To use F1, the user authenticates F1 to their service provider (gmail, twitter, facebook, etc.). Doing so results in the service provider sending F1:
In order to function, F1 needs to store all of the above information to be able to send on the user's behalf without asking for a reauthorization each time.
When a user sends a link, information about the action is stored, including: who sent it, to whom was it sent, using what service, when, and including the message and the link.
Mozilla collects this information to understand the usage of the service, and to improve it. Mozilla will not look at individual records, but instead run aggregate queries on data sets to understand the usage of the service on a population basis. Example aggregate analyses include: general number of shares/day, number of users/day, which service is more popular when, what is the distribution of number of sharing events per day per user.
Mozilla will not publish any individual records from this service. We will publish summary graphs showing aggregate service usage.
Sharing data records will be discarded after 30 days. Authentication data is retained forever, but users can revoke the authentication of F1 by their service provider using links provided by the F1 user interface.