Privacy policy
Last updated
Firepush Ltd. (the "Company") is committed to protecting the privacy of individuals who visit the Company's Web sites and individuals who register to use the Services as defined below.
This Privacy Policy describes the Company's privacy practices in relation to the use of the Company's Web sites and the related applications and services offered by Firepush Ltd. under various brands, and which applications and services are accessible via the Company Web sites listed below (the "Services").
1. Websites Covered This Privacy Policy covers the information practices of the Firepush marketing website at getfirepush.com and the Firepush app at firepush.io (collectively referred to as "the Company's Web sites"). The Company's Web sites may contain links to other Web sites. The information practices or the content of such other Web sites are governed by the privacy statements of those other Web sites.
2. Information collected The Company collects individually identifiable information ("Personal Information") from individuals who visit the Company's Web site ("Web Site Visitors") and individuals who register to use the Services ("Customers"). When expressing an interest in obtaining additional information about the Services or registering to use the Services, the Company requires you to provide the Company with personal contact information, such as name, company name, address, phone number, and email address ("Required Contact Information"). When you subscribe to a paid plan, billing is handled by Shopify under the Shopify Billing API. Shopify charges your store under its own merchant agreement and pays the Company for your subscription. The Company does not collect or store your payment card details. The Company receives from Shopify limited subscription information such as your selected plan, the charge identifier and the charge status ("Billing Information"). Required Contact Information, Billing Information, and optional information about Customers are referred to collectively as "Data About Customers". As you navigate the Company's Web sites, Company may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons ("Web Site Navigational Information"). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol ("IP") address, geolocation and the actions you take on the Company's Web sites (such as the Web pages viewed and the links clicked). When Customer uploads or creates a subscriber list, or sets up a Web Push or SMS campaign via the Company's Services, the Company has access to the data on that list and to the content of the campaign. When Customer sends messages to recipients, the Company tracks delivery and engagement information (such as message delivery status and clicks on links) in order to measure and report on campaign performance and to improve the Services.
3. Subscriber lists, Campaign content and Campaign reports The Company ensures that all subscriber lists, campaign content and reports remain private and confidential. The Company may scan the content of your campaigns to ensure it complies with the Company's Terms of Use. The Company will not sell, rent, loan or invite external access to a customer's contact lists. Nor will Company themselves use customer's contact lists for any purpose.
4. Use of information collected The Company uses Data About Customers to perform the services requested. For example, if you fill out a "Contact Me" Web form, the Company will use the information provided to contact you about your interest in the Services. The Company may also use Data About Customers for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company, its affiliates, and its partners, such as information about promotions or events. The Company may use Data About Customers to send System Alert Messages to let you know about temporary or permanent changes to our Services including planned outages, new features offered, version updates, point releases, major releases, abuse warnings, changes to our Terms of Use and Privacy Policy and possibly other documents and agreements. The Company may use Data About Customers to help enforce compliance with our Terms of Use, Anti-Spam Policy and applicable law including, but not limited to, helping to create white lists and black lists, to develop and test algorithms, heuristics and other methods and tools for detecting violations and to apply those methods and tools. The Company uses Data About Customers to provide customer support and obtain feedback. The Company uses Billing Information solely to administer your subscription and confirm payment received through Shopify Billing. The Company uses Web Site Navigational Information to operate and improve the Company's Web sites. The Company may also use Web Site Navigational Information alone or in combination with Data About Customers to provide personalized information about the Company and the Services. Company may use both Data About Customers and Web Site Navigational Information to enforce the Company's Web site policies, or to protect the Company's rights and intellectual property or the rights of others using the Company's Web sites or the Services.
5. Sharing of information collected The Company may share Data About Customers with the Company's contracted service providers so that these service providers can provide services on the Company's behalf. Company may also share Data About Customers with the Company's service providers to ensure the quality of information provided. Unless described in this Privacy Policy, Company does not share, sell, rent, or trade any information with third parties for their promotional purposes. All payments for paid plans are processed by Shopify under its own Billing API. The Company does not have access to your payment card details; only Shopify does, under Shopify's own privacy framework. The Company reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company's rights and/or to comply with a judicial proceeding, court order, or legal process.
