Privacy Policy
Effective Date: September 16, 2025
This Privacy Policy describes how the Mozilla Data Collective (“Collective”), a project of the Mozilla Foundation (“MDC,” “us,” “we,” “our”) collects, uses, discloses, and protects your information in connection with MDC’s owned and operated websites, currently available at https://datacollective.mozillafoundation.org/ (the “Site”), MDC’s datasets that we host or make available on behalf of our dataset contributors (the “MDC Datasets”), and any other products, services, features, or applications provided by MDC (collectively, the “Services”).
If you have any questions or concerns about this policy, email us at mozilladatacollective@mozillafoundation.org.
TABLE OF CONTENTS
Information We Collect
Use of Information
Disclosure of Information
Your Rights and Choices
International Data Transfer
Data Retention
Protection of Information
Children Under 13
Updates and Changes to This Policy
Contacting Us
1. INFORMATION WE COLLECT
a. Information You Provide to Us:
When you use or interact with us through our Services, such as when you use our Site or register to receive MDC Datasets, you may provide the following types of information to us:
Registration information, such as your name, email, information related to your organization (such as the organization name), and any other information you provide in connection with signing up for the Services;
Payment information (we don’t collect this information directly; our payment processor processes payments on our behalf);
Commercial information, such as a record of the content on our Site that you experience, or details about your purchases and other interactions with us;
Rough geolocation (which may be inferred from your IP address);
Interactions you initiate or otherwise have with the MDC team,
Other information or identifiers you provide to us, such as for business, billing or payment purposes; and
In limited cases, such as where you request access to particular types of MDC Datasets, we may request additional documentation to verify your ability to access such Datasets, which may vary based on the circumstances.
b. Cookies and Other Technologies
Through our online properties, using platform analytics technology, we may collect information from your computer or other device by automated means such as cookies, web beacons, local storage, JavaScript, mobile-device functionality and other computer code. This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers, other device information, Internet connection information, as well as details about your interactions with the relevant website, email or other online property (for example, the URL of the third-party website from which you came, the pages on our Sites that you visit, and the links you click on in our website). In some cases (such as cookies), the tools described here involve storing unique identifiers or other information on your device for later use. We and certain analytics technology, such as Google Analytics, may use this information to better understand how our users use our Services.
c. Information From Third Parties and Certain Mozilla Projects
We act as a vendor with respect to the MDC Datasets provided by contributors to the Services.
In order to provide the MDC Datasets, we also rely on Mozilla’s Common Voice datasets and other data we receive from contributors. This data includes voice recordings and voluntarily-provided demographic data (such as information that was voluntarily tagged to the recordings, including accent, age, and gender). This dataset is released without any associated personal information or personal data, i.e., the released audio segments are not reasonably linkable by a listener to any individual or device.
Additionally, as part of providing the MDC Datasets, we work with data providers to host and/or make available their datasets on our Services, which may include without limitation, voice recordings, audio and text data, images, documents, and other information that may relate to individuals. As noted above, we act as a vendor to the provider of these.
We may also receive information from entities, including our service providers, affiliates, and partners such as analytics technology, payment processors, and publicly available sources, such as social media websites.
We may combine the information we collect about you from these various sources and treat it in accordance with this Privacy Policy, for the purposes of delivering the MDC product to you.
2. USE OF INFORMATION
We and our vendors and service providers use the information described above for the following purposes:
Manage and improve the Services generally;
Process your registration and verify your information;
Facilitate access and purchases through the Services;
Send you confirmations, updates, security alerts, and support and administrative messages;
Conduct platform promotion and update marketing activities (including by email or social media);
Conduct business operations such as auditing, security, fraud prevention, invoicing and accounting, analytics (including with analytics technology), and research and development;
Analyze your use of the Services (such as understanding interactions on the Site and with the MDC Datasets) to understand how our users use the Services and improve the Services, including with the help of analytics technology;
Protect against, identify, investigate, and respond to misuse of the Services or other unlawful behavior;
Address legal requirements;
Establish, exercise, or defend our legal rights; and
Create aggregated or de-identified information.
Legal Bases for Processing. The laws in certain jurisdictions (such as those in the European Union and United Kingdom), require us to inform you of the "legal bases" on which we process your information. The legal bases for using your information as set out in this Privacy Policy are as follows:
Where we need to perform the contract we are about to enter into or have entered into with you for the Services.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Where we have your consent to process your information in a certain way.
