Privacy Policy

Updated: March 8, 2017

Firecite is committed to respecting your privacy and ensuring a secure marketplace. This policy sets out what information we collect from you and how we use and secure that information. Please read this policy carefully. By using the Firecite website and accepting the User Agreement you also agree to this Privacy Policy. If you do not agree to this Privacy Policy, you must not use the Firecite website.

1. What information does Firecite collect?

  • Firecite collects information when you use our services and information you provide us when you create an account. We also collect information contained in any correspondence with Firecite via email, telephone, or chat application. The information you give us may include your name, address, e-mail address, mailing address, phone number, state bar number, credit card information, personal description, photograph, and resume. We also store the content that your upload to the website in order to provide you with the features and functionality of the website.
  • You provide information when you search, post projects, bid, participate in a conversation, provide information in your account or communicate with customer or technical support services. For example, you may provide information when you provide information in your account or profile ; communicate with us by phone, e-mail, or otherwise; complete a contact or feedback form; and provide reviews. As a result of those actions, you might supply us with such information as your name, address, date of birth, state bar number and phone numbers; content of reviews and e-mails to us; personal descriptions, photograph in your profile ; and financial information, including credit card information, Social Security information, and bank account details.
  • Examples of the information we collect and analyze include the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform; the full Uniform Resource Locator (URL) clickstream to, through, and from our Web site, including date and time; cookie number; and the phone number you use to call our phone number. We may also use browser data such as cookies, or similar data on certain parts of Firecite for fraud prevention and other purposes. During some visits we may use software tools such as JavaScript to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. We may also collect technical information to help us identify your device for fraud prevention and diagnostic purposes.

2. Does Firecite use cookies or tracking scripts?

Cookies are pieces of data assigned by a web server that uniquely identify the browser on your computer or phone. We use cookies to enable the site to remember you on subsequent visits, speeding up or enhancing your experience of services or functions offered. We also use cookies to gather information about how you use and navigate our website. You have the option to disable cookies at any time through your browsers but this could limit or reduce functionality.

We may use cookies, beacons, tags and scripts and other technologies to track and analyze your activity on the website. We use this technology to optimize the website, learn about user preferences, and analyze trends.

3. How does Firecite use information collected?

  • Firecite does not share any of your personally identifiable or transactional information, or any content you upload to this website with any third party or entity except as laid out in this policy.
  • Firecite may use your contact information to communicate with you about your use of this website. Firecite may use your email address to notify you about changes to the service and policies, solicit feedback regarding your use of the website, and to provide you with notifications regarding activity connected with your account. We may also send you surveys, promotions, announcements, newsletters, and other marketing or commercial e-mails related to this website.
  • We do not rent, sell, or share personal information about you with other people or non-affiliated companies or entities for marketing purposes (including direct marketing purposes) without your permission. We may use and share non-personal or aggregated information for our own marketing purposes, including, without limitation, marketing on other websites.
  • Firecite may use personal information collected during the creation and ongoing maintenance of Provider Accounts to create and publicly display Provider Profile web pages. Providers have the ability to edit and modify the personal information that is displayed on their public profile page.

4. How is my information shared?

  • We disclose personal information to respond to legal requirements. Such information will be disclosed in accordance with applicable laws and regulations.
  • We may disclose your personal information in order to enforce our User Agreement and other terms or to protect the rights, property, or safety of others.
  • If Firecite is acquired, sold, merges, or otherwise transitions to a new entity, your personal information will be sold, acquired by, merged with, or otherwise transitioned to the possession of the new entity. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
  • We will share and disclose your personal and financial information with our merchant partner for the sole purpose of facilitating transactions on the website and compliance with applicable tax regulations.
  • We may provide access to your personal information to our third party technical and hosting partners exclusively for the purpose of providing website features and functionality, including but not limited to the following services: hosting and storage, merchant processing, analytics, and product integrations into the website.

5. How is my connection secured?

Firecite takes security very seriously and desires to maintain a secure marketplace. To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security at Firecite.

All browser connections to Firecite are secured and encrypted using Transport Layer Security (TLS). TLS and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as "SSL", are cryptographic protocols that provide communications security over a computer network. TLS refers to the process of securely transmitting data between an app or browser being used and the server being used. The term “SSL” continues to be used colloquially when referring to TLS and its function to protect transmitted data.

TLS attempts to accomplish the following:

  • Encrypt and verify the integrity of traffic between your browser and Firecite
  • Verify that you are communicating with Firecite.

Firecite forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard. We use HSTS to ensure browsers interact with Firecite only over HTTPS.

We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We regularly perform penetration testing, network & vulnerability scans and code reviews.

6. How is my information secured?

The data that we collect from you will be stored and backed up in destinations within the United States. All storage and hosting used by Firecite is Type 2 SOC 2, ISO 27001, and ISO 27018 compliant. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. All information you provide to us is stored on secure servers in a controlled environment with limited access.

Anyone involved with the processing, transmission, or storage of credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Our payment processor has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.

When you provide sensitive credit card information or billing information to Firecite, it is not stored in our databases. Instead it is securely transmitted one-time to our payment processor, where all card numbers are encrypted on disk with AES-256. The steps taken to secure payment information are extreme:

  • Decryption keys are stored on separate machines.
  • None of our processor's internal servers and daemons are able to obtain plaintext card numbers
  • The infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with primary services.

The only billing information Firecite retains is the last 2 digits of bank accounts and credit cards to help reference these items to our customers when needed. This information is encrypted on disk with AES-256. We regularly audit the details of our implementation including the ciphers we support.

Sensitive project data is also encrypted on disk with AES-256. This includes active project conversations within the Firecite dashboard, and uploads and work product uploaded via the Firecite dashboard.

7. What choices do I have pertaining to my data?

  • You can always choose not to provide information, even though it might be needed to make a bid or project posting or to take advantage of other Firecite features.
  • You can add or update certain pieces of information via the Firecite dashboard and the edit profile sections. When you update information, we may keep a copy of the prior version for our records. Projects and bids can be edited and cancelled unless live. In that case deletion can be requested via email. User accounts can be deleted which results in a complete wipe of all of your information from our systems.
  • Examples of information you can access easily at firecite.com include up-to-date information regarding recent project postings, bids and conversations; personally identifiable information (including name, e-mail and password); billing settings (including credit card information and bank account information); and your personal profile.
  • The Help feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons by changing the add-on's settings or visiting the Web site of its manufacturer. Because cookies allow you to take advantage of some of Firecite's essential features, we recommend that you leave them turned on.

8. Changes to Our Privacy Policy

Any material changes we may make to our privacy policy in the future will be posted on this page prior to the change becoming effective and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy