Skip to Content

Security at Bonfire

At Bonfire, we move mountains to help others win. Our team is committed to securing your data and being forthright about how we do this.

Compliance Certifications and Regulations

  • AICPA SOC certification logo
  • General Data Protection Regulation (GDPR) logo
  • Personal Information Protection and Electronic Documents Act (PIPEDA) logo
  • Accessibility for Ontarians with Disabilities Act (AODA) logo
  • Americans with Disabilities Act (ADA) logo
AICPA SOC certification logo


Bonfire achieved SOC2 Type I certification in August 2020 and is in the monitoring process towards achieving Type II.

System and Organization Controls (SOC) 2 is a comprehensive reporting framework put forth by the American Institute of Certified Public Accountants (AICPA) in which independent, third-party auditors (i.e., CPA’s) for an assessment and subsequent testing of controls relating to the Trust Services Criteria (TSC) of Security, Availability, Processing Integrity, Confidentiality or Privacy.

General Data Protection Regulation (GDPR) logo

General Data Protection Regulation (GDPR)

Bonfire is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR).

We have introduced processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.

To learn more about our GDPR compliance, please read our Privacy Policy.

Personal Information Protection and Electronic Documents Act (PIPEDA)

Personal Information Protection and Electronic Documents Act (PIPEDA)

Bonfire follows privacy laws established by the Government of Canada.

To learn more about the steps we take to protect your privacy, please read our Privacy Policy.

Accessibility for Ontarians with Disabilities Act (AODA) and Americans with Disabilities Act (ADA) logos

Accessibility for Ontarians with Disabilities Act (AODA)
Americans with Disabilities Act (ADA)

Starting in 2015, we’ve focused on delivering an experience that meets compliance as laid out in the Web Content Accessibility Guidelines (WCAG) 2.0 Level A. Leading up to 2021, we are committed to meeting WCAG 2.0 Level AA in order to better support a wide range of persons with disabilities and meet additional compliance requirements in accordance with ADA and AODA Compliance requirements.

See more at

Security Policy

Bonfire is committed to protecting our customers’ data.

We use industry-standard technologies and service providers using only the highest protection, configuration, and encryption standards to keep customer data secure at all times. We design, develop, and maintain our systems and applications following industry standards and best practices from CIS, NIST, and OWASP.

American, Canadian and European Union flag

Data centers

Bonfire uses a Tier 1 cloud provider to run our operations. We use Amazon Web Services (AWS) data centers that have been certified for ISO, PCI, SOC, CSA, FedRAMP, FIPS, NIST, PIPEDA, and more.

Learn more about AWS Security:

AWS Data Center Certifications
AWS Data Center Security Controls
AWS Security Whitepaper

Encryption In-Transit

All communication with the Bonfire portal and APIs are encrypted while in-transit using industry-standard HTTPS/TLS (TLS 1.2 or higher) over the Internet, ensuring that all traffic between you and Bonfire is secure during transit.

Encryption at Rest

All customer data is encrypted at rest in AWS using AES-256 encryption.

Data Residency

Based on the location and jurisdiction of your company, Bonfire stores your data within the US, Canada, or EU data regions.

Data Ownership

You own your data and retain all rights, title, and interest in the data you store in Bonfire.


All customer data stored with Bonfire is replicated and backed up on a continual basis. We test our backup and recovery processes to ensure that we can recover your data in the event of a disaster.


Bonfire continuously monitors our application and infrastructure load and performance. In the event of an application error, our technical team is notified automatically (both for server-generated errors and client-generated errors). Logs are processed and stored using a centralized log management system.

Security Training & Awareness

All Bonfire employees receive security awareness fundamentals training upon hire and annually thereafter. Developers also receive secure coding training to identify and defend against common coding errors and security threats.

Security questions or issues?

If you have a question or think you have found a vulnerability within Bonfire, please get in touch with your sales or support representative.

Please note, Bonfire does not permit unsolicited security testing against our sites or services.

Read more about our: