Privacy Policy

1. Introduction

Firefly ("we", "us", or "our") operates the Firefly web application (the "Service"), an all-in-one marketing platform including SEO analysis, eCommerce management, QR code generation, Instagram analytics, content calendar, and more. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you sign in with Google, we receive your name, email, and profile picture from that provider.

Analysis Data

When you run an SEO analysis, we collect the URL(s) you submit and store the analysis results. This data is associated with your account if you are logged in.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, analysis counts, and timestamps.

Google Search Console Data

If you connect your Google Search Console account, we access search analytics (queries, clicks, impressions, CTR, position) and URL index status for the URLs you analyze. We store OAuth tokens to maintain your connection. You can disconnect at any time from Settings.

eCommerce / Shopify Data

If you connect your Shopify store, we access and store product data, collections, orders, customer information, cart data, checkout data, and webhook events. This data is synced to provide eCommerce management features within the dashboard.

QR Code & Scan Data

When you create QR codes, we store the QR code content and configuration. When scan tracking is enabled, we collect scan events including device type (mobile, desktop, tablet), user agent string, HTTP referer, and timestamp. We do not collect personal information about the individuals who scan your QR codes.

Instagram Data

If you connect your Instagram account, we access your profile information, posts, and engagement analytics through the Meta/Instagram API. OAuth tokens are stored to maintain the connection. You can disconnect at any time from Settings.

Google Analytics Data

If you connect your Google Analytics account, we access traffic data including sessions, page views, bounce rates, and conversions. OAuth tokens are stored to maintain the connection and can be revoked at any time.

3. How We Use Your Information

• To provide and maintain the Service including all platform features
• To display SEO analysis results and reports
• To save your reports and analysis history
• To enable team collaboration features
• To display Google Search Console and Google Analytics data alongside your reports
• To sync and display your Shopify store data for eCommerce management
• To track QR code scans and provide scan analytics
• To display Instagram profile and post analytics
• To manage your content calendar and scheduling
• To track usage for rate limiting and analytics
• To communicate with you about your account or the Service
• To improve and develop new features

4. Data Storage and Security

Your data is stored securely using Supabase, which provides encryption at rest and in transit. We use Row Level Security (RLS) policies to ensure users can only access their own data. OAuth tokens for Google Search Console are stored encrypted in our database.

While we implement industry-standard security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

5. Third-Party Services

We use the following third-party services:

• Supabase — Authentication and database hosting
• Google PageSpeed Insights API — Performance and Lighthouse score data
• Google Search Console API — Search analytics and index status (only if you connect your account)
• Google Analytics API — Traffic and conversion data (only if you connect your account)
• Shopify API — eCommerce store data (only if you connect your store)
• Instagram / Meta API — Social media analytics (only if you connect your account)
• Google OAuth — Optional third-party sign-in

Each third-party service has its own privacy policy governing how they handle your data.

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share data in the following circumstances:

• Team members — Reports shared within your team are visible to other team members
• Shared report links — If you share a report link, anyone with the link can view that report
• QR code scans — Scan tracking data is associated with your QR codes but does not identify the individuals who scan them
• Legal requirements — If required by law, regulation, or legal process

7. Your Rights

You have the right to:

• Access your personal data through the Settings page
• Update your profile information at any time
• Delete your reports and QR codes from the dashboard
• Disconnect third-party integrations (Google Search Console, Google Analytics, Shopify, Instagram)
• Request deletion of your account and all associated data by contacting us

8. Cookies

We use essential cookies to manage authentication sessions. These cookies are necessary for the Service to function and cannot be opted out of. We do not use advertising or tracking cookies.

9. Children's Privacy

Our Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us through the application.