Privacy Policy

Dragonfire Technologies Ltd
Last updated 9 July 2026

1. Who we are

DragonFire Technologies Ltd ("DragonFire", "we", "our", "us") is a UK-registered private limited company providing managed lead-generation services for small and medium service businesses. Our registered office address is on file with UK Companies House.

This Privacy Policy explains how we collect, use, share, and protect information when you visit dragonfire1.com, engage our services, or interact with tools we operate on behalf of client businesses.

2. What information we collect

We collect information in three contexts:

Information you provide directly to us - Contact information you submit via forms on dragonfire1.com (name, email, message) - Business information you share during a services engagement - Payment information processed by our third-party payment providers (we do not store card numbers ourselves)

Information collected automatically when you use our website - Your IP address, browser type, operating system - Pages you visit and time spent - Referring URL and search terms - Standard web analytics via Google Analytics 4

Information we access on behalf of client businesses under written authorisation - Google Ads account performance data (campaigns, ad groups, keywords, metrics) via the Google Ads API, accessed only under explicit written authorisation from the client whose account we manage - Lead form submissions captured by funnels we operate for clients - Sales / conversion outcomes reported to us by clients for the purpose of offline conversion tracking

We do not access, view, or store data from Google accounts other than those explicitly authorised to us by our clients.

3. How we use information

We use information to:

We do not sell your information to third parties for any purpose.

4. Google API scopes and how we use them

Our tools use the following Google API OAuth 2.0 scopes when accessing client-authorised Google Ads accounts:

For each client relationship, OAuth authorisation is granted explicitly by the client business, is revocable by the client at any time, and is scoped to that client's own Google Ads account only. We hold OAuth refresh tokens in encrypted storage (per-tenant, per-server), never transmit them off our infrastructure, and use them only for the purposes described in the client's services agreement.

Our use of information received from Google APIs adheres to Google's API Services User Data Policy, including the Limited Use requirements.

5. Third parties we share information with

We share information only with parties who help us deliver our services:

We may share information with law enforcement or regulators when required by valid legal process. We may share aggregated, anonymised information that cannot reasonably be used to identify you for research, analytics, or reporting purposes.

6. Data retention

We retain information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

7. Your rights (UK GDPR and CCPA)

Depending on your jurisdiction, you may have rights to:

To exercise these rights, contact us at the email address in section 13. We will respond within 30 days.

If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office at ico.org.uk).

8. Cookies and similar technologies

dragonfire1.com uses cookies for:

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

9. Security

We take security seriously and implement technical and organisational measures appropriate to the risks, including:

No system is perfectly secure. In the event of a data breach affecting your personal information, we will notify you and relevant supervisory authorities as required by law.

10. International data transfers

DragonFire's infrastructure is primarily hosted in Europe and North America. Some of our processors (notably Google) may transfer data internationally. Where such transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

11. Children's privacy

Our services are not directed at children under 16. We do not knowingly collect information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify affected users by email or by prominent notice on dragonfire1.com. The "Last updated" date at the top of this policy indicates when it was last revised.

13. Contact

For privacy questions, data subject requests, or to exercise your rights, contact:

DragonFire Technologies Ltd Email: [email protected] Post: (registered office address, on file with Companies House)

We aim to acknowledge privacy correspondence within five business days.