3. DISCLOSURE OF INFORMATION
We may disclose your information as follows:
To vendors and service providers: We disclose information to companies that provide services to us, such as for data storage, payment processing, analytics, security, fraud prevention, billing, collections and marketing. We may engage a vendor to help us host or operate any aspect of the Services, including any mechanism through which we send or receive communications, such as our email systems and our Site.
To analytics providers: We disclose information about you to our analytics provider to help us better understand your use of the Services and customize the Services. You may opt out of having Google Analytics use your information for analytics by installing the Google Analytics Opt-out Browser Add-on.
To affiliates: We may disclose information to current or future parents, subsidiaries, affiliates, and other organizations under common control or ownership with MDC.
To participants of the MDC: As part of providing the MDC Datasets, we may disclose datasets containing voice recordings and other information to individuals participating in the Collective. In some cases, dataset contributors may require certain basic information (such as name, affiliation, and contact information) prior to allowing other members to access their dataset.
In connection with legal matters: We may disclose information when we believe disclosure is appropriate due to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency; or as otherwise required by law.
For the protection of MDC and others: We may disclose information when we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our organization, our employees, our partners, or others; and to enforce our contracts.
In connection with mergers or acquisitions: We may disclose information to an entity that acquires all or any part of our assets or in a merger or acquisition, or in connection with due diligence for a proposed transaction.
In other situations: We may also disclose your information in other situations where legally permitted, including in order to perform tasks or services that you have requested.
We may use and disclose appropriately aggregated or de-identified information for any purpose.
4. YOUR RIGHTS AND CHOICES
a. Marketing Communications
You can unsubscribe from MDC marketing emails by clicking the unsubscribe link in a marketing email or contacting us at mozilladatacollective@mozillafoundation.org.
b. Cookies and Other Similar Technologies
You can make certain choices regarding the use of cookies and similar technologies. If you replace, change, upgrade or reset your browser or device, or delete your cookies, or if you use a browser that automatically clears your cookies, you may need to update your choices again.
As mentioned above, you may be able to set your browser to refuse certain types of cookies, or to alert you when certain types of cookies are being used. Some browsers offer similar settings for HTML5 local storage and other technologies too. However, if you block or otherwise reject all cookies, local storage, JavaScript or other technologies, certain websites may not function as expected.
We do not respond to browser-based do-not-track signals.
c. Rights Regarding Your Information
Depending on where you live, your local laws (including those in the European Union, United Kingdom, Colorado, Delaware, Maryland, Minnesota, New Jersey, Oregon, and elsewhere) may provide you certain rights regarding your information, including:
Right to know the categories and specific pieces of personal information we have collected, used, or disclosed;
Right to delete, correct, or update your personal information;
Right to prevent the processing of your information for direct marketing purposes (including any direct marketing processing based on profiling, if any);
Right to restrict the way that we process and disclose certain information about you;
Right to object to certain processing of your personal information;
Right to revoke your consent for the processing of your personal information;
Right to be free from discrimination for exercising your rights; and
Right to data portability.
Additionally, subject to certain restrictions, residents of certain states, like Minnesota and Oregon, can request a list of the specific “third parties” (as that term is defined under applicable law) to which we have disclosed personal information, and Delaware and Maryland residents can request a list of the categories of such “third parties.”
Please note: Your rights and our responses will vary based on your state or country of residency. You may be located in a jurisdiction where we are not obligated, or are unable, to fulfill a request. In such a case, your request may not be fulfilled.
If you would like information regarding your rights or would like to make a request (or if you are an authorized agent acting in accordance with applicable law), please email us at mozilladatacollective@mozillafoundation.org.
We will take reasonable steps to verify your identity and requests, including by verifying your account information, residency or the email address you provide. If you are an authorized agent submitting a request on behalf of another individual, we may require proof of your written authorization before processing the request.
Certain information may be exempt from such requests under applicable law such as information we retain for legal compliance and to secure, provide and audit our Services. We may need certain information in order to provide the Services to you; if you ask us to delete it, you may no longer be able to use the Services.
Residents of certain jurisdictions (such as US states including Colorado, Delaware, Maryland, Minnesota, New Jersey, and Oregon) may appeal the denial of a request by emailing us at mozilladatacollective@mozillafoundation.org.
d. Notice of Right to Opt Out
Residents of certain US states (such as Colorado, Delaware, Maryland, Minnesota, New Jersey, and Oregon) also have the right to opt out of the “sale” of your personal information or or our processing/sharing of your information for online targeted advertising purposes (which we don't do).
