Updated: March 8, 2017
1. What information does Firecite collect?
- Firecite collects information when you use our services and information you provide us when you create an account. We also collect information contained in any correspondence with Firecite via email, telephone, or chat application. The information you give us may include your name, address, e-mail address, mailing address, phone number, state bar number, credit card information, personal description, photograph, and resume. We also store the content that your upload to the website in order to provide you with the features and functionality of the website.
- You provide information when you search, post projects, bid, participate in a conversation, provide information in your account or communicate with customer or technical support services. For example, you may provide information when you provide information in your account or profile ; communicate with us by phone, e-mail, or otherwise; complete a contact or feedback form; and provide reviews. As a result of those actions, you might supply us with such information as your name, address, date of birth, state bar number and phone numbers; content of reviews and e-mails to us; personal descriptions, photograph in your profile ; and financial information, including credit card information, Social Security information, and bank account details.
3. How does Firecite use information collected?
- Firecite does not share any of your personally identifiable or transactional information, or any content you upload to this website with any third party or entity except as laid out in this policy.
- Firecite may use your contact information to communicate with you about your use of this website. Firecite may use your email address to notify you about changes to the service and policies, solicit feedback regarding your use of the website, and to provide you with notifications regarding activity connected with your account. We may also send you surveys, promotions, announcements, newsletters, and other marketing or commercial e-mails related to this website.
- We do not rent, sell, or share personal information about you with other people or non-affiliated companies or entities for marketing purposes (including direct marketing purposes) without your permission. We may use and share non-personal or aggregated information for our own marketing purposes, including, without limitation, marketing on other websites.
- Firecite may use personal information collected during the creation and ongoing maintenance of Provider Accounts to create and publicly display Provider Profile web pages. Providers have the ability to edit and modify the personal information that is displayed on their public profile page.
4. How is my information shared?
- We disclose personal information to respond to legal requirements. Such information will be disclosed in accordance with applicable laws and regulations.
- We may disclose your personal information in order to enforce our User Agreement and other terms or to protect the rights, property, or safety of others.
- If Firecite is acquired, sold, merges, or otherwise transitions to a new entity, your personal information will be sold, acquired by, merged with, or otherwise transitioned to the possession of the new entity. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
- We will share and disclose your personal and financial information with our merchant partner for the sole purpose of facilitating transactions on the website and compliance with applicable tax regulations.
- We may provide access to your personal information to our third party technical and hosting partners exclusively for the purpose of providing website features and functionality, including but not limited to the following services: hosting and storage, merchant processing, analytics, and product integrations into the website.
5. How is my connection secured?
Firecite takes security very seriously and desires to maintain a secure marketplace. To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security at Firecite.
All browser connections to Firecite are secured and encrypted using Transport Layer Security (TLS). TLS and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as "SSL", are cryptographic protocols that provide communications security over a computer network. TLS refers to the process of securely transmitting data between an app or browser being used and the server being used. The term “SSL” continues to be used colloquially when referring to TLS and its function to protect transmitted data.
TLS attempts to accomplish the following:
- Encrypt and verify the integrity of traffic between your browser and Firecite
- Verify that you are communicating with Firecite.
Firecite forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard. We use HSTS to ensure browsers interact with Firecite only over HTTPS.
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We regularly perform penetration testing, network & vulnerability scans and code reviews.
6. How is my information secured?
Anyone involved with the processing, transmission, or storage of credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Our payment processor has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
When you provide sensitive credit card information or billing information to Firecite, it is not stored in our databases. Instead it is securely transmitted one-time to our payment processor, where all card numbers are encrypted on disk with AES-256. The steps taken to secure payment information are extreme:
- Decryption keys are stored on separate machines.
- None of our processor's internal servers and daemons are able to obtain plaintext card numbers
- The infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with primary services.
The only billing information Firecite retains is the last 2 digits of bank accounts and credit cards to help reference these items to our customers when needed. This information is encrypted on disk with AES-256. We regularly audit the details of our implementation including the ciphers we support.
Sensitive project data is also encrypted on disk with AES-256. This includes active project conversations within the Firecite dashboard, and uploads and work product uploaded via the Firecite dashboard.
7. What choices do I have pertaining to my data?
- You can always choose not to provide information, even though it might be needed to make a bid or project posting or to take advantage of other Firecite features.
- You can add or update certain pieces of information via the Firecite dashboard and the edit profile sections. When you update information, we may keep a copy of the prior version for our records. Projects and bids can be edited and cancelled unless live. In that case deletion can be requested via email. User accounts can be deleted which results in a complete wipe of all of your information from our systems.
- Examples of information you can access easily at firecite.com include up-to-date information regarding recent project postings, bids and conversations; personally identifiable information (including name, e-mail and password); billing settings (including credit card information and bank account information); and your personal profile.