Our Commitment to Your Privacy
Using the App, you can operate the physical Firewalla cybersecurity box to help protect your home/business from cyber intrusions (the “Service”).
For more information on how the Firewalla physical products interact with your data. Please see this FAQ article.
“Company” means Firewalla Inc, 3031 Tisch Way, STE 110 Plaza West, San Jose, CA, 95128, USA.
“GDPR” means the General Data Protection Regulation Act. (This is a law that applies in the European Economic Area (EEA).)
“Data Controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. The Company is the Data Controller for the personal data you submit via the Site.
“Data Processor” means any natural or legal person who processes the data on behalf of the Data Controller.
Data Subject is any living individual who is using our Site.
Principles for Processing Personal Data
Our principles for processing personal data subject to the GDPR are:
- Fairness and lawfulness. When we process personal data, the individual rights of the Data Subjects must be protected. All personal data must be collected and processed in a legal and fair manner.
- Restricted to a specific purpose. The personal data of Data Subject must be processed only for specific purposes.
- Transparency. The Data Subject must be informed of how his/her data is being collected, processed and used.
Accuracy. We take reasonable steps to ensure that personal data will be accurate, and that any mistakes are rectified or erased without delay.
Storage Limitation. We will not keep personal data for longer than we need it. (However, we may keep anonymized data for an indefinite term.)
Confidentiality and Integrity. We use appropriate measures to maintain the confidentiality and integrity of personal data.
What information do we collect?
We collect different information depending on whether you use the App, Site, MSP, and/or Service.
Our third-party billing service provider will also collect information such as your full name, credit card number, and billing address.
We collect some data and information that your mobile device sends when you use Firewalla Services. This information may include a device identifier, user settings, and the type of operating system used by your device. We may also collect information about your use of Firewalla Services.
We may collect and store information about your location. We may do this by converting your IP address into a rough geo-location or access your mobile device’s GPS coordinates if you enable location services on your mobile device. We may use your location information to improve and personalize Firewalla Services.
Our hardware devices collect and transmit limited, aggregated traffic information to our cloud provider (AWS) and sometimes the App. We store this information for up to sixty days on our servers.
If you use MSP Professional your data will be stored for 30 days. If you use MSP Business your data will be stored for 180 days. In the event you cancel your subscription your MSP data will be stored for up to seven (7) days after the cancellation date.
We and our third-party service providers may collect certain information about your use of our Products. For example, we may collect and/or use:
- Log information (including your IP address, browser type, Internet service provider, referring and exit pages, operating system, dates/time of access, and related data)
- Cookies and tracking pixels collect Information as discussed below
- Web beacons (also called “Internet tags” or “clear gifs”; used to count visitors to our Product and which pages were viewed and links clicked)
- Embedded scripts (code temporarily downloaded onto your device to collect information about your interactions with the Service and thereafter deleted or deactivated)
- For information on what data is stored in MSP - can be found in this article
Where do we store your information?
Your information may be stored on our own servers or in servers owned by third-party cloud storage providers.
How do we use your information?
Information and User Content we collect from you might be used:
- To provide you with Services
- For marketing purposes
- To respond to your messages and comments
- To provide customer support
- To send you technical notices
- To verify your identity when you return to the Site
- To personalize the ads you see when you visit other sites
- To process transactions
Legal Basis for Collecting and Processing Personal Data
Our legal basis for collecting and using the personal data described in this Policy depends on the personal data we collect and the specific context in which we collect the information:
- We need to perform a contract with you.
- You have given us permission to do so.
- Processing your personal data is in our legitimate interests.
- We need to comply with the law.
Please be aware that if you do not provide personal data we may be unable to provide some Services to you.
Yes, our Site uses Tracking Pixels.
Cookies are small files that include an anonymous unique identifier. Cookies let us recognize your browser and remember certain information about you in order to personalize your experience of our Site and Services.
We may use both persistent and session cookies. Persistent cookies remain on your computer after you close your session until you delete them; session cookies expire when you close your browser.
A tracking pixel is a tiny pixel-sized image that allows us to track your website visits, advertising impressions, and other types of Internet activity. It’s also sometimes called a web bug, beacon, or page tag.
Do We Use Google Ads or other remarketing methods?
