User Data Rules and Restrictions
Last Modified: January 2, 2023
Prohibited Types of Data
You and the end users of your Applications are prohibited from collecting, uploading, storing, transmitting, displaying, modifying, or otherwise processing any of the following types of data in any Application you create using BFLUID:
- Unencrypted passwords and other login credentials, such as authentication tokens.
- Financial account information, such as credit or debit card numbers, bank account numbers, or other financial account numbers.
- Protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA) and applicable health privacy laws, such as an individual’s diagnoses, treatment information, medical test results, or prescription information that is created or shared by on or behalf of a healthcare provider or health insurance provider.
- Any data or information collected from children under the age of 13.
- Other sensitive data about an identifiable individual, including a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data, or sex life or sexual orientation.
Restricted Types of Data
The following types of data are only permitted in private Applications that are available only to selected end users who are approved by you. If you or the end users of your Applications intend to collect, upload, store, transmit, display, modify, and otherwise process any of the following types of data in any Application you create using BFLUID, you must sign up for a paid account.
- Sensitive financial information (other than account information), such as account balances, salary information, expense reports, and transaction details.
- Student data covered by the Family Educational Rights and Privacy Act (FERPA), such as grades, report cards, transcripts, class schedules, disciplinary records.
- Health information that is not covered by HIPAA or other privacy laws, such as symptom tracking or contract tracing information that do not collect from or share information with healthcare providers or insurance providers.