Company Number 14386974
Old Pockford, Vann Lane, Chiddingfold, Godalming, GU8 4XU, United Kingdom
Last Updated: 17 May 2026
1. Introduction
Who we are and what this policy covers
Welcome to the Privacy Policy of Certainly Stuff Ltd, trading as Wildfire ("Wildfire", "we", "us", or "our").
We are committed to protecting your privacy and your personal data in compliance with the United Kingdom General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 ("PECR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and other applicable data protection and privacy laws.
This Privacy Policy explains how we collect, use, and protect personal data in the following contexts:
- visits to and interactions with our website at getwildfire.gg and its subdomains, excluding spark.getwildfire.gg (the "Site");
- marketing communications, newsletters, and sales contacts sent or received by us;
- mobile messaging (SMS and WhatsApp) services where you have opted in;
- brand, agency, and community-partner relationships.
This policy does not cover:
- the Spark platform, which is the subject of a separate privacy policy made available within the Spark application and to Spark account holders directly;
- the collection of personal data by third-party platforms on which Wildfire campaigns may run (including but not limited to Discord, Reddit, and other community platforms), each of which operates under its own privacy policy and terms of service;
- the practices of brands, agencies, or community partners with whom we contract.
2. Data controller and how to contact us
Certainly Stuff Ltd is the data controller responsible for personal data processed under this Privacy Policy.
- Email: info@getwildfire.gg
- Post: Certainly Stuff Ltd, Old Pockford, Vann Lane, Chiddingfold, Godalming, GU8 4XU, United Kingdom
You have the right to lodge a complaint with the UK Information Commissioner's Office ("ICO") at any time. We would, however, appreciate the opportunity to address your concerns first. Residents of the European Economic Area may contact their local supervisory authority. Residents of US states with applicable privacy laws may exercise their rights as described in section 11 below.
3. The personal data we collect
"Personal Data" means any information relating to an identified or identifiable individual. We may collect, use, store, and transfer the following categories of personal data; not every category will be collected from every individual.
| Category | Examples |
|---|---|
| Identity Data | First name, last name, job title, professional role |
| Contact Data | Business email address, business postal address, mobile phone number (only if you opt in to mobile messaging) |
| Commercial Data | Information about brands, agencies, or organisations you represent, where you provide it to us in a business capacity |
| Marketing & Communications Data | Your preferences in receiving marketing communications from us, your engagement with our newsletters, and your communication history with our team |
| Technical & Usage Data | IP address, browser type and version, operating system, referring URLs, device identifiers, page interaction data |
We do not knowingly collect through this Site:
- special category personal data (data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation);
- information about criminal convictions or offences;
- personal data of individuals under the age of 18 (see section 13).
If you provide us with personal data about another person (for example, a colleague), you confirm that you have their permission to do so and that they have been informed of this Privacy Policy.
4. The legal bases on which we rely
We will only process your personal data where we have a lawful basis to do so. The bases we rely on are set out below.
| Legal basis | When we rely on it |
|---|---|
| Consent | When you tick a box to subscribe to newsletters, opt in to SMS or WhatsApp notifications, or accept non-essential cookies |
| Contractual necessity | Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract |
| Legal obligation | Where we are required by law to process personal data, including for fraud prevention, tax, accounting, or regulatory purposes |
| Legitimate interests | For running and improving our business in ways that do not materially impact your rights and freedoms, including basic analytics, securing our Site, responding to support enquiries, and direct marketing to existing business contacts |
Where we rely on legitimate interests, we will balance our interests against yours and tell you what those interests are, where required.
5. How we use your personal data
| Activity | Categories of data | Legal basis |
|---|---|---|
| Brochure, case study, or content downloads | Identity, Contact | Consent |
| Newsletters and marketing emails | Contact, Marketing & Communications | Consent or, for existing business contacts, Legitimate interests |
| Sales and business development outreach | Identity, Contact, Commercial | Legitimate interests |
| Customer and partner support | Identity, Contact, Commercial | Contractual necessity or Legitimate interests |
| Competitions and promotions | Identity, Contact, Marketing & Communications | Consent or Legitimate interests |
| Mobile messaging notifications (opt-in only) | Contact, Technical & Usage | Consent |
| Site analytics and optimisation | Technical & Usage | Consent (non-essential cookies) or Legitimate interests (essential analytics) |
| Security, fraud prevention, and audit | Technical & Usage, Identity | Legal obligation or Legitimate interests |
| Recruitment enquiries | Identity, Contact, plus information you choose to provide | Consent and pre-contractual steps |
Change of purpose
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another compatible purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the lawful basis on which we can do so.
