Privacy Policy
Onfire Health, Inc. · Effective Date: June 18, 2026
This Privacy Policy describes how Onfire Health, Inc. collects, uses, shares, and protects your personal information when you use the Onfire Health website and Membership Program. It also describes your rights regarding your personal information, including rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Please read this policy carefully.
1. Introduction
This Privacy Policy ("Privacy Policy") describes how Onfire Health, Inc. ("Onfire Health," "we," "our," or "us") collects, uses, maintains, protects, and discloses personal information about you through:
- The Onfire Health website at onfirehealth.com ("Website");
- The Onfire Health mobile application ("App");
- The Onfire Health Membership Program, including the Membership Account, Fixed Plans, and Flex Plans;
- Electronic communications between you and Onfire Health;
- Interactions with our advertising and applications on third-party websites that link to this policy.
This Privacy Policy does not apply to information collected offline or through means other than those listed above, or to information collected by third parties through their own products and services.
By accessing or using our Website or enrolling in the Membership Program, you agree to this Privacy Policy. If you do not agree, please do not use our Website or enroll in our services. This Privacy Policy may change from time to time; your continued use after we post changes constitutes your acceptance of those changes.
2. Personal Information We Collect
We collect several categories of personal information from and about you:
Identifiers: Name, postal address, email address, telephone number, date of birth, driver's license number, Social Security Number (for identity verification purposes as required by federal law), and other government-issued identification numbers.
Financial Information: Bank account numbers and routing numbers (via Plaid, Inc., described below), transaction history, Membership Account balance and activity, and spending data related to health and wellness services.
Health and Wellness Information: Information about the types of health, wellness, and longevity services you purchase through the Onfire platform, including the categories of Provider services accessed through your Membership Account. We do not collect clinical diagnoses, medical records, or protected health information (PHI) in the HIPAA sense — your healthcare provider maintains those records independently.
Commercial Information: Purchase history, Membership Account activity, Partner Clinic transactions, and records of goods or services obtained through the Membership Program.
Usage Data: Internet connection details, device type and operating system, browser type, IP address, pages visited, clickstream data, referring URLs, time and date of website visits, and other technical data about how you interact with our Website and App.
Communications: Records of your correspondence with Onfire Health by email, phone, or through our Website or App.
Identity Verification Data: Pursuant to federal law (the Bank Secrecy Act and applicable Know Your Customer / KYC requirements), we collect and verify identifying information at enrollment. This may include a government-issued photo ID scan or other verification data provided through our identity verification process.
3. How We Collect Personal Information
3a. Directly From You
We collect personal information when you:
- Enroll in the Onfire Membership Program;
- Complete forms, questionnaires, or account registration on our Website or App;
- Link a bank account or other payment source to your Membership Account;
- Use your Membership Account to purchase eligible health and wellness services;
- Contact our customer support team by email, phone, or through the App;
- Respond to surveys or promotions.
3b. Through Third-Party Providers
Onfire Health uses third-party providers to verify your identity, to link your bank account to your Membership Account, and to make and receive payments on your behalf. These providers include Plaid, Inc. ("Plaid"), Stripe, Inc. ("Stripe"), Block, Inc.'s entity Square ("Square"), and Socure, Inc. ("Socure"). The end-user privacy policies of these organizations describe the use of your personal and financial data and can be found here:
- Plaid End-User Privacy Policy: https://plaid.com/legal/#consumers
- Stripe End-User Privacy Policy: https://stripe.com/privacy
- Square End-User Privacy Policy: https://squareup.com/us/en/legal/general/privacy-no-account
- Socure General Privacy Policy: https://www.socure.com/privacy-en
Your use of Onfire Health's services is subject to the privacy policies and usage terms of these third-party providers, in addition to this Privacy Policy. By using Onfire Health's applications and services, you consent to the collection and use of your financial data as described in these third-party provider policies.
3c. Automatically
We collect certain information automatically as you interact with our Website and App, using:
- Cookies: Small text files placed on your device. You may disable cookies in your browser settings, but some features of our Website may not function properly without them.
- Web Beacons / Pixel Tags: Electronic files embedded in pages and emails that allow us to track page visits, email opens, and related statistics.
- Google Analytics: We use Google Analytics (provided by Google LLC) to analyze traffic and usage patterns on our Website. You may opt out of Google Analytics data collection using the Google Analytics Opt-out Browser Add-on. Our use of Google Analytics may constitute "sharing" of personal information for cross-context behavioral advertising purposes under the CPRA.
3d. From Third Parties
We may receive personal information about you from third-party partners, service providers, and identity verification providers in connection with enrollment and fraud prevention.
4. How We Use Your Personal Information
We use your personal information for the following purposes:
- Providing the Membership Program: Operating your Membership Account, processing payments, facilitating purchases from Partner Clinics, and providing all services described in the Membership Terms of Service.
