Privacy Policy

Effective April 19, 2026

Firemonster ("we", "us") operates firemonster.com. This Privacy Policy explains what information we collect, how we use it, and what we don't do with it. We've designed Firemonster to collect as little personal information as possible.

1. What We Collect

When you create an account, we store:

• Display name — the name you choose during registration, used to identify your account in the passkey picker
• WebAuthn credentials — the public key and credential ID from your passkey registration; your private key never leaves your device
• Recovery code hashes — one-way hashed versions of your recovery codes; we cannot read the original codes
• Session tokens — temporary tokens stored in a cookie to keep you signed in
• Stripe customer ID — a reference ID linking your account to Stripe for subscription management (paid accounts only)
• Account creation date

2. What We Don't Collect

• Email address
• Phone number
• Real name
• Location data
• Browsing history or cross-site tracking data
• Payment card details (handled entirely by Stripe)

3. How We Use Your Information

• To authenticate you when you sign in
• To manage your subscription status
• To allow account recovery via recovery codes
• To provide and improve the Service

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Payments and Stripe

Subscriptions are processed by Stripe. When you subscribe, Stripe collects and stores your payment details and email address directly. We receive only a Stripe customer ID, which we store to manage your subscription status. Stripe's handling of your payment data is governed by Stripe's Privacy Policy.

5. Cookies

We use a single session cookie to keep you signed in. This cookie contains a session token — it holds no personal information and is not used for tracking. We do not use advertising cookies, analytics cookies, or any third-party cookies.

6. Data Retention and Deletion

Your data is retained for as long as your account exists. You may permanently delete your account at any time from the Account page. Deletion removes all account data from our systems and cancels any active Stripe subscription.

7. Security

We use industry-standard practices to protect your data, including HTTPS, hashed credentials, and CSRF protection. Your passkey private key is never transmitted to our servers. However, no system is perfectly secure — use your recovery codes to maintain account access.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy with a new effective date. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

9. Contact

For privacy-related questions or requests, contact us at devfiremonster@outlook.com.