We obviously care tremendously about your privacy. We want to be fully transparent with how the service works, at a superficial level but also regarding infrastructure. Our intention is certainly not to profit off your data in any way, but we keep the possibility open of offering additional paying services, with the intent of sponsoring the free ones.
Taking a wide view of what constitutes personal data, currently we collect your personal data in five ways:
- through the use of server logs;
- through our registration form;
- through a tracking cookie (under our control, via PikWik software);
- through the registration form with our mailing list service (now MailChimp, and it used to be TinyLetter);
- through responses you receive from data controllers, in the rare cases where this gets routed through us.
- is necessary to some extent for security reasons (and therefore we limit what we collect to the last month);
- is absolutely necessary for the functioning of our site, and corresponds to data you have directly submitted yourself.
- is not necessary, but helpful to understand how our site is used (we use PikWik to aggregate the data). This constitutes personal data to the extent that some parts of the site are only accessible once you are logged in, and to one person only (consequently, together with 2., the user becomes identifiable). We want in the near future to address this and only track on publicly viewable pages.
- is not necessary, but is helpful to us as we are starting up. We don’t expect there would be a significant impact to you in us using that service — but just to be sure we have done a Subject Access Request to MailChimp itself to evaluate what they collect and do process.
- is obviously the most concerning from an end user’s perspective. In an ideal world, through cryptography, we would like us to only see your personal data transit through our service in encrypted form. There is theoretically no technical hurdle for this. Unfortunately, this would require that data controllers are well-versed into those tools, and willing to use them, but the laws usually don’t mandate any standard there. We will offer the option soon, and hope to slowly change practices in the industry. Meanwhile, we promise to make our utmost to get controllers to route your personal data to you directly, and in the rare cases where this cannot be done that way, to not access your personal data, and to erase it upon request.
The only processing that we envision doing in the future and would not be apparent to our users is that we might “fingerprint” responses that individuals receive, in the rare cases where the response data is actually routed through us. This would consist of computing a hash, a one-way function, on the data received in a response. While it wouldn’t allow us to retrieve the original response content on its own, it would allow us to certify to a third party, to a high degree of certainty, that this response was in fact the original one. This would be done in your interest, with the expectation that it could be useful to prove you have not tempered with response content.
We will never sell any of your data and are committed to the interests of the end-users of the PersonalData.IO service.