their end users (“End Users”) is of great importance to us. By visiting any of our websites located at,,, (collectively, the “Website”) or using the Platform or Platform Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and you hereby consent to the collection, use and disclosure of your Personal Information in accordance with this Privacy Policy.


This Privacy Policy covers our collection, use and disclosure of information about identifiable individuals and information which can be used to identify an individual (“Personal Information”). Personal Information may be collected about our Customers, prospective Customers, visitors to the Website, and End Users of the Platform and/or Platform Services.

This Privacy Policy does not apply to the practices of companies that we do not own or control. The Platform and Platform Services are intended for use by businesses. Our Customers are responsible for maintaining their own privacy policies governing the collection, use and disclosure of Personal Information. You are responsible for ensuring that you have obtained the necessary authorizations and consents for any Personal Information you make available to us for use in accordance with this Privacy Policy.


3.1 Account Information

In order to use the Platform Services, our Customers, Vendors and their End Users may be required to have a valid Bonfire account to log in to the Platform (“Account”). When you register for the Platform Services or create an End User Account, Bonfire collects your name, email address, business phone number and business address (“Account Information”). End Users also have the option of uploading a profile picture to personalize interactions with other End Users.

Bonfires uses the Account Information to:

authenticate access to the Account and provide access to the Platform Services; provide, operate, maintain and improve the Platform Services

Send technical notices, updates, security alerts and support and administrative messages

Provide and deliver the Platform Services and features you request, process and complete transactions, and send you related information, including confirmations and invoices

Respond to comments, questions, and requests and provide customer service and support Communicate with you about services, features, surveys, newsletters, offers, promotions, contests and events, and provide other news or information about us and our select partners

Investigate and prevent fraudulent transactions, unauthorized access to the Platform Services, and other illegal activities

Personalize and improve the Platform Services, and provide content, features, and/or advertisements that match your interests and preferences or otherwise customize your experience on the Platform Services

Monitor and analyze trends, usage, and activities in connection with the Platform Services and for marketing or advertising purposes

Link or combine with other information we receive from third parties to help understand your needs and provide you with better service

Enable you to communicate, collaborate, and share files with users you designate; and For other purposes about which we will notify you about and seek your consent.

3.2 Vendors

Bonfire makes its Platform and the Platform Services available to Vendors of our Customers. In order to provide the Platform Services to our buyer Customers, Bonfire collects Personal Information about Vendors from our Customers. In particular, we collect business phone numbers and addresses of Vendors on behalf of our Customers. When we collect Vendor information from Customers, we are acting as the data processor and processing information only on instruction from our buyer Customers.

3.3 Prospective Customer

We collect names, email addresses and other business contact information about individuals who we consider to be prospective Customers and business partners (“Prospects”). Bonfire uses third-party service providers in order to collect, store and process Personal Information about Prospects, including: Salesforce, Amity, Delighted,, Yesware, Hubspot, Uberflip, Olark, Wistia, Slack,, Insight Squared, CPQ, Xero, DialPad, Grasshopper, Google Apps, Assana, Trello, Moqups, Sketch, envoy, inside sales, gov tech, zoom, gototmeeting, MailChimp. We use the third-party service providers to identify Prospects and locate contact information to contact Prospects about our products and services.

3.4 Website Visitors

As you visit or browse the Website, we collect information about the device and browser you use, your network connection, your IP address, and information about the cookies installed on your device. This information is logged to help diagnose technical problems for analytics and for quality control purposes. We also collect Personal Information submitted by any visitor to our Website through messaging features we make available on our Website and use such information for the purpose of responding to your requests.

3.5 Cookies

Bonfire requires authentication and authorization to in order to process Account access. As such, we use cookies throughout the Platform Services to authenticate users.

A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses our Website.

We use cookies to recognize devices and provide a personalized experience on Our Platform, or otherwise through the Platform Services. In particular, Bonfire uses session cookies containing encrypted information to allow the system to uniquely identify you while you are logged in. This information allows Bonfire to process your online transactions and requests. Session cookies help us make sure you are who you say you are after you’ve logged in and are required in order to use the Platform Services.

You may be able to set your browser to notify you when you are sent a cookie. This gives you the chance to decide whether or not to accept it. If you disable cookies, you may not be able to take advantage of all the features of the Website and/or Platform Services. We do not link any of the information we use in cookies to any personally identifiable information submitted by you when you are on the Website.

