Privacy Policy

1. Overview and Scope

Webfire Internet Services ("Webfire," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, how we protect it, and your rights regarding your data.

This policy applies to:

• Our website (webfire.ca)
• Shared web hosting, VPS, email hosting, SSL certificates, and domain registration services
• Customer portals, control panels (DirectAdmin), and billing systems
• Support interactions and communications

By using Webfire services, you consent to the collection and use of information as described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

We collect several types of information to provide, improve, and secure our services.

2.1 Account Information

When you create a Webfire account, we collect:

• Contact details: Name, email address, phone number, company name (if applicable)
• Login credentials: Username and password (hashed and encrypted)
• Profile information: Account preferences, notification settings, timezone

2.2 Billing and Payment Information

To process payments, we collect:

• Billing address: Street address, city, province/state, postal code, country
• Payment details: Credit card information is processed and stored by our PCI-compliant payment processor — we do not store full card numbers
• Tax information: GST/HST numbers for Canadian businesses where applicable
• Transaction history: Invoices, payment receipts, credits, and refunds

2.3 Usage and Technical Information

When you use our services, we automatically collect:

• Service usage: Hosting resources provisioned, bandwidth consumed, service configurations
• Log data: IP addresses, access times, control panel activity, authentication attempts, error logs
• Device and browser information: User agent, operating system, browser type and version

Important: We do not access the content stored on your hosting account (files, databases, emails) unless you explicitly grant us permission for support purposes or as required by law.

2.4 Support and Communication Data

When you contact support or interact with us, we collect:

• Support ticket content (messages, attachments, screenshots)
• Email correspondence
• Feedback and feature requests
• Contact form submissions

3. How We Use Information

3.1 Service Delivery

• Provisioning and managing hosting accounts, VPS, email, and domain services
• Processing payments and managing billing cycles
• Authenticating users and securing accounts
• Providing technical support and responding to inquiries

3.2 Service Improvement

• Monitoring infrastructure performance and uptime
• Identifying and resolving technical issues
• Analyzing usage patterns to optimize capacity and features
• Developing new services and enhancements

3.3 Security and Compliance

• Detecting and preventing fraud, abuse, and unauthorized access
• Investigating security incidents and policy violations
• Complying with legal obligations and responding to lawful requests
• Enforcing our Terms of Service and Acceptable Use Policy

3.4 Communication

• Sending service notifications (provisioning confirmations, maintenance alerts, security updates)
• Providing billing invoices and payment reminders
• Delivering support responses and ticket updates
• Sharing important policy changes or service announcements

3.5 Marketing (With Consent)

With your explicit consent, we may use your email address to send product updates, announcements, and promotional offers. You can unsubscribe at any time by clicking the "unsubscribe" link in any email or contacting us directly.

4. Cookies and Analytics

4.1 Types of Cookies We Use

• Essential cookies: Required for login, session management, and security (authentication tokens, CSRF protection on contact and support forms)
• Functional cookies: Remember your preferences such as language and dashboard layout
• Analytics cookies: Help us understand website traffic and popular pages using privacy-respecting, aggregated statistics

We do not use third-party advertising or tracking cookies.

4.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect your ability to use certain features such as contact forms and the customer portal.

5. Data Residency

Webfire is a Canadian company and our infrastructure is located in Canada. Your hosting data, files, and databases reside on Canadian servers.

5.1 Hosting and Customer Data

• Your websites, files, databases, and emails are stored on servers located in Canada
• Backups are stored in the same Canadian infrastructure by default
• Your data does not leave Canada unless you explicitly configure external connections

5.2 Account and Billing Data

Some operational systems may process data outside Canada:

• Payment processing: Credit card transactions are processed by our PCI-DSS compliant payment processor, which may store transaction data in the US or other jurisdictions
• Support systems: Support ticket metadata and communications may be processed using third-party tools that have servers outside Canada

We select vendors that provide strong data protection and comply with applicable privacy laws. Where data is transferred outside Canada, appropriate safeguards are in place.

6. Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We may share your information in the following limited circumstances:

6.1 Service Providers

We share information with trusted third-party vendors who help us operate our business:

• Payment processors (for billing and invoicing)
• Data centre providers (for infrastructure hosting)
• Domain registrars (for domain registration and transfers)
• Support and communication tools (for customer service)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 Legal Obligations

We may disclose information when required by law or legal process:

• Court orders, subpoenas, or search warrants
• Law enforcement requests (where legally valid)
• Regulatory investigations or compliance audits
• Protection of our rights, property, or safety, or that of our customers or the public

Where permitted by law, we will notify you of legal requests for your data unless prohibited by the order itself.

6.3 Business Transfers

If Webfire is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you via email before your information is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share information with third parties when you provide explicit consent (for example, when integrating third-party services with your hosting account).

7. Data Retention

We retain your personal information for as long as necessary to provide services and fulfill the purposes outlined in this policy.

7.1 Active Accounts

While your account is active, we retain:

• Account and profile information
• Billing and transaction history (for the duration of the account plus 7 years for tax and accounting purposes)
• Usage logs (typically 90 days to 1 year, depending on log type)
• Support ticket history

7.2 After Account Closure

When you cancel your services:

• Hosting data: Files, databases, and emails are deleted within 30 days of cancellation
• Account information: Deleted within 90 days, except as required for legal, tax, or fraud prevention purposes
• Billing records: Retained for 7 years to comply with Canadian tax laws
• Security logs: May be retained longer if related to fraud investigations or legal matters

7.3 Legal Holds

If your information is subject to a legal hold (for example, pending litigation or a regulatory investigation), we will retain it until the hold is lifted.

8. Security Safeguards

We implement technical and organizational security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.

8.1 Technical Measures

• Encryption: Data in transit is encrypted using TLS/SSL. Data at rest (databases, backups) is protected using appropriate encryption and access controls
• Access controls: Employee access to customer data is restricted on a need-to-know basis
• Authentication: Strong password requirements enforced on all internal and customer-facing systems
• Network security: Firewalls, intrusion detection systems, and DDoS mitigation
• Logging and monitoring: Security event logging, anomaly detection, and periodic internal security reviews

8.2 Your Responsibilities

Security is a shared responsibility. You must:

• Use strong, unique passwords for your hosting account and control panel
• Keep your login credentials confidential
• Keep your hosted applications and software up to date
• Promptly report any suspected security incidents to our support team

Note: No security system is 100% foolproof. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Privacy Rights

You have rights regarding your personal information under Canadian privacy laws (including PIPEDA and applicable provincial laws).

9.1 Access and Portability

You have the right to access your personal information and request a copy of the data we hold about you. For requests, contact us at support@webfire.ca.

9.2 Correction

You can update your account information and billing details at any time through your DirectAdmin control panel or by contacting our support team.

9.3 Deletion

You can request deletion of your personal information by cancelling your account or contacting us. Note that:

• Some data must be retained for legal, tax, or fraud prevention purposes (e.g., billing records)
• Deleted data cannot be recovered
• We may retain aggregated, anonymized data for analytics

9.4 Objection and Restriction

You can object to certain uses of your information (such as marketing emails) or request that we restrict processing by contacting us or using the unsubscribe link in any email.

9.5 Withdraw Consent

Where we rely on your consent (for example, for marketing communications), you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

9.6 File a Complaint

If you believe we have mishandled your personal information, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada:

10. International Data Transfers

Webfire is based in Edmonton, Alberta, Canada, and our primary infrastructure is located in Canadian data centres. However, some third-party service providers (payment processors, support tools) may process data in other countries, including the United States.

When we transfer personal information outside Canada:

• We ensure the recipient provides adequate data protection or we implement appropriate safeguards
• We select vendors that comply with applicable privacy laws and industry standards
• We limit the amount of data transferred to what is strictly necessary

By using our services, you consent to these transfers as described in this policy.

11. Children's Privacy

Webfire services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@webfire.ca. We will promptly delete such information from our systems.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email if you have an active account
• Post a notice on our website

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

13. Contact Information and Privacy Requests

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

For privacy requests (access, correction, deletion), please include:

• Your full name and account email address
• A clear description of your request
• Proof of identity (to prevent unauthorized disclosure)

We will respond to verified requests within 30 days as required by Canadian privacy laws.