Privacy Policy.

Effective: May 1, 2026 · Last updated: May 1, 2026

We collect the minimum data required to take your order, ship it, and email you about it. We don't sell data. We don't run ad-tracking pixels in our checkout. We're a small Canadian company; the people seeing your data are the same people answering your support emails.

Contents

Who we are
What we collect
Why we collect it
Who we share it with
How long we keep it
Cookies & analytics
Your rights
Children's data
Data-breach commitment
Contact

1. Who we are

FireKeep Tools, Vancouver BC, Canada. Privacy contact: [email protected]. We are the data controller for everything described below.

2. What we collect

Three categories. We're explicit because we'd rather you trust us than wonder.

Order data

Email, name, shipping address, billing address (collected at checkout)
Order details (which product, quantity, price, shipping method)
Payment method last-4 digits and card brand (Stripe holds the full number — we never see it)
Tax-relevant location info (state/province for sales-tax calculation)

Communication data

Email content + timestamps when you write to us
Email open + click events on our newsletters (so we know what content is useful)
Support-ticket history if you've contacted us

Analytics data (anonymized)

Pages visited on firekeep.ca (PostHog, with personal identifiers stripped)
Approximate location (city level — IP-derived, not GPS)
Browser, device type, screen size
Referring URL (where you clicked from)

We do not collect: precise location, contact lists, browsing history outside firekeep.ca, social-media profile data, biometrics, or any health information.

3. Why we collect it

To fulfill your order — ship the unit, send tracking, refund if requested.
To communicate — pre-order updates, shipping notifications, customer support replies.
To improve the product — anonymized site analytics tell us which pages are working and which aren't.
To comply with law — sales-tax records, FDA-required serial-number registration, Canadian consumer-protection records.

We share data only with the third parties strictly required to run the business:

Stripe (payment processing) — handles your card data so we don't have to. Stripe Privacy Policy.
Resend (transactional email) — sends our order confirmations, shipping notifications, etc. Resend Privacy Policy.
PostHog (anonymized site analytics) — EU-hosted, GDPR-compliant. PostHog Privacy Policy.
Cloudflare (hosting + CDN) — serves our site. Caches IP-level traffic logs. Cloudflare Privacy Policy.
Shipping carriers — Canada Post, UPS, FedEx — receive your shipping address to deliver your unit.
Government agencies — only when legally compelled (subpoena, tax audit, FDA-mandated serial registration).

We do not, and will not, sell your data to advertisers, data brokers, or anyone else. We also don't run advertising trackers on the checkout page.

5. How long we keep it

Order records — 7 years (CA + US tax law requirement).
Email content — 3 years from your last interaction.
Newsletter subscriptions — until you unsubscribe.
Anonymized analytics — 24 months rolling, then aggregated to non-identifiable form.
Support tickets — 5 years (warranty + RMA tracking).

6. Cookies & analytics

We use only the cookies we need. No third-party advertising cookies. No social-media tracking pixels.

Session cookies (Cloudflare) — keep your session alive while you browse. Expire when you close the tab.
Age-gate (localStorage) — remembers you've confirmed you're 18+. Stored only on your device.
PostHog session ID — anonymized identifier for site analytics. Reset every 30 days. We've configured PostHog to not track personal identifiers.

Stripe sets its own cookies during checkout for fraud prevention. You can review their cookie controls directly.

7. Your rights

Regardless of where you live, you can:

Access any data we have about you (email [email protected] — we respond within 30 days).
Correct inaccurate data.
Delete your data, except where law requires we retain it (e.g., tax records). Tax-required records are pseudonymized but retained.
Export your data in a machine-readable format (JSON or CSV).
Opt out of marketing email (link in every email + email us).

If you're in the EU/UK, you also have rights under GDPR (Article 15-22), including the right to lodge a complaint with your data-protection authority. We are not currently shipping to the EU/UK; if and when we do, this policy will be updated with full GDPR provisions.

If you're in California, you have rights under CCPA / CPRA — same rights as above plus the right to opt out of the sale of personal information (we don't sell, so this is moot for us).

If you're in Canada, your rights under PIPEDA + your provincial privacy act apply. BC residents have additional rights under PIPA.

8. Children's data

FireKeep products are restricted to adults 18+. We do not knowingly collect data from anyone under 18. If you believe we've collected data from a minor, email [email protected] and we'll delete it within 7 days.

9. Data-breach commitment

If we ever experience a data breach affecting your information, we will:

Notify affected users within 72 hours of confirmed breach (regardless of jurisdictional minimum).
Notify the relevant data-protection authorities as required by law.
Tell you exactly what was exposed, what we're doing about it, and what you should do.
Cover the cost of any identity-protection service if your sensitive data was compromised.

10. Contact

Privacy questions or requests

Email [email protected] for any privacy-related question, data access request, deletion request, or complaint. We respond within 5 business days; full data-access requests within 30 days as required by law.