Privacy Policy
Effective April 18, 2026 (Draft)
1. Who we are
The Fire Business Suite — including Fire Invoice, Fire Payroll, Fire Books, and any future Fire products — is operated by Prometheus Solutions Inc., a Delaware corporation, doing business as Fire (“we,” “us,” or “our”). We can be reached at hello@firesuite.io.
Fire provides software tools that help businesses invoice clients, pay employees and contractors, and manage their books. Payments between parties occur directly between their wallets via the MobileCoin network. Fire is not a bank, payment processor, or money transmitter, and never holds, touches, or intermediates funds.
2. What we collect and why
2.1 Account information
When you create an account, we collect your name and email address. This is used to identify your account, keep you signed in, and send you transactional emails such as magic-link sign-in codes and product notifications. We do not use this information for advertising.
2.2 Business information
Information you enter into your business profile (business name, address, phone, website, logo) is stored to populate your invoices, pay stubs, and accounting records. This information is yours. We do not analyze, share, or sell it.
2.3 Invoice data (Fire Invoice)
Invoice contents, including line items, recipient information, amounts, and memos, are encrypted at rest using AES-256-GCM encryption. We cannot read your invoice contents in plaintext. Invoice data exists on our servers solely to deliver the service to you.
2.4 Payroll data (Fire Payroll)
To run payroll, you provide information about the people you pay — employee or contractor name, email, payment address, and pay amounts. All personal information is encrypted at rest using AES-256-GCM encryption. We cannot read this information in plaintext.
If your employees or contractors sign in to the Fire Payroll employee portal to view their own pay stubs, we treat their access the same way we treat yours: session data is strictly necessary, and we do not track or analyze portal activity for any purpose beyond delivering the service.
Pay stubs delivered by email to employees or contractors deliberately omit transaction amounts, wallet addresses, and transaction identifiers. Those details live in the portal, protected by authentication.
2.5 Accounting data (Fire Books)
Fire Books receives transaction data from sources you explicitly connect — for example, Fire Pay payment confirmations, Fire Shop order events, or approved third-party integrations. Transactions and categorizations are encrypted at rest.
When you generate an API key to grant an external service permission to push data into Fire Books, we store only what is necessary to authenticate that service: the integration type, a hashed key, and usage metadata.
2.6 Payment information
We do not collect, store, or process payment credentials of any kind. All payments occur directly wallet-to-wallet via the MobileCoin network. Fire never holds, touches, or intermediates funds. We have no visibility into or control over MobileCoin transactions.
2.7 Session data
We use secure, server-side session cookies to keep you signed in. These are strictly necessary for the service to function. We do not use cookies for advertising, tracking across sites, or behavioral analytics.
2.8 Exchange rates
We fetch live MOB-to-fiat exchange rates from CoinGecko to display approximate fiat equivalents on invoices and pay stubs. We do not store these rates beyond the session.
3. What we do not do
- We do not sell your data to any third party
- We do not share your data with third parties for their own purposes
- We do not use your data for advertising, profiling, or behavioral targeting
- We do not track your activity for any purpose beyond delivering the service
- We do not read or analyze your invoice, payroll, or accounting contents
- We do not use third-party analytics trackers on authenticated pages
- We do not rent or trade your email address
4. Third-party services
We use the following third-party processors to deliver the service. Each processes only the minimum data needed for its specific function:
- Neon(neon.tech) — database hosting. Your encrypted data is stored on Neon’s infrastructure. Neon’s own privacy policy applies to their handling of infrastructure-level data.
- Cloudflare R2 — object storage for business logos and documents you upload. Files are served through signed URLs with short expirations.
- Fly.io— application hosting. Requests are processed on Fly’s infrastructure. Fly’s privacy policy applies to infrastructure-level data.
- Cloudflare — DNS, DDoS protection, and CDN. Cloudflare may process request metadata (including IP addresses) as part of providing these services.
- Resend (resend.com) — transactional email delivery. When you send an invoice, receive a sign-in link, or receive a product notification, the email is transmitted via Resend. Resend processes the recipient email address and message content necessary to deliver the message.
- CoinGecko — exchange rate API. Rate requests contain no personally identifiable information.
We do not use advertising networks, data brokers, or behavioral analytics services.
5. Encryption
Personal identifiers, business information, invoice contents, payroll data, and accounting transactions are encrypted at rest using AES-256-GCM. Encryption keys are managed by Fire and are not accessible to our infrastructure providers. In plain terms: we cannot read your data by looking at our database. We access your data only as necessary to deliver the service to you, or where required by law.
6. Data retention and deletion
We retain your data for as long as your account is active. When you delete your account, all associated data — business profile, invoices, pay runs, employee information, accounting entries, API keys, and session data — is permanently deleted from our systems within 30 days. Encrypted backups are purged on the same schedule.
Certain records may be retained longer if required by law (for example, to comply with a legal hold, tax recordkeeping obligation, or fraud investigation). In those cases, we retain only the minimum necessary data for the minimum necessary period.
7. Your rights
You have the right to:
- Access— export all your data at any time from Settings → Export Data
- Correction — update your information at any time in Settings
- Deletion— delete your account and all associated data from Settings → Delete Account. This action is irreversible.
- Portability — your data export is provided in standard JSON format
- Objection — you can contact us to object to any processing of your personal information
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the GDPR, including the right to lodge a complaint with your local supervisory authority. If you are located in California, you have rights under the California Consumer Privacy Act (CCPA), including the right to know, the right to delete, and the right to opt out of sale (note: we do not sell personal information).
For any privacy request, contact us at hello@firesuite.io. We respond within 30 days.
8. Children
You must be of legal age to enter contracts in your jurisdiction to use Fire. We do not knowingly collect personal information from anyone under the age of 13. If you believe a minor has created an account, contact us at hello@firesuite.io and we will delete it promptly.
9. International transfers
Fire is operated from the United States. If you access the service from outside the United States, your data may be transferred to and processed in the United States. By using the service, you consent to this transfer. Where required by applicable law, we rely on Standard Contractual Clauses or equivalent safeguards for international transfers.
10. Security incidents
In the event of a confirmed security incident that affects your personal information, we will notify you by email without undue delay, along with a description of the incident, the data potentially involved, and the steps we are taking in response. Where required by law, we will also notify relevant authorities.
11. Changes to this policy
We will notify you of material changes to this policy by email at least 30 days before they take effect. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
12. Contact
Prometheus Solutions Inc. (d/b/a Fire)
hello@firesuite.io