We may use the Google Ads remarketing service to advertise on third party websites (including Google) to previous visitors to our Site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example using the contact form to make an inquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network.
You can set preferences for how Google advertises to you using the Google Ad Preferences page.
Do we use Google Analytics?
For more information on Google Analytics or to opt-out of having your information shared through Google Analytics, visit: http://www.google.com/intl/en/analytics/privacyoverview.html.
We use this information to make our Site easier to find on the Internet and to improve our Site by learning which pages and features are interesting to our visitors. We treat this information as non-personal information and do not attempt to connect it to personally identifiable information, except as otherwise required by law.
Do we transfer your data to other countries?
No, we currently do not transfer your data to other countries. We may in the future transfer to, and store the data we collect about you in, countries other than the country in which the data was originally collected, including the United States, Canada or other destinations outside the European Economic Area (“EEA”). Those countries may not have the same data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA.
If you are located in the EEA, we will only transfer your personal data if:
the country to which the personal data will be transferred has been granted a European Commission adequacy decision;
The recipient of the personal data is located in the US and has certified to the US-EU Privacy Shield Framework; or
- We have put in place appropriate safeguards in respect of the transfer, for example we have entered into EU standard contractual clauses with the recipient, or the recipient is a party to binding corporate rules.
You may request more information about the safeguards that we have put in place in respect of transfers of personal data by contacting us.
How Do We Respond to “Do Not Track” Signals?
We may track your browsing behavior to better tailor suggestions and information for you.
Some third party sites also keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.
You can opt out of certain tracking by adjusting the settings on your browser. However, many websites (including the Site) may not respond to such signals.
There are also browser extensions that may block tracking. Again, they may not be effective in all cases.
How long do we store your information?
We intend to store some of your information and User Content indefinitely.
What about links to other websites?
We may provide links to or compatibility with other websites. However, we’re not responsible for the privacy practices employed by those websites or the information or content they contain.
How do we protect your information?
We use appropriate physical, electronic, and other procedures to safeguard and secure the information we collect. However, please be aware that the Internet is an inherently unsafe environment, and that hackers are constantly working to defeat security measures.
Thus, we cannot guarantee that your information will not be accessed, disclosed, altered or destroyed, and by using Firewalla Apps and Services you accept these risks.
How can you protect your information?
We urge you to take steps to keep your personal information safe by not sharing it with others or posting it online.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise, transfer to outside parties your Personally Identifiable Information (PII) for commercial or marketing purposes.
We will not share any PII that we have collected from or regarding you except as described below.
We will, if required by a valid court order, provide your personal information in a civil or criminal proceeding.
If we’re acquired by a third party due to a merger, acquisition, or asset sale, or if our assets are acquired by a third party if we go out of business or declare bankruptcy, some or all of our assets, including your PII, might be disclosed or transferred to a third party acquirer as part of such a transaction.
We may disclose your PII to government or law enforcement officials or private parties if we, in our sole discretion, believe this is necessary or appropriate: (i) to respond to legal claims and subpoenas); (ii) to protect the intellectual property rights of our Company or third parties; (iii) to protect anyone’s safety; (iv) to stop any activity that we believe to be illegal, unethical, or actionable.
The Company works with certain third-parties to provide specific functionality within the Site.
By using the Site, you also authorize the engagement of these third parties as sub-processors of your data.
If you object to the sub-processors’ handling of your data on the terms indicated at the links, please terminate your use of the Site.
Amazon Web Services, Inc - DPA
Shopify - DPA
Stripe - DPA
Omnisend - DPA
Zendesk - DPA
Not Intended for Children
Our Products are not intended for children under the age of 13. We do not knowingly or specifically collect information from or about children under the age of 13.
Data Protection Rights
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
- The right to be informed of your rights
- The right to access, update or to delete the information we have on you
- The right of rectification (to correct mistakes)
- The right to erasure (known as “the right to be forgotten”)
- The right to restrict processing of your data
- The right to data portability
- The right to withdraw consent
If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here:http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you wish to withdraw your consent to process your personal data, please contact us. If you withdraw your consent, this will not make processing which we undertook before you withdraw your consent unlawful.
Last Updated: 5/10/2023