6. Mobile messaging (SMS and WhatsApp)
You may choose to receive Wildfire campaign and event alerts by mobile message. Where you do so:
- Opt-in and verification. You provide your mobile number, complete a CAPTCHA challenge, and verify ownership by entering a one-time code (valid for ten minutes). The code is stored only as a cryptographic hash.
- Types of messages. Transactional alerts about campaign launches, milestones, or essential service notices. We will not send marketing content by SMS or WhatsApp unless you separately opt in to receive it.
- Legal basis. Processing relies on your explicit consent under Article 6(1)(a) UK GDPR and applicable provisions of PECR. For US residents, processing complies with the Telephone Consumer Protection Act ("TCPA") and equivalent state law.
- Opt-out. You can disable mobile messaging at any time by replying STOP to any message, using the unsubscribe link in any message, or emailing us. We will honour opt-out requests within 24 hours.
- Third-party messaging provider. Messages are delivered by Twilio Inc. Your phone number and message metadata are shared with Twilio solely for this purpose under Standard Contractual Clauses.
- Carrier charges. Message and data rates may apply, as imposed by your mobile carrier.
- Retention and security. Verified numbers are stored encrypted at rest and are deleted or anonymised within thirty days of opt-out.
7. Cookies and similar technologies
Our Site uses cookies and similar technologies to operate and improve our services. A cookie is a small text file placed on your device when you visit a website.
We use the following categories of cookies:
- Strictly necessary cookies. Required for the Site to function (for example, security and load balancing). These cannot be disabled without breaking core functionality.
- Analytics cookies. Help us understand how visitors use the Site so we can improve it (for example, Google Analytics).
- User-experience cookies. Help us understand how visitors interact with specific pages (for example, Hotjar heatmaps and session recordings).
- Marketing cookies. We do not currently use third-party advertising cookies on the Site. If this changes, we will update this Privacy Policy and seek your consent before deployment.
You can manage non-essential cookies through the cookie banner shown on first visit, by adjusting your browser settings, or by visiting the relevant third-party opt-out pages. Disabling cookies may affect Site functionality.
8. Service providers used on this Site
| Provider | Purpose | Location and transfer mechanism |
|---|---|---|
| Google Analytics (Google LLC) | Website analytics | EU to US, Standard Contractual Clauses |
| Vercel Inc. | Hosting infrastructure | EU and US, Standard Contractual Clauses |
| Hotjar Ltd | User-experience analytics (heatmaps, recordings) | EU, with onward transfers under Standard Contractual Clauses where applicable |
| Twilio Inc. | SMS and WhatsApp delivery, where opted in | US, Standard Contractual Clauses |
We may engage additional service providers from time to time. Where we do so and where their processing materially changes the picture described above, we will update this Privacy Policy. Sub-processors used by the Spark platform are disclosed in the separate Spark privacy policy.
9. International transfers
Your personal data may be processed in countries outside the United Kingdom and the European Economic Area, including the United States. Where we transfer personal data outside the UK or EEA, we rely on one of the following safeguards:
- an adequacy decision by the UK government or the European Commission;
- the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses, as appropriate;
- the UK-US Data Bridge or the EU-US Data Privacy Framework, where the recipient is certified;
- other lawful safeguards permitted by applicable law.
Copies of the safeguards in place are available on request to info@getwildfire.gg.
10. Your rights (UK and EEA residents)
You have the following rights in relation to your personal data:
- Right to be informed about how we use your personal data, which is what this Privacy Policy is for.
- Right of access to your personal data (commonly known as a "data subject access request").
- Right to rectification of inaccurate or incomplete personal data.
- Right to erasure of your personal data in certain circumstances ("right to be forgotten").
- Right to restrict processing of your personal data in certain circumstances.
- Right to data portability, allowing you to obtain and reuse your personal data in a structured, commonly used, and machine-readable format.
- Right to object to certain processing, including direct marketing and processing based on legitimate interests.
- Rights in relation to automated decision-making and profiling. We do not use automated decision-making with legal or similarly significant effects in connection with this Site.
To exercise any right, please email info@getwildfire.gg. We will respond within one month of receiving your request, although we may extend this period by a further two months in complex cases (in which event we will inform you within the first month).
