Privacy Policy

ColdFlameUs LLC is a limited liability company organized under the laws of the State of Wyoming, United States of America. Our principal place of business is in Wyoming.

Data Controller Contact:
Email: privacy@coldflameus.com
Website: https://coldflameus.com

ColdFlame is designed with a local-first architecture. We do not collect, transmit, access, or store your conversation content, prompts, AI-generated responses, or any files you process within the application. All such data is stored exclusively on your local device and remains entirely under your control.

3.1 Information You Provide

• Account registration data: name, email address, and password (stored as a hash).
• Payment information: billing name and address. Full payment card details are processed directly by Stripe and are never transmitted to or stored on our servers.
• Support communications: emails or messages you send to our support team.

3.2 Information Collected Automatically

• IP address: collected at login and when our website is accessed, used solely to detect approximate geographic region for service availability notifications, and not retained beyond 30 days.
• Application usage metadata: anonymized crash reports, feature usage statistics, and application version information. This data does not include any conversation content.
• License and subscription status: to validate your subscription and provide access to features.

3.3 Information We Do NOT Collect

• Conversation content, prompts, or AI-generated responses.
• Files, documents, or data you upload or process within the application.
• Your browsing history or activity outside of the Service.
• Biometric data of any kind.

When you interact with an AI model through ColdFlame, your messages are transmitted directly from your device to the AI model provider you have selected (e.g., Anthropic, OpenAI, DeepSeek). ColdFlameUs LLC does not act as an intermediary for this transmission when you supply your own API key.

4.1 Bring Your Own API Key (BYOK)

If you provide your own API key, your conversation data travels directly from your device to the relevant AI provider using your credentials. ColdFlame does not see, log, or store this data. You are bound by the terms and privacy policies of the respective AI providers.

4.2 ColdFlame-Managed API Access

If you access AI models through ColdFlame's managed service, your prompts and responses are transmitted through our infrastructure to the underlying model provider. We act as an intermediary, do not store conversation content beyond the duration of your session, and conversations are not used to train AI models.

4.3 Third-Party AI Providers

• Anthropic (Claude) — US servers; API inputs/outputs not used to train models by default.
• OpenAI (GPT) — US servers; API data not used to train models by default.
• DeepSeek — Servers in the People's Republic of China, subject to PRC laws including the Cybersecurity Law, Data Security Law, and PIPL.
• Other providers configured via custom API endpoints — governed by those providers' policies.

ColdFlame uses IP-based geolocation to detect your approximate region. If we detect access from Mainland China, we display a notice that ColdFlame is operated by a U.S. company and is designed for use outside Mainland China; users there do so at their own risk and are solely responsible for compliance with applicable local laws. We do not block access based on location; the notice is informational only.

• To provide, operate, and maintain the Service.
• To process payments and manage subscriptions.
• To send transactional emails (purchase confirmations, license keys, security notices).
• To detect and prevent fraud, abuse, and security incidents.
• To respond to support requests.
• To improve the Service using aggregated, anonymized usage analytics.
• To comply with applicable legal obligations.

We do not sell your personal information. We do not use your personal information for targeted advertising.

• Contract performance — account management, license validation, payment processing.
• Legitimate interests — fraud prevention, security monitoring, aggregated analytics.
• Legal obligation — compliance with applicable law.
• Consent — where explicitly obtained (e.g., optional marketing).

8.1 Service Providers

• Stripe, Inc. — Payment processing (PCI-DSS compliant), United States.
• AI model providers — As described in Section 4.
• Cloud infrastructure providers — Account and licensing systems.

8.2 Enterprise Customers

Enterprise / self-hosted customers act as the data controller; we execute a Data Processing Agreement (DPA) on request.

8.3 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights, your safety, or the safety of others.

8.4 Business Transfers

In a merger, acquisition, or asset sale, your information may be transferred, subject to the same protections described here.

ColdFlameUs LLC is based in the United States. Account data is processed in the U.S. For EEA/UK users, we rely on Standard Contractual Clauses where required. Note: SCCs are not available for transfers to China; if you enable DeepSeek, your conversation data will be transferred to the PRC and you should evaluate this risk independently.

10.1 All Users

• Access — request a copy of personal data we hold.
• Correction — request correction of inaccurate data.
• Deletion — request account and data deletion.
• Portability — request data in a structured, machine-readable format.

10.2 EEA / UK Users (GDPR / UK GDPR)

• Object to processing based on legitimate interests.
• Restrict processing while a dispute is resolved.
• Lodge a complaint with your local data protection authority.

10.3 California Users (CCPA / CPRA)

We do not sell or share personal information as defined by CCPA. You have the right to know, delete, and exercise rights via privacy@coldflameus.com.

10.4 How to Exercise Your Rights

Submit requests to privacy@coldflameus.com. We respond within 30 days (or as required by applicable law). We may verify your identity first.

• Account data — duration of your account plus 90 days after deletion.
• Payment records — 7 years (U.S. tax law).
• IP address logs — not retained beyond 30 days.
• Conversation data — not retained by us (local only).
• Support communications — 2 years after resolution.

We implement commercially reasonable technical and organizational measures including TLS in transit, encrypted storage for sensitive account data, and access controls. No method of transmission or storage is 100% secure.

The Service is not directed to individuals under 13 (or 16 in the EEA). We do not knowingly collect data from children. Contact privacy@coldflameus.com if you believe we have inadvertently done so.

Our desktop application does not use cookies. Our website may use essential cookies for operation. We do not use advertising or tracking cookies. EEA visitors will see a cookie consent notice for any non-essential cookies.

We may update this Policy. For material changes, we will notify you via the application or by email. Continued use after the effective date constitutes acceptance of the changes.

ColdFlameUs LLC
Privacy Inquiries: privacy@coldflameus.com
Legal: legal@coldflameus.com
Website: https://coldflameus.com

© 2025 ColdFlameUs LLC. All rights reserved.