---

This Privacy Policy explains how FirstStep.ai Limited (Company, we, us, our) collects, uses, and protects personal information when you use Bushfire.ai, the hosted software-as-a-service platform available at https://bushfire.ai (the Service). By using the Service, you agree to this Privacy Policy.

1. Information We Collect

• Account information: name, email address, organisation name, login credentials
• Operational data: imagery, video, sensor data, metadata, and system-generated outputs
• Payment information: billing details processed by third-party payment providers (we do not store card details)
• Usage data: IP address, browser type, device information, pages accessed, and timestamps
• Support communications: information you provide when contacting us

2. How We Use Information

• Provide, operate, and maintain the Service
• Authenticate users and manage accounts
• Process payments and subscriptions
• Store, analyse, and display operational data as instructed by users
• Improve performance, accuracy, reliability, and security
• Communicate with users about service updates and support
• Comply with legal and regulatory obligations

3. Data Protection Roles

Customers act as data controllers for any personal data captured or processed through their use of the Service. FirstStep.ai Limited acts as a data processor or service provider, processing data only on documented instructions from the customer.

Customers are responsible for ensuring they have a lawful basis and required consent to collect and process personal data, including imagery or video where individuals may be identifiable.

4. Legal Basis for Processing

• Performance of a contract
• Legitimate interests in operating, securing, and improving the Service
• Compliance with legal obligations
• Consent, where required

5. Compliance and Security Standards

We maintain an information security and privacy programme aligned with recognised international standards, including GDPR, POPIA, ISO/IEC 27001, and CSA STAR Level 1.

6. Data Sharing

We may share personal data with trusted service providers, affiliates, or authorities where required by law. We do not sell personal data.

7. International Data Transfers

Personal data may be processed or stored outside your country of residence, subject to appropriate safeguards and lawful transfer mechanisms.

8. Data Retention

We retain personal data only for as long as necessary to provide the Service, comply with legal obligations, or as instructed by customers.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correction, deletion, restriction, objection, or data portability. Requests may be submitted using the contact details below.

10. Children’s Data

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16.

11. Changes to This Policy

Updates to this Privacy Policy take effect when posted on the website.

12. Contact

Privacy enquiries: [email protected]