6. Correcting and updating you information The Company does it's best to keep Customer's data accurate and up-to-date to the extent that Customer provides the Company with the information the Company require to do that. If Customer's data changes (including, but not limited to, a change in Customer's email address) then Customer is responsible for notifying Company of those changes so that Company can keep Customer's records up-to-date. The Company will give Customer access to any of his Personal Information that the Company holds about him/her within 30 days of any request Customer makes for such information. The Company may charge for providing this information to Customer, as permitted by applicable law. Customers may update or change their registration information by editing their user or organization record. To update a user profile, please login to the Firepush app and edit your user settings, or send your request to [email protected]. To update an organization's information, please send your request to [email protected].
7. Security The Company takes precautions, including administrative, technical, and physical measures – to help safeguard Data About Customers against loss, theft, and misuse as well as unauthorized access, disclosure, alteration, and destruction. Service users are solely responsible for protecting their passwords, limiting access to their computers, and signing out of the Services after their sessions. The Company will notify Customer, as soon as possible, if a breach in security results in an unauthorized intrusion into Company's system which materially affects Customer or people on Customer's databases, and will subsequently report the corrective action taken in response to the intrusion.
8. Changes to this Privacy Policy The Company reserves the right to change this Privacy Policy. The Company will provide notification of the material changes to this Privacy Statement through the Company's Web sites and via e-mail if permission is given by Customer to be e-mailed at least thirty (30) days prior to the change taking effect.
9. In order to provide the Services, we collect and process the following information. The Services include two messaging channels: Web Push notifications and SMS. Some data items are common to both; others are required only by a specific channel and are noted as such below.
9.1. Shop data from Shopify (used across the Services for identification, scheduling, dashboard previews and to send campaigns):
- Shopify domain, domain name and Shopify shop ID
- Shop owner name, shop email and shop support email
- Shop currency and currency format
- Shop time-zone
- Shop HTTPS status and password-enabled status
- Shopify shop plan name and country code
- Shop owner review of the Firepush app
- A single random product (title, image and price) for the dashboard preview
9.2. Configuration data filled in by the shop owner:
- Subscribers and customers added to the channels you have enabled
- Campaign content (Web Push and SMS) and performance statistics
- Selected plan, for billing and support purposes
- For Web Push only: Firebase API key, Firebase sender ID and Firebase project name
9.3. Subscriber data (collected per subscriber, depending on the channels they have opted into):
- For Web Push: registration ID (Reg_ID), platform (Windows, iOS, etc.), browser (Chrome, Opera, Firefox, etc.), device type (tablet, desktop, mobile), device model, IP address and country code
- For SMS: phone number and country code
- Common to both channels: time-zone (used for scheduling and statistical purposes)
10. Contacts
If you have any questions about our Privacy Policy, or if you want to report privacy abuse, please contact us:
Firepush Ltd
93 Fernside Road, Poole, United Kingdom, BH15 2JQ
Phone: +44 7449 874447
Email: [email protected]
11. Cookie policy
This section explains the cookies and similar storage technologies used on getfirepush.com (the "Website"). It does not cover the Firepush app at firepush.io, which is the Shopify app you install in your store. The app is governed separately by our App privacy policy.
11.1 What cookies are
Cookies are small text files placed on your device by your browser when you visit a website. Some are essential to make the site work (for example, keeping you logged in or protecting forms from forgery). Others enable optional features, such as our live chat widget.
Where we mention "local storage" below, this is a similar browser-storage technology that we treat the same way as cookies for transparency.