Certain privacy laws, like those listed above, define the “sale” of personal information to include selling user data to random third parties for money, like a data broker does—something we have never done. But they also define “sale” and “sharing” in a broader sense that includes some more common practices. For example, a "sale" includes our use of certain analytics services, where our analytics partners can see the website visitor’s IP address and other browser/device data as part of that process. We’ve done that within the last year and plan to continue to do so. The terms “sale” and “sharing” also cover use of certain advertising services, like if we were to pay a third-party website to serve ads for us to individuals that we specify by giving that website a list of those individuals’ email addresses (or hashes of those email address), or if we were to pay an ad tech company to place a cookie on the browser of a visitor to our website so that the user can see an ad for our Services on other websites. We have not "sold" or "shared" information for such advertising purposes. You can opt out of such disclosures by clicking the “Your Privacy Choices” link on our website footer, or designate an authorized agent to do so on your behalf. Note, if you use a cookie blocker such as Ghostery, it may block visibility of this tool or link, including in your web footer. If you have enabled a legally recognized browser-based opt out preference signal (such as Global Privacy Control) on your browser, we recognize such preference in accordance and to the extent required by applicable law.
Please note that you must opt out on each device and each browser where you want your choice to apply. Your preference may be lost if you clear, or your browser is set to clear, cookies.
e. Shine the Light (California only)
California’s Shine the Light Law (CA Civil Code § 1798.83) allows residents with which a business has an established business relationship to request a list of the third parties to which the business has disclosed certain “personal information” (as specifically defined by the Shine the Light law) during the preceding year where the business knows or reasonably should know that the third parties used the personal information for the third parties’ own "direct marketing purposes,” defined by the Shine the Light law as the use of personal information to solicit or induce a purchase, rental, lease, or exchange of products, goods, property, or services directly to individuals by means of the mail, telephone, or electronic mail for their personal, family, or household purposes. However, the business is not required to provide this information where the business adopts and discloses, in its privacy policy, a policy of not disclosing “personal information” to third parties for their “direct marketing purposes” 1) unless the resident first affirmatively agrees or 2) if the resident has exercised an option that prevents that information from being disclosed. Mozilla maintains such a policy and thus is not required to provide this information. Mozilla does not engage in any disclosures in which it knows or reasonably should know that the third parties use the personal information for their own direct marketing purposes as defined by Shine the Light. However, Mozilla provides California residents the ability to exercise rights under the California Consumer Privacy Act (“CCPA”) to opt out of “sales” and “sharing” of their personal information for cross-context behavioral advertising. Such opt out would apply to disclosures covered by Shine the Light if applicable. Please visit the Your Privacy Choices link in the website footer to exercise those CCPA rights.
5. INTERNATIONAL DATA TRANSFER
We are headquartered in the United States, though we generally store the information described in this Privacy Policy in the European Union. There may be circumstances where your data is transferred to another country, such as the U.S. If you are located elsewhere in the world, then certain of the privacy laws applicable to that information may not provide as much protection as the laws of your country where you live. For this reason, your personal information may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of any of the countries where we (or the recipients of disclosures mentioned in this Privacy Policy) operate, pursuant to the laws of such countries. However, this Privacy Policy applies to MDC’ operations worldwide. To the extent that personal information is transferred from the European Economic Area (“EEA”) and the UK to any non-EEA members of our group or third-party processors who handle the information solely on our behalf, we will take appropriate measures to ensure such companies protect your information adequately in accordance with this Privacy Policy. These measures include signing Standard Contractual Clauses in accordance with EEA and UK data protection laws to govern the transfers of such data. For more information about these transfer mechanisms, please contact us as set out below.
6. DATA RETENTION
We keep your information until after we determine it is no longer necessary for the purposes described in this Privacy Policy and we are not legally required to retain it for longer.
7. PROTECTION OF INFORMATION
To help protect personal information, we have put in place physical, technical, and administrative safeguards. However, no such safeguards are 100 percent effective. Therefore, we cannot assure you that data that we collect under this Privacy Policy will never be used or disclosed in a manner that is inconsistent with this Privacy Policy.
8. CHILDREN UNDER 13
Our Services are not intended for persons under 18 years of age. If you are a parent or legal guardian and think your minor child has given us personal information, please contact us at mozilladatacollective@mozillafoundation.org so that we can delete it.
9. UPDATES AND CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time, such as to reflect changes in our practices or for legal reasons. We will post those changes here or on a similarly accessible page.
10. CONTACTING US
If you have any questions or comments regarding our privacy policy and practices, or to submit a request or complaint, please email our privacy team at mozilladatacollective@mozillafoundation.org