Firefox Sync Privacy Policy

What You Should Know About Privacy & Firefox Sync

  • We need your username and email address to register you on the service, but we don’t ask for other personal information.
  • Your data is only used to provide the Firefox Sync service.
  • Firefox Sync on your computer encrypts your data before sending it to us so the data isn’t sitting around on our servers in a usable form.
  • We don’t sell your data or use ad networks on the Firefox Sync webpages or service.
  • For the full text of our privacy practices and all the “legalese” and details, please read our privacy policy below.

Firefox Sync Privacy Policy

Last Updated: May 21, 2010   |  Download printable format (PDF)

This privacy policy explains to what extent Mozilla Corporation (*) (“Mozilla”) collects and uses information about users of Firefox Sync (“Firefox Sync Service”), where such users use the Mozilla-created servers and client. This privacy policy also covers Firefox Home, which utilizes the Firefox Sync Service.

Definitions

“Personal Information” is information that you provide to us that personally identifies you, such as your name, phone number, or email address. Except for your email address, Mozilla does not collect or require end-users of Firefox Sync Service to furnish Personal Information.

“Non-Personal Information” is information that cannot by itself be directly associated with a specific person or entity. Non-Personal Information includes but is not limited to your computer’s configuration and the version of Firefox Sync you use.

“Potentially Personal Information” is information that is Non-Personal Information in and of itself but that could be used in conjunction with other information to personally identify you. For example, Uniform Resource Locators (“URLs”) (the addresses of web pages) and Internet Protocol (“IP”) addresses (the addresses of computers on the internet) can be Personal Information when combined with internet service provider (“ISP”) records.

“Operational Data” means aggregated data regarding users’ usage of the Firefox Sync Services, such as access log data (such as data about when people access the service and with what piece of software), how many records of each type users were creating in aggregate (such as how many bookmarks, history, or tabs users have created and synced). Mozilla collects Operational Data to help us so that we can ensure that we have sufficient storage to meet user needs and otherwise to help with the operations of the Services.

“Usage Statistics” refers to the Non-Personal Information Mozilla will use to understand your use of the Firefox Sync Service. Such information may include but is not limited to the amount of data you are storing with the service, the frequency with which you access the service, bandwidth utilization, and traffic shaping.

“User Data” is the digital content stored on, manipulated, and transmitted to and from Mozilla’s servers by means of your use of Firefox Sync. Examples of User Data include those items that you choose to synchronize across devices using Firefox Sync, such as your browsing history, form history, bookmarks, saved passwords, preferences, and open tabs. User Data does not include your username, email address, or password.

Gathering, Use and Disclosure of Transmission Data

Account Information

Before you are able to access Firefox Sync, you will be required to register. To register, the Firefox Sync Service will require the following Personal Information and Potentially Personal Information from you: your email address, username, and password. Mozilla will not make any of this information public. Your username and email address are transferred to Mozilla using encryption called SSL. Your email address is used by us to provide you the services, such as allowing us to help you recover your account if you lose your password. (Feel free to use an email account set up just for using Firefox Sync Service if you’d like.) Your password is transferred to Mozilla using SSL encryption but is only retained by Mozilla’s servers in a hash format (which means a low level of encryption is applied).

As part of registration, you will also create a secret phrase. However, the Firefox Sync Service is designed so that your secret phrase resides on your computer and is not transmitted to the Firefox Sync servers or to Mozilla.

Once you have registered, your password and secret phrase are used to help prevent unauthorized access to your account.

Encrypted User Data

The Firefox Sync Service encrypts User Data on your computer and uploads encrypted User Data over the network using SSL communication. We believe that user privacy is important, and we require that the User Data is encrypted to reside on Mozilla’s Firefox Sync Service servers. Those items you choose to synchronize across devices using Firefox Sync are examples of User Data that is designed to be encrypted before leaving your computer. These can include your browsing history, form history, bookmarks, saved passwords, preferences, and open tabs.

Data Used to Provide the Services

Mozilla receives and uses the following information for the purpose of providing and improving the Firefox Sync Service: IP address, username, date and time of accessing the Firefox Sync Service, and various operational data such as the type of client OS and Firefox version (which are also known as the user agent string).

The Firefox Sync Service also receives the host names you have given your devices that you are syncing. These names are used to label your tabs within Firefox Sync. If you don’t want to share your name, you should consider naming your devices with fanciful names rather than your actual name. The information is transmitted via SSL. Currently, you can opt out of this by visiting about:config.

Disclosure to Third Parties

To safeguard your privacy, the Firefox Sync Service is purposely designed so that the amount of data that Mozilla has access to is limited, either by encryption or not collecting it in the first place. This is why User Data and your password and secret phrase are either encrypted before being sent to Mozilla’s servers or not sent to Mozilla’s servers at all. And this is also why Mozilla doesn’t collect other information at all like your name or phone number.
For that set of information that Mozilla does have, Mozilla only makes Personal Information and Potentially Personal Information available to its employees, contractors, and selected contributors who signed confidentiality agreements that prohibit them from using or disclosing your Personal Information other than for Mozilla purposes to provide the Firefox Sync Service. Furthermore, Mozilla will not knowingly disclose Personal Information or Potentially Personal Information to other third parties unless required to do so, such as in order to comply with any law, regulation, or valid legal process, such as a search warrant, subpoena, statute, court order, or if necessary or appropriate to address an unlawful or harmful activity. Do note, however, that even in this case the key issued by the Firefox Sync Services to decrypt certain portions of your data resides on your computer and not on Mozilla’s.

What Data is Analyzed by Mozilla?

Without your explicit approval and opt-in, Mozilla will only use the Usage Statistics to understand your use of the Firefox Sync Service.

How Are the Usage Statistics Used?

Mozilla will use the Usage Statistics gathered through the operation of the Firefox Sync Service to improve Firefox Sync Service and other related Mozilla products and services. By identifying patterns and trends in usage, Mozilla and its community is able to better design products and services to improve users’ experiences, both in terms of content and ease of use.

Where is the Operational Data Available?

Mozilla is an open organization that believes in sharing as much information as possible about its products, its operations, and its associations with its wider community. As such, Firefox Sync Service users should expect that Mozilla will make all Usage Statistics publicly available at some point. However, any publicly available Usage Statistics will only be reported on an aggregate, anonymous basis. No Personal Information or Potentially Personal Information will be available in any of these public reports.

How to Disable or Opt-Out of Firefox Sync

If at any time, you decide you no longer want to have the Firefox Sync Service, you may un-install the Firefox Sync add-on. Click on the “Tools” menu, then “Add-ons”, select Firefox Sync and click “Uninstall”.

Other Disclosures

In certain other limited situations, Mozilla may disclose your Personal Information, such as when necessary to protect our websites and operations (e.g., against attacks); to protect the rights, privacy, safety, or property of Mozilla or its users; to enforce our terms of service; and to pursue available legal remedies. Additionally, Mozilla may need to transfer Personal Information to an affiliate or successor in the event of a change of our corporate structure or status, such as in the event of a restructuring, sale, or bankruptcy.

Service Providers

We work with third parties who provide services (like companies that help us determine the number of users of Firefox Sync and various features of Firefox Sync) and content delivery networks and other services of an administrative nature. We may share Personal Information and Potentially Personal Information about you with such third parties for the purpose of enabling these third parties to provide such services, which is why we limit the nature and scope of what we collect about you in the first place.

Transfer of Data to the U.S.

Mozilla is a global organization and operates in different countries. Privacy laws and common practices vary from country to country. Some countries may provide for less legal protection of your personal data; others may provide more legal protection. By using the Firefox Sync Service, you consent to the transfer of the information collected, as outlined by this Policy, to Mozilla in the United States, which may provide a lesser level of data security than in your country of residence.

Data Retention

We will retain any information collected for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required by law and/or regulations.

Privacy Policy Changes

Mozilla may change this Privacy Policy from time to time. Each time you use the Firefox Sync Service the current version of this Privacy Policy will apply. Any and all changes will be reflected on this page. You should periodically check this page for any changes to the current policy. To make your review more convenient, we will post an effective date at the top of this page. Material changes will also be announced through the standard mechanisms through which Mozilla communicates with the Mozilla community. It is your responsibility to ensure that you understand the terms of this Privacy Policy.

What This Privacy Policy Doesn’t Cover

This policy does not apply to other Mozilla websites, products, or services. It also does not apply to your use of third-party providers of the Firefox Sync client or use of non-Mozilla servers. If you choose to use a Firefox Sync client or servers provided by an entity other than Mozilla, this policy does not apply and Mozilla assumes no liability whatsoever for such services.

If you use Mozilla’s Firefox Sync servers and a Firefox Sync client-end application (meaning the software that resides on your computer that talks to Mozilla’s servers) that was not developed by Mozilla, here’s what is different: the third-party client may send different information to our servers and that information may not be encrypted. So none of the information in this policy about what information Mozilla receives and in what format it is received applies. However, to the extent Mozilla’s servers receive information sent by a third-party client app, we will only disclose it to third parties to the same extent as we would information that was transmitted to our servers from a Mozilla-created client app.

For More Information

You may request access, correction, or deletion of Personal Information or Potentially Personal Information, as permitted by law. We will seek to comply with such requests, provided that we have sufficient information to identify the Personal Information or Potentially Personal Information related to you.
Any such requests or other questions or concerns regarding this Policy and Mozilla’s data protection practices should be addressed to:

Mozilla Corporation
Attn: Legal Notices – Privacy
650 Castro Street, Suite 300
Mountain View, CA 94041-2072
Phone: +1-650-903-0800
E-mail: privacy@mozilla.com

(*) Mozilla Corporation is a wholly-owned subsidiary of the non-profit Mozilla Foundation.