- Identity Verification and Fraud Prevention: As required by federal law (including the Bank Secrecy Act, Know Your Customer / KYC requirements, and applicable Anti-Money Laundering / AML obligations), we verify your identity at enrollment and monitor for suspicious activity.
- Payment Processing: Initiating and processing ACH debits and credits through Plaid and our payment processors in connection with Membership Fees, monthly subscription payments, and Member Credit returns of unused contributions at member termination.
- Customer Support: Responding to your inquiries, resolving disputes, and providing assistance with your Membership Account.
- Communications: Sending you transaction confirmations, account notices, billing statements, and other required information; and (with your consent) marketing communications about Onfire products and services.
- Legal and Regulatory Compliance: Complying with applicable federal and state law, responding to lawful requests from government authorities, and enforcing our rights under the Membership Terms of Service.
- Analytics and Improvement: Understanding how users interact with our Website and App to improve our products, services, and user experience.
- Security: Protecting the security and integrity of our platform, detecting and preventing fraud, and maintaining the confidentiality of your information.
5. How We Share Your Personal Information
We share your personal information only as described below. We do not sell your personal information to third parties for their own independent marketing purposes.
Service Providers: We share information with third-party vendors and service providers who assist us in operating our business, including Plaid, Inc. (bank account verification and ACH payment processing), identity verification providers, analytics providers such as Google Analytics, and customer support platforms. These service providers are contractually required to use your information only to provide services to us and to protect your information appropriately.
Partner Clinics: When you use your Membership Account to purchase services from a Partner Clinic, we share with that clinic the information necessary to process your order (e.g., that you are an authorized Onfire Member and the amount to be paid). We do not share your bank account information with Partner Clinics.
Legal Requirements: We may disclose your information when required by law, court order, or lawful government request; to protect the rights, property, or safety of Onfire Health, our Members, or others; or to detect, prevent, or address fraud, security, or technical issues.
Business Transfers: If Onfire Health is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change as required by law.
With Your Consent: We may share your information for other purposes with your express consent.
6. Financial Information and Gramm-Leach-Bliley Act Notice
To the extent applicable, Onfire Health handles your nonpublic personal financial information in accordance with the Gramm-Leach-Bliley Act (GLBA) and applicable state financial privacy laws. We collect financial information, including bank account data obtained through Plaid, solely for the purpose of providing and administering your Membership Account. We do not share your nonpublic personal financial information with unaffiliated third parties for their independent marketing purposes.
7. Data Security
We implement administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, use, disclosure, alteration, and destruction. These safeguards include encryption of sensitive data in transit and at rest, access controls, and regular security reviews.
However, no internet transmission or electronic storage is completely secure. We cannot guarantee the absolute security of your personal information transmitted to or stored by our systems. Any transmission of personal information is at your own risk.
You are responsible for maintaining the confidentiality of your Membership Account credentials. Please notify us immediately at help@onfirehealth.com if you believe your account has been compromised.
8. Your California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (e.g., information needed to complete a transaction, fulfill a legal obligation, or detect fraud).
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt Out of Sale or Sharing: California law requires us to allow you to opt out of the "sale" or "sharing" of your personal information. We do not sell your personal information for monetary compensation. However, our use of Google Analytics and certain advertising technologies may constitute "sharing" of personal information for cross-context behavioral advertising under CPRA. You may opt out of this sharing by visiting our Your Privacy Choices page, enabling the Global Privacy Control (GPC) browser signal (which we honor), or contacting us as described below.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information (including Social Security Number, financial account data, and precise geolocation) to purposes necessary to provide the services you requested. To exercise this right, visit our Your Privacy Choices page.
Right to Non-Discrimination: We will not discriminate against you for exercising your California privacy rights.
How to Submit a Request: To exercise your rights, contact us at privacy@onfirehealth.com or by mail at Onfire Health, Inc., Attn: Privacy, 28 Geary Street, Suite 650-1722, San Francisco, CA 94108. We will verify your identity before processing your request and will respond within the time periods required by applicable law (generally 45 days, with one extension of up to an additional 45 days if necessary).
9. Children's Privacy
Our Website, App, and Membership Program are not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us at help@onfirehealth.com and we will promptly delete that information.
10. Data Retention
We retain your personal information for as long as your Membership Account is active and for a period thereafter as necessary to comply with our legal obligations (including applicable record retention requirements under federal and state financial law), resolve disputes, enforce our agreements, and for other legitimate business purposes. Bank account data obtained through Plaid is retained only as long as necessary to process transactions and as required by law.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email to the address associated with your account and/or by posting a notice on our Website home page. The effective date at the top of this policy indicates when it was last updated. Your continued use of our Website or Membership Program after changes are posted constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Email: privacy@onfirehealth.com
Help: help@onfirehealth.com
Mail: Onfire Health, Inc., Attn: Privacy, 28 Geary Street, Suite 650-1722, San Francisco, CA 94108