Bonfire also combines data derived from our usage of cookies with Account Information of registered users for the purposes set out in Section 3.1 above


Bonfire processes and stores its data, including Personal Information, on servers located in Canada and the United States. Bonfire also transfers data to the third-party service providers described in Sections 3.3 and 5.2.

By submitting Personal Information or otherwise using the Platform Services, you agree to this transfer, storing or processing of your Personal Information in Canada and the United States. You acknowledge and agree that your Personal Information may be accessible to law enforcement and governmental agencies in Canada and the U.S. under lawful access regimes or court order.

Bonfire uses a server located in the European Union to store data for our European Customers. However, Personal Information may be transferred to sub-processors in Canada and the United States in accordance with this Privacy Policy and applicable laws.


5.1 Processing of Vendor data on behalf of Customers

As a service provider to our Customers, we collect and analyze data related to our Customers’ Vendors on behalf of our Customers. In this role, Bonfire is a data processor, processing data upon instruction from our Customers. This Vendor data is shared only with the relevant Customer.

5.2 Service Providers and Business Partners

We may from time to time employ third parties to perform tasks on our behalf and we may need to share Account Information and other Personal Information with them to provide certain services. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary for them to provide the tasks and services on our behalf. The third parties we currently engage includes third party companies and individuals employed by us to facilitate our services, including the provision of maintenance services, database management, Web analytics and general improvement of the Platform Services, and businesses who engage our Platform Services (to the extent provided for above). In particular, Bonfire uses the following third-party service providers that process Personal Information on behalf of Bonfire: Amazon Web Services, LogDNA, TrackJS, Box, Zendesk, Postmark, Intercom, CloudFlare, Wufoo, Google Analytics, Segment and Heap.

5.3 Business Transfers

If our business (or substantially all of our assets) are acquired by a third party, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be made available or otherwise transferred to the new controlling entity, where permitted under applicable law.

5.4 With Your Consent

If we need to use or disclose any Personal Information in a way not identified in this Privacy Policy, we will notify you and/or obtain consent as required under applicable privacy laws.

5.5 As required by law

We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other End Users, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. Further, we may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to:

satisfy any applicable law, regulation, legal process or governmental request; enforce our contracts or user agreement, including investigation of potential violations hereof; and detect, prevent, or otherwise address fraud, security or technical issues The above may include exchanging information with other companies and organizations for fraud protection and spam/malware prevention. Notwithstanding the general terms of this policy, the collection, use, and disclosure of Personal Information may be made outside of the terms herein to the extent provided for in any applicable privacy or other legislation in effect from time to time, or pursuant to court orders.


We will keep your Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained Personal Information will remain subject to the terms of this Privacy Policy.


You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances, and as permitted under law, we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.

We will make every reasonable effort to keep your Personal Information accurate and up to date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Personal Information about you enables us to give you the best possible service.


Bonfire generally processes Personal Information in order to fulfill contracts we have with our Customers and End Users and to pursue our legitimate business interests listed above. Otherwise, Bonfire will obtain consent from an individual in respect of processing of Personal Information if required by law to do so.

Further, individuals located in the EEA have certain rights under European law (including under the General Data Protection Regulation) with respect to Personal Information, including the right to request access to, obtain, correct, amend, delete, or limit the use of your personal data. Individual End Users, Customers or prospective Customers located in to the EEA who wish to exercise these rights, should contact Bonfire using the contact information below in Section 10.

Vendors that do not have an Account should contact the buyer Customer with whom you interacted directly because Bonfire serves as a data processor on behalf of our buyer Customer, and can only forward your request to the buyer to allow them to respond. Individuals also have the right to make complaints to regulatory authorities in respect of our privacy practices.


We may amend this Privacy Policy from time to time. Use of Personal Information we collect is subject to the Privacy Policy in effect at the time such information is collected, used or disclosed. If we make material changes or changes in the way we use Personal Information, we will notify you by posting an announcement on our Website or Platform or sending you an email prior to the change becoming effective. You are bound by any changes to the Privacy Policy when you use the Website, Platform or Platform Services after such changes have been first posted


Questions regarding this Privacy Policy or Bonfire’s privacy practices should be directed to our Privacy Officer:

Privacy Officer
Bonfire Interactive Ltd.
121 Charles St. W. #C429
Kitchener, ON, Canada
N2G 1H6

Last Updated: 22nd May 2018