What Information We Collect and How We Use It
Email Communications with Us: As part of the Services, you may occasionally receive email and other communications from us, such as administrative communications relating to your Account (e.g., for purposes of Account recovery or password reset). These communications are considered part of the Services and your Account, which you may not be able to opt-out from receiving. You can opt-out of most communications from Firefly, such as alerts and news updates; please see your Account Settings page. Note that we will never email you to ask for your password or other Account information; if you receive such an email, forward it to us.
Information Related to Use of the Services: We collect information about how people use the Services, including those with an Account. This information includes general usage information, and may include information such as the number and frequency of our visitors, which pages or features of the Services they have visited, which links on the Services they have clicked on, and the length of those visits. We may also use third party applications and services, such as Google Analytics as well as in-house systems, to collect and analyze this information. This information enables us and third parties authorized by us to figure out how often individuals use the Services so that we can analyze and improve them. Some of this information may be associated with the IP Address (as defined below) used to access the Services, and some may be associated with your Account, such as the topics you search for and the help pages that you visit. We may also use some of this information in aggregate form, that is, as a statistical measure related to all of our users that would not identify you personally. We use information about your use of the Services to improve and enhance your experience on the Services.
Information Related to Your Web Browser: We automatically receive and record information from your web browser when you interact with the Services, such as your browser type and version, what sort of device you are using, your operating system and version, your language preference, the website or service that referred you to the Services, the date and time of each web request you make, your screen display information, and information from any cookies we have placed on your web browser (as described below). We also sometimes detect whether you are using certain web browser extensions and store that information in a manner associated with your Account. Web browser-related information is used to enhance your experience with the Services (for example, by personalization) and to allow us to improve the Services; it is not, however, used in a manner that would identify you personally.
IP Address Information: Under certain circumstances, such as when you log into the Services, load a web page from the Services, or contact us, we may collect and store your Internet Protocol Address (“IP Address”). We generally use IP Address information to fight spam, malware, and identity theft; we also may use it, in the future, to personalize the Services for you. IP Address information is also used by us to generate aggregate, non-identifying, information about use of the Services.
Location Information: In some cases we collect and store information about where you are located. This may be accomplished by converting your IP Address into a rough geolocation, or by requesting location information from the device you are using to access the Services. The control of location information and mechanism for controlling information your device shares varies by device. We may use location information associated with content you create or interact with to improve and personalize the Services for you.
Information Related to Your Mobile Device: We may collect and store information related to your mobile device, such as your phone number. You will have a choice as to whether we collect and store this information. We may use this information to improve the Services, such as by allowing you to verify your account by text message.
Derived Information: We analyze your actions on the Services in order to derive or infer characteristics that may be descriptive of you (for example, what types of medical issues you care about). These characteristics are used to improve and personalize the Services. We will not sell this derived information to third parties.
Email Tracking: We may place information in our emails to you (such as a web beacon) that allows us to measure our email deliverability and effectiveness.
Information Collected When We are Acting as a HIPAA Business Associate
If you provide health information through your Account that is subject to HIPAA (protected health information or PHI), our use and disclosure of the PHI will be governed by the terms of our HIPAA Business Associate Agreement. You must agree to the terms of the Business Associate Agreement when you open your Account.
With Whom Your Information Is Shared
Information we receive from you will not be shared with any third party unless: (a) we are issued a subpoena, warrant, or other similar court order; (b) if you report an issue directly to a Third Party Contractor through the Services, to facilitate them fixing the issue they may require your email address, you may report anonymously in which case your email will not be shared; (c) we have your permission to share that information; (d) we have given you prior notice that the information will be shared, and with whom; or (e) that information is aggregate information or other information that does not identify you.
Information Shared between the Services: We may, if possible, aggregate information about your use of multiple Services and use that consolidated information to improve how the Services operate, and to develop new Services.
Information Shared with Third Party Contractors in Order to Operate and Improve the Services: In some cases, we share information that we store (such as IP Addresses) with Third Party Contractors for the purposes of operating and improving the Services. For example, we may share information with service providers in order to fight spam, and third-party consultants may have access to information in the process of improving our processes and technology. Third Party Contractors with whom we share such information for these reasons are generally bound by confidentiality obligations and, unless we tell you differently, our Third Party Contractors do not have any right to use your personally identifiable information (“Personal Information”) or other information we share with them beyond the scope and duration of what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Third Party Contractors.
Information Shared with Other Third Parties: We may share or disclose non-private information, Aggregate Information, or other non-Personal Information with people and entities that we do business with.
Information We Share with Your Consent or at Your Request: If you ask us to release information that we have about your Account, we will do so if reasonable and not unduly burdensome.
The Security of Your Information
Your Account information is protected by a password for your privacy and security. You need to prevent unauthorized access to your Account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your Account on the Services.
We seek to protect your information (including your Account information) to ensure that it is kept private; however, we can’t guarantee the security of any information.
Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
What Information You Can Access
If you are a registered user, you can access and delete most information associated with your Account by logging into the Services and checking your Account Profile page. Registered and unregistered users can access and delete cookies through their web browser settings.
Your California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information that we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: 2711 Centerville Road, suite 400, Wilmington, DE 19808.
Do Not Track: Firefly does not track our Website visitors across third-party websites for the purpose of providing targeted advertising. Accordingly, Firefly does not respond to Do Not Track (“DNT”) signals.
How to Delete Your Account and What Happens When You Delete Your Account
If you want to delete your Account, you may send a request by contacting us at email@example.com. We attempt to comply with our users’ requests in deleting their accounts, however there may be circumstances where we deem it inappropriate to comply. Before we will comply, we require “proof of authority” on the requesting account. What constitutes "proof of authority" will vary depending on the circumstances, but generally we will require sufficient identifying information so that we can be confident you are the Account owner. Deleting your Account will not fully remove the content you have contributed to the Services. References to your Account information may not be immediately removed.
Where to Direct Questions or Concerns
If you have any questions or concerns regarding privacy using the Services, please send us a detailed message at firstname.lastname@example.org.