At Mozilla, we believe that privacy is fundamental to a healthy internet
That’s why we build our products, to give you greater control over the information you share online and the information you share with us. In this Privacy Notice, we explain what data we process, how we process it, and for what purposes. Then, we explain how you can exercise choices about how we process your information.
How Mozilla processes your data
To provide you with your Mozilla account
Mozilla accounts allow you to access Mozilla services across devices with a single login. To enable this, Mozilla processes your account data, contact data (email address) and authorization data. You can also choose to provide additional content data, such as a display name or profile image.
Mozilla also collects certain data, like technical and settings data, to provide the core functionality of Mozilla accounts and its connected services, connect new devices, remember and respect your settings, and provide you with default features such as sync and our built-in VPN.
If you enable sync, Mozilla receives the information that you sync across devices in encrypted form; this may include Firefox tabs, add-ons, passwords, form autofill information, bookmarks, history, and preferences. This encryption is end-to-end: your data is encrypted before it ever leaves your browser and can only be decrypted by another sync client with the encryption keys; Mozilla cannot decrypt this information.
When you subscribe to services that require a paid subscription, your payment will be processed in accordance with the Mozilla Subscription Services Privacy Notice. Mozilla hesabınızın (fatura adresiniz ve ödeme yönteminizin son dört hanesi de dahil olmak üzere) ve hesabınızın abonelik durumu kaydeder. Mozilla ödeme bilgilerinizin tamamını saklamaz.
More details, including how to adjust your data settings: You can learn more about how to manage your Mozilla account, how to enable sync, more details on how sync works and more details on the data we collect for accounts.
To provide and improve Mozilla accounts and connected services
We also need to process data to keep Mozilla accounts operational, improve features and performance, and identify, troubleshoot and diagnose issues. For this we use technical, location and settings data, as well as interaction and system performance data.
We process technical and interaction data to better understand how you engage with our services, such as your visits to the Mozilla accounts website or our help pages, dashboards and menu preferences, what products and services you use in connection with your Mozilla account (including your use of Firefox, such as how often you use Firefox and when you last synced your data), what devices you’ve used to engage with us and your interactions with our emails and SMS messages. This allows us to understand how people access and use our services, which helps improve our business and the functionality of our services.
When you use connected services, your data will be processed in accordance with the relevant service’s privacy notice:
- Firefox Browser
- Mozilla Subscription Services for Mozilla VPN, Mozilla Monitor, and Firefox Relay
- MDN Plus
- Thunderbird
If a Mozilla account connected service experiences an unexpected issue (for example, a crash) we use a third-party service to collect technical and interaction data such as error messages, device information and application state at the time of the crash, in order to help us diagnose and fix issues in our services.
More details, including how to adjust your data settings: You can update your Mozilla accounts data collection settings at any time. Please see the relevant notice for your data settings in relation to any connected services.
To provide and improve security
Mozilla uses technical and interaction data to help secure access to Mozilla accounts, enable transfer of encrypted data for sync and detect suspicious activity. Mozilla also uses a third-party Web Application Firewall to improve protection against web-application and DDoS attacks. All data stored on Mozilla servers is encrypted.
To pseudonymize, de-identify, aggregate or anonymize data
As part of the activities outlined above, such as understanding usage of Mozilla accounts and measuring our marketing, we may create pseudonymous, de-identified, aggregated or anonymized data. In some cases, we may share or publish aggregated and anonymized data to facilitate research or as part of the lawful business purposes outlined above.
To communicate with you, including when marketing our services
We use your contact data to communicate with you. We may contact you for reasons such as to alert you if we detect suspicious activity on your account, to verify changes to your account information, to send you marketing-related communications or to respond to customer support communications, and we may use third-party service providers to manage our communications with you. We also process interaction data related to these communications to better understand who has received them.
To comply with applicable laws, and identify and prevent harmful, unauthorized or illegal activity
We may also be required to process your personal data to comply with applicable laws and data protection purposes, such as:
- Responding to lawful requests and complying with legal processes, such as responding to subpoenas, investigations, or requests from government authorities. Mozilla requires a valid Legal Process to compel the disclosure of Specific User data to a government.
- Responding to requests to exercise privacy rights, such as your right to access or delete your personal data.
- Identifying, investigating and addressing potential fraudulent activities, or other harmful activities such as illegal activities, cyberattacks or intellectual property infringement (including filing or defending legal claims).
- Performing content moderation and related trust and safety activities.
- Performing internal compliance and security activities, such as audits and enterprise security management.
