1. Who we are
DragonFire Technologies Ltd ("DragonFire", "we", "our", "us") is a UK-registered private limited company providing managed lead-generation services for small and medium service businesses. Our registered office address is on file with UK Companies House.
This Privacy Policy explains how we collect, use, share, and protect information when you visit dragonfire1.com, engage our services, or interact with tools we operate on behalf of client businesses.
2. What information we collect
We collect information in three contexts:
Information you provide directly to us - Contact information you submit via forms on dragonfire1.com (name, email, message) - Business information you share during a services engagement - Payment information processed by our third-party payment providers (we do not store card numbers ourselves)
Information collected automatically when you use our website - Your IP address, browser type, operating system - Pages you visit and time spent - Referring URL and search terms - Standard web analytics via Google Analytics 4
Information we access on behalf of client businesses under written authorisation - Google Ads account performance data (campaigns, ad groups, keywords, metrics) via the Google Ads API, accessed only under explicit written authorisation from the client whose account we manage - Lead form submissions captured by funnels we operate for clients - Sales / conversion outcomes reported to us by clients for the purpose of offline conversion tracking
We do not access, view, or store data from Google accounts other than those explicitly authorised to us by our clients.
3. How we use information
We use information to:
- Deliver our managed lead-generation services to client businesses
- Provide campaign performance analytics and reporting
- Upload offline conversion signals to Google Ads to improve Smart Bidding accuracy on behalf of client accounts
- Communicate with prospective and current clients about our services
- Improve dragonfire1.com and our internal tooling
- Comply with legal obligations and enforce our Terms of Service
We do not sell your information to third parties for any purpose.
4. Google API scopes and how we use them
Our tools use the following Google API OAuth 2.0 scopes when accessing client-authorised Google Ads accounts:
https://www.googleapis.com/auth/adwords— read campaign, ad group, and keyword performance data; upload offline conversion events for attribution improvement
For each client relationship, OAuth authorisation is granted explicitly by the client business, is revocable by the client at any time, and is scoped to that client's own Google Ads account only. We hold OAuth refresh tokens in encrypted storage (per-tenant, per-server), never transmit them off our infrastructure, and use them only for the purposes described in the client's services agreement.
Our use of information received from Google APIs adheres to Google's API Services User Data Policy, including the Limited Use requirements.
5. Third parties we share information with
We share information only with parties who help us deliver our services:
- Google LLC — for advertising services (Google Ads), analytics (Google Analytics 4), and infrastructure (Google Cloud Platform)
- Cloudflare Inc. — for CDN, DNS, and DDoS mitigation
- Contabo GmbH — for virtual private server hosting
- Payment processors — for billing and subscription management
- Legal, accounting, and compliance advisors — as required by law
We may share information with law enforcement or regulators when required by valid legal process. We may share aggregated, anonymised information that cannot reasonably be used to identify you for research, analytics, or reporting purposes.
6. Data retention
We retain information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:
- Website analytics data: retained per Google Analytics 4's own retention settings (currently 14 months)
- Client campaign performance data: retained for the duration of the services engagement plus 24 months for audit purposes
- Business contact information: retained until you request deletion or three years after last meaningful contact, whichever is sooner
- Payment records: retained for the period required by UK company law (currently six years)
7. Your rights (UK GDPR and CCPA)
Depending on your jurisdiction, you may have rights to:
- Access — request a copy of the personal information we hold about you
- Correct — request that we correct inaccurate or incomplete information
- Delete — request that we delete your information (subject to legal retention obligations)
- Portability — request a machine-readable export of your data
- Object — object to certain processing activities
- Withdraw consent — where processing is based on consent, you may withdraw it at any time
To exercise these rights, contact us at the email address in section 13. We will respond within 30 days.
If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office at ico.org.uk).
8. Cookies and similar technologies
dragonfire1.com uses cookies for:
- Essential cookies — session management, security
- Analytics cookies — Google Analytics 4 for anonymous usage statistics
You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.
9. Security
We take security seriously and implement technical and organisational measures appropriate to the risks, including:
- Encrypted storage at rest (gocryptfs for client data volumes)
- HTTPS everywhere with TLS 1.3
- Role-based access controls
- Multi-factor authentication on administrative accounts
- Segregation of client environments (each client operates from a dedicated, isolated virtual private server)
- Regular security review
No system is perfectly secure. In the event of a data breach affecting your personal information, we will notify you and relevant supervisory authorities as required by law.
10. International data transfers
DragonFire's infrastructure is primarily hosted in Europe and North America. Some of our processors (notably Google) may transfer data internationally. Where such transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
11. Children's privacy
Our services are not directed at children under 16. We do not knowingly collect information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify affected users by email or by prominent notice on dragonfire1.com. The "Last updated" date at the top of this policy indicates when it was last revised.
13. Contact
For privacy questions, data subject requests, or to exercise your rights, contact:
DragonFire Technologies Ltd Email: [email protected] Post: (registered office address, on file with Companies House)
We aim to acknowledge privacy correspondence within five business days.