Firefly Privacy Policy

Last Modified: March 17, 2022


Firefly Lab, LLC, takes the private nature of your personal information very seriously. This policy regarding our privacy practices (the “Privacy Policy”) describes how we treat the information we collect when you visit and use the website available at or any other website operated by Firefly (the “Website”) and/or Firefly’s other domains, products, services, mobile applications, and/or content (collectively with the Site, the “Services”). When you use the Services, you are consenting to the collection, transfer, manipulation, storage, disclosure, and other uses of your information as described in this Privacy Policy; please read it carefully.

You should read our Terms of Use together with this Privacy Policy. By accessing our Website, you are acknowledging that this Policy and our Terms of Use apply to your use of this Website and that you agree to be bound by this Policy and our Terms of Use.

What This Privacy Policy Covers

This Privacy Policy covers our treatment of information gathered when you are using or accessing the Services. This Privacy Policy also covers our treatment of any information that third parties, such as our service providers, consultants, and other agents (“Third Party Contractors”) share with us or that we share with our Third Party Contractors.

This Privacy Policy does not apply to the practices of third parties that we do not own or control, including but not limited to any third party websites, services, and applications (“Third Party Services”) that you elect to access through the Services or to individuals that we don’t manage or employ. While we try to facilitate access only to those Third Party Services that share our respect for your privacy, we don’t take responsibility for the content or privacy policies of those Third Party Services. We encourage you to carefully review the privacy policies of all Third Party Services you access.

What Information We Collect and How We Use It

Account Information: When you create an account to access the Firefly Services (an “Account”), you will provide information such as your username, password, and email address. This information may personally identify you to us. We do not expose your e-mail address to the public or third parties, except in the limited circumstances set forth in this Privacy Policy.

De-identification and Use of Firefly Aggregate Data: Firefly’s online platform is used by doctors for the purposes of scheduling, recordkeeping, education, case logging, and the tracking and logging of continuing medical education. Firefly collects this data and may deidentify this data and use the deidentified and aggregate data for research, marketing, development, and other purposes. The information that is collected and de-identified may include: (1) number and type of procedures performed; (2) difficulty of each procedure performed; (3) operative performance evaluations; (4) groupings of who worked with whom in which kind of case, especially attending-resident pairings for teaching cases; and (5) number and type of educational activities performed (e.g. practice sessions in the surgical simulation lab). Firefly de-identifies and aggregates any such data prior to using the data. All personally identifiable data is protected and is not disclosed to any third parties, other than as provided in this Privacy Policy.

Email Communications with Us: As part of the Services, you may occasionally receive email and other communications from us, such as administrative communications relating to your Account (e.g., for purposes of Account recovery or password reset). These communications are considered part of the Services and your Account, which you may not be able to opt-out from receiving. You can opt-out of most communications from Firefly, such as alerts and news updates; please see your Account Settings page. Note that we will never email you to ask for your password or other Account information; if you receive such an email, forward it to us.

Information Related to Use of the Services: We collect information about how people use the Services, including those with an Account. This information includes general usage information, and may include information such as the number and frequency of our visitors, which pages or features of the Services they have visited, which links on the Services they have clicked on, and the length of those visits. We may also use third party applications and services, such as Google Analytics as well as in-house systems, to collect and analyze this information. This information enables us and third parties authorized by us to figure out how often individuals use the Services so that we can analyze and improve them. Some of this information may be associated with the IP Address (as defined below) used to access the Services, and some may be associated with your Account, such as the topics you search for and the help pages that you visit. We may also use some of this information in aggregate form, that is, as a statistical measure related to all of our users that would not identify you personally. We use information about your use of the Services to improve and enhance your experience on the Services.

Information Related to Your Web Browser: We automatically receive and record information from your web browser when you interact with the Services, such as your browser type and version, what sort of device you are using, your operating system and version, your language preference, the website or service that referred you to the Services, the date and time of each web request you make, your screen display information, and information from any cookies we have placed on your web browser (as described below). We also sometimes detect whether you are using certain web browser extensions and store that information in a manner associated with your Account. Web browser-related information is used to enhance your experience with the Services (for example, by personalization) and to allow us to improve the Services; it is not, however, used in a manner that would identify you personally.

IP Address Information: Under certain circumstances, such as when you log into the Services, load a web page from the Services, or contact us, we may collect and store your Internet Protocol Address (“IP Address”). We generally use IP Address information to fight spam, malware, and identity theft; we also may use it, in the future, to personalize the Services for you. IP Address information is also used by us to generate aggregate, non-identifying, information about use of the Services.

Location Information: In some cases we collect and store information about where you are located. This may be accomplished by converting your IP Address into a rough geolocation, or by requesting location information from the device you are using to access the Services. The control of location information and mechanism for controlling information your device shares varies by device. We may use location information associated with content you create or interact with to improve and personalize the Services for you.

Information Related to Your Mobile Device: We may collect and store information related to your mobile device, such as your phone number. You will have a choice as to whether we collect and store this information. We may use this information to improve the Services, such as by allowing you to verify your account by text message.