How we share your personal data
To provide our services as described above, we may disclose personal data to:
| Partners, service providers, suppliers and contractors | To perform the purposes listed above, we work with partners, service providers, suppliers and contractors. We have contractual protections in place, so that the entities receiving personal data are contractually obligated to handle the data in accordance with Mozilla’s instructions. Daha fazla bilgi alın. |
| Authorities | Mozilla requires a valid Legal Process to compel the disclosure of specific user data to a government. In those instances we may need to disclose the personal data set out in this Notice to law enforcement, government authorities, or similar entities to comply with applicable laws, and to identify and prevent harmful, unauthorized or illegal activity. |
| Researchers | When we are fulfilling our mission of being open. We sometimes release information to make our products better and foster an open web, but when we do, we will do so in a de-identified or aggregated format. |
| Mozilla controlled entities and successors | As a global company, we share data across Mozilla-controlled affiliates and subsidiaries. We may also need to disclose personal data as part of a corporate transaction, such as a merger, acquisition, sale of assets or similar transaction. |
International transfers of data
Mozilla Corporation (and our servers) are based in the United States. Because we are a global company, in order to provide the services outlined in this Privacy Notice, the information we collect may be accessed from locations where our people are located and may also be transferred to other jurisdictions as a result of sharing data with our partners. Whenever data is transferred across international borders, we ensure we have appropriate mechanisms in place (such as standard contractual clauses approved by the European Commission and other relevant authorities) to protect your personal data. You can contact dpo@mozilla.com for information on the safeguards implemented for international transfers, or for copies of the relevant standard contractual clauses.
How long we keep your data
We only retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Notice. In general, your account data is retained for as long as your account is active. You should note that Mozilla periodically deletes accounts that have not been signed in for more than two years (we’ll attempt to send you a reminder prior to taking this action).
With regard to the technical, settings and interaction data we collect, we generally maintain this data for up to 25 months, but actual retention periods may vary depending on the type of data and the purpose(s) for which it was collected (for example, we retain your “first opened” date of your account, so we know how long you’ve been a Mozilla account holder). Specific retention periods may also depend on the sensitivity of the data, the context of its collection, your settings and preferences, and our legal or contractual obligations to retain or delete your data, such as for fraud prevention, regulatory compliance, or service continuity. Once the retention period expires we securely delete your data, unless otherwise required by law.
Our services also use encrypted backup storage as another layer of protection to help recover from potential disasters; data in these environments is put beyond use and only processed for business continuity purposes. We may also retain data for extended periods of time on a de-identified or aggregated basis.
Your rights and choices
Your rights
You have the right to:
- Be informed about what data we process about you, why and who it’s shared with (that’s this Notice!)
- Request a copy of the data we have about you
- Request portability of your data
- Request correction of any data we hold about you that is inaccurate or incomplete
- Have personal data we hold about you deleted (in certain circumstances)
- In some cases, restrict or object to how we use your personal data
- Complain to your relevant data protection authority if you have concerns about how we’re handling your personal data. We’d prefer it if you contact us first (via dpo@mozilla.com), but you can also reach out to your relevant EU data protection authority, or search for (and contact) your local data protection authority
To make any of the above requests regarding your personal data, please contact us (Mozilla Corporation) through our Data Subject Access Request Portal; we will never discriminate against anyone for exercising their privacy rights. If you have any other questions regarding personal data or our privacy practices, please contact us at compliance@mozilla.com.
If you’re in the UK or EEA, you can also contact our Data Protection Officer at dpo@mozilla.com, or by mail at:
Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels
Belgium
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws, and we may need to ask you for additional information to confirm your identity before we can proceed with your request.
Your choices
You can update your Mozilla account settings at any time.
Changes
We may need to change this policy and our notices, in which case the updates will be posted online, we will update the effective date of this notice and announce the update more prominently through Mozilla's usual channels for such announcements, such as blog posts and forums.
Data definitions
| Data Type | Description | Examples for Mozilla account users |
|---|---|---|
| Account data | This is data related to the management of your Mozilla account, such as registration information. | Account username, display name, Mozilla account ID. |
| Authentication data | We receive data to secure your accounts, and also create authentication-related data to maintain your account security. | Password hash, tokenData. |
| Contact data | The email address you provide as part of your account registration, in addition to any other contact data you may choose to provide to us. | Email address, secondary email address, phone number. |
| Interaction data | This is data about how you engage with our services. | Click counts, event logs, usage data. |
| Language preference | Your inferred or preferred language (if you provide it in settings) for interacting with our services. | Language. |
| Location | We infer your location from your IP address at the level of your country, city, or region. | Country code, city. |
| Settings | These are your preferences or settings as to how the services are provided, such as your privacy preferences. If you have not made any specific choices, these will be the default settings. | Privacy settings, account settings. |
| System performance data | This is data about how the services are operating on your device. | Timestamps, submission success/failure. |
| Technical data | This is information about the hardware you are accessing our services from (such as your desktop computer, smartphone or tablet), its configurations and connections. | Device operating system, browser and version, timestamp, locale. |
| Unique identifiers | These are unique identifiers, which may be created at various times to manage your interactions with the service. | Accounts_id, session_id. |