You also have the right to lodge a complaint with the ICO (ico.org.uk) or your local EEA supervisory authority. We would appreciate the opportunity to address your concerns first.
11. Your rights (US residents)
This section applies to residents of US states whose privacy laws grant rights in relation to personal information, including California, Colorado, Connecticut, Utah, Virginia, Texas, and others as applicable from time to time.
Categories of personal information collected and disclosed
In the 12 months preceding the date of this Privacy Policy, we have collected the categories of personal information described in section 3 above. We have disclosed personal information for business purposes to the service providers listed in section 8.
Sale and sharing of personal information
We do not sell personal information, and we do not share personal information for cross-context behavioural advertising as those terms are defined under CCPA/CPRA. We have not done so in the 12 months preceding the date of this Privacy Policy.
Your rights
Where applicable under your state's law, you have the right to:
- Know what personal information we collect about you, how we use it, and to whom we disclose it.
- Access a copy of the personal information we hold about you.
- Correct inaccurate personal information.
- Delete personal information we have collected from you, subject to permitted exceptions.
- Opt out of the sale or sharing of personal information (noting we do not sell or share, as described above).
- Non-discrimination in connection with exercising your rights.
- Appoint an authorised agent to make a request on your behalf.
How to exercise your rights
To make a request, email info@getwildfire.gg with the subject line "Privacy Rights Request" and identify the state in which you reside. We may need to verify your identity before responding. We will respond within the timeframes required by applicable law.
12. How long we keep your personal data
- Marketing contacts: for as long as you remain subscribed, plus up to 24 months thereafter for suppression list purposes.
- Customer and partner contacts: for the duration of the business relationship plus up to seven years thereafter for accounting, tax, and limitation-period purposes.
- Mobile messaging numbers: deleted or anonymised within 30 days of opt-out.
- Site analytics data: retained in identifiable form for up to 26 months and aggregated or anonymised thereafter.
- Recruitment enquiries: for up to 12 months from the date of application unless you consent to longer retention.
Where personal data is no longer required, we will securely delete or anonymise it.
13. Age and children's personal data
This Site is directed exclusively at business contacts and is intended for use by individuals aged 18 or over in a professional capacity. We do not knowingly collect personal data from anyone under the age of 18 through this Site.
More broadly, Wildfire's services are not directed at children under the age of 13. We do not knowingly collect, use, or disclose personal data from children under 13. Where campaigns delivered through Wildfire's network reach platforms that may include older minors (13 and above), we operate within the age and content policies of those platforms and require, by contract, that participating brands and community partners do not target children under 13 and apply age-appropriate content and consent practices in line with applicable law (including the Children's Online Privacy Protection Act in the United States and the UK Age Appropriate Design Code).
If you believe that we have inadvertently collected personal data from a person under the relevant age threshold, please contact us at info@getwildfire.gg and we will take prompt steps to delete the data.
14. How we protect your personal data
We employ technical and organisational measures appropriate to the risk of processing, including:
- encryption in transit (TLS) and at rest for sensitive data stores;
- least-privilege access controls and role-based authentication;
- multi-factor authentication for administrative accounts;
- regular security testing, including periodic penetration testing of our infrastructure;
- staff training on data protection and information security;
- a documented incident response process.
No method of transmission or storage is 100% secure. If you believe your interaction with us is no longer secure, please contact us immediately at info@getwildfire.gg.
15. Third-party links and services
Our Site may include links to third-party websites, plug-ins, and applications. Clicking those links or enabling those connections may allow third parties to collect or share data about you. We do not control those sites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
16. Changes to this Privacy Policy
We keep this Privacy Policy under regular review. Updates will be posted on this page with a new "Last Updated" date. Where changes are material, we will notify you by appropriate means (which may include email or a prominent notice on the Site). Continued use of the Site after a change has taken effect constitutes acceptance of the revised Privacy Policy.
17. Contact us
If you have any questions about this Privacy Policy or our data protection practices, please contact us:
- Email: info@getwildfire.gg
- Post: Certainly Stuff Ltd, Old Pockford, Vann Lane, Chiddingfold, Godalming, GU8 4XU, United Kingdom
This Privacy Policy is published by Certainly Stuff Ltd (trading as Wildfire). For matters relating to the Spark platform, please refer to the Spark privacy policy made available within the Spark application.