Derived Information: We analyze your actions on the Services in order to derive or infer characteristics that may be descriptive of you (for example, what types of medical issues you care about). These characteristics are used to improve and personalize the Services. We will not sell this derived information to third parties.

Email Tracking: We may place information in our emails to you (such as a web beacon) that allows us to measure our email deliverability and effectiveness.

Children’s Online Privacy Protection Act Compliance: Our Website and Services are intended for adult use. You must therefore be at least 18 years of age, or the age of legal majority in your jurisdiction (if different than 18), to obtain an account. Furthermore, we do not, under any circumstances, knowingly collect information from or direct the Services to anyone under 14 years of age. We encourage parents and legal guardians to monitor their children’s mobile app and Internet usage and to help enforce our Privacy Policy by instructing their children never to access this Website or the Services. If you have reason to believe that a child under the age of 14 has provided personally identifiable information to us, please contact us at support @, and we will delete that information from our databases as soon as is reasonably practicable.

Information Collected When We are Acting as a HIPAA Business Associate

If you provide health information through your Account that is subject to HIPAA (protected health information or PHI), our use and disclosure of the PHI will be governed by the terms of our HIPAA Business Associate Agreement. You must agree to the terms of the Business Associate Agreement when you open your Account.

With Whom Your Information Is Shared

Information we receive from you will not be shared with any third party unless: (a) we are issued a subpoena, warrant, or other similar court order; (b) if you report an issue directly to a Third Party Contractor through the Services, to facilitate them fixing the issue they may require your email address, you may report anonymously in which case your email will not be shared; (c) we have your permission to share that information; (d) we have given you prior notice that the information will be shared, and with whom; or (e) that information is aggregate information or other information that does not identify you.

Information Shared between the Services: We may, if possible, aggregate information about your use of multiple Services and use that consolidated information to improve how the Services operate, and to develop new Services.

Information Shared with Third Party Contractors in Order to Operate and Improve the Services: In some cases, we share information that we store (such as IP Addresses) with Third Party Contractors for the purposes of operating and improving the Services. For example, we may share information with service providers in order to fight spam, and third-party consultants may have access to information in the process of improving our processes and technology. Third Party Contractors with whom we share such information for these reasons are generally bound by confidentiality obligations and, unless we tell you differently, our Third Party Contractors do not have any right to use your personally identifiable information (“Personal Information”) or other information we share with them beyond the scope and duration of what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Third Party Contractors.

Information Shared with Other Third Parties: We may share or disclose non-private information, Aggregate Information, or other non-Personal Information with people and entities that we do business with.

Information Disclosed Pursuant to Business Transfers: In some cases, we may choose to buy or sell business assets. In these transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this Privacy Policy.

Information Disclosed for Our Protection and the Protection of Others: We believe in freedom of expression, and, to the extent reasonable, we try to protect our community from baseless legal demands. That said, we also reserve the right to access, preserve, and disclose any information as we reasonably believe is necessary, in our sole discretion, to (i) satisfy any law, regulation, legal process, governmental request, or governmental order, (ii) enforce this Privacy Policy and our Terms of Use, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security or technical issues (including exchanging information with other companies and organizations for fraud protection and spam/malware prevention), (iv) respond to user support requests, or (v) protect the rights, property, health or safety of us, our users, any third parties or the public in general, including but not limited to situations involving possible violence, suicide, or self-harm.

Information We Share with Your Consent or at Your Request: If you ask us to release information that we have about your Account, we will do so if reasonable and not unduly burdensome.

The Security of Your Information

Your Account information is protected by a password for your privacy and security. You need to prevent unauthorized access to your Account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your Account on the Services.

We seek to protect your information (including your Account information) to ensure that it is kept private; however, we can’t guarantee the security of any information.

Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

What Information You Can Access

If you are a registered user, you can access and delete most information associated with your Account by logging into the Services and checking your Account Profile page. Registered and unregistered users can access and delete cookies through their web browser settings.

Your California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information that we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: 2711 Centerville Road, suite 400, Wilmington, DE 19808.

Do Not Track: Firefly does not track our Website visitors across third-party websites for the purpose of providing targeted advertising. Accordingly, Firefly does not respond to Do Not Track (“DNT”) signals.

How to Delete Your Account and What Happens When You Delete Your Account

If you want to delete your Account, you may send a request by contacting us at suport @ We attempt to comply with our users’ requests in deleting their accounts, however there may be circumstances where we deem it inappropriate to comply. Before we will comply, we require “proof of authority” on the requesting account. What constitutes "proof of authority" will vary depending on the circumstances, but generally we will require sufficient identifying information so that we can be confident you are the Account owner. Deleting your Account will not fully remove the content you have contributed to the Services. References to your Account information may not be immediately removed.

Changes to This Privacy Policy

We may amend this Privacy Policy from time to time. If changes, other than corrections to typographical errors or formatting improvements, are made we will notify users via email. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used.

Where to Direct Questions or Concerns

If you have any questions or concerns regarding privacy using the Services, please send us a detailed message at privacy @