11.2 Cookies and storage we set on this Website
The Website uses a small set of strictly necessary cookies, plus one optional service that loads only if you open our chat widget. We do not run analytics, advertising, or social-media tracking on this Website.
| Name | Purpose | Provider | Expiry | Type |
|---|---|---|---|---|
| firepush-session | Maintains your session while you browse the Website. Strictly necessary. | getfirepush.com | 2 hours | HTTP cookie (HttpOnly) |
| XSRF-TOKEN | Protects forms from cross-site request forgery (CSRF) attacks. Strictly necessary. | getfirepush.com | 2 hours | HTTP cookie |
| fp_cookie_consent | Remembers whether you have dismissed our cookie banner. Stored in your browser's local storage, not as a cookie. | getfirepush.com | Until you clear browser storage | Local storage |
| crisp-client/* (and related local storage) | Powers our live chat widget. Only set if you open the chat. Allows your conversation to persist between page loads. Provided by Crisp. | client.crisp.chat | Up to 6 months | HTTP cookie and local storage |
11.3 Your choices
Because we do not set advertising or analytics cookies on this Website, there is nothing to opt out of for those purposes. You can:
- Clear cookies and local storage at any time through your browser settings.
- Block cookies entirely through your browser settings, although this may stop parts of the Website from working.
- Avoid setting Crisp's chat cookies by not opening the chat widget.
11.4 Third-party links
The Website links to external sites (for example, the Shopify App Store, social-media profiles, and our help articles). We are not responsible for the cookies set by those sites. Please review their own privacy and cookie notices.
11.5 Changes
We update this section whenever the cookies used by the Website change. Material updates are reflected in the "Last updated" date shown at the top of this page.
12. Your rights
If you are located in the United Kingdom or the European Economic Area (EEA), you have the following rights in relation to the personal information we hold about you:
- Right of access - request a copy of the personal data we hold about you.
- Right to rectification - ask us to correct inaccurate or incomplete personal data.
- Right to erasure - ask us to delete your personal data, subject to certain legal exceptions.
- Right to restriction of processing - ask us to stop processing your personal data in specified circumstances.
- Right to data portability - request your personal data in a structured, commonly used and machine-readable format.
- Right to object - object to certain types of processing, including direct marketing.
- Right to withdraw consent - where we rely on consent as the lawful basis for processing, you can withdraw it at any time without affecting the lawfulness of earlier processing.
To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving a valid request.
You also have the right to lodge a complaint with a supervisory authority. In the United Kingdom this is the Information Commissioner's Office (ICO), at ico.org.uk. In the EEA, you can contact the supervisory authority in your country of residence.
13. International data transfers
Firepush is established in the United Kingdom. Some of the sub-processors we use to provide the Services are located outside the UK and the EEA, including in the United States.
Where personal data is transferred outside the UK or the EEA, we put in place appropriate safeguards. These typically include the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or other safeguards recognised by UK and EU data protection law.
You can request a copy of the relevant safeguards by contacting [email protected].
14. Sub-processors
To operate the Services and the Website we rely on a small number of third-party sub-processors. We share only the personal data necessary for each sub-processor to perform its function, and each is bound by a written contract that requires them to protect personal data to the same standard we do.
The main sub-processors we use are:
- Shopify Inc. - the platform our app integrates with. Data flows between Firepush and your Shopify store under Shopify's own privacy framework.
- Amazon Web Services (AWS) - cloud hosting and infrastructure that powers the Firepush Service (compute, storage, queues and databases).
- Cloudflare, Inc. - content delivery network and edge security in front of our public domains, including getfirepush.com and our app domains.
- Google LLC (Firebase Cloud Messaging) - used to deliver Web Push notifications to subscriber devices.
- Vonage (Nexmo) - primary SMS gateway used to send SMS campaign messages, and to rent the phone numbers used to send them.
- Vertex - additional SMS gateway used for SMS campaign delivery in certain regions.
- Crisp IM SAS - powers the live chat widget on our Website (loaded only if you open it) and our customer support chat in the app.
- Sentry (Functional Software, Inc.) - application error monitoring. May incidentally receive personal data contained in error reports.
- Digital Ocean / Laravel Forge - hosting and server management for the marketing Website at getfirepush.com.
A current list of our sub-processors, including their names and locations, is available on request by contacting [email protected].