Chris Anderson Posted February 22, 2021 Posted February 22, 2021 (edited) I spent numerous hours crafting my Terms and Privacy Policies and and thought I had a pretty good handle on covering all of my bases. I would like to implement the IPS Community App and various Community Enhancements and Login Handlers in the future. I happened to come across the article below this evening and it got me thinking: How much personal data or inferred data this app might be trackable for each user and how one might best let members know so they can make an informed decision whether or not if they want to use the app or other third party services. Can another installed app interact with this one to extract data? As the amount of apps in use would be on the small side it probably wouldn't be worth it but the possibility still exists. Study reveals the scary amount of personal data apps can collect without your permission – BGR We have to trust that IPS, Google and Apple wouldn't use any data (or any bad actors with access to their systems) that could be conceivably extracted from the app or inferred from it but our customers should be made aware that data has the potential from being extracted during app usage via an entry in the "Third Parties" section of the privacy policy and probably in the Terms as well. I'm not sure exactly how that might best be communicated to protect ourselves and inform our customers. I am now using the following blurbs in my Terms and Conditions: Links to Third Party Sites/Third Party Services These Sites may contain links to other websites ("Linked Sites"). The Linked Sites are not under our control as such, we are not responsible for the contents of any Linked Site, including without limitation any link contained in a Linked Site, or any changes or updates to a Linked Site. Clicking on a Linked Site may expose you to various tracking services which might infer various personally identifiable details about you and your surfing habits. By clicking on such Linked Sites you accept such consequences and will not hold these Sites responsible for any adverse outcomes. These Sites provide these Linked Sites to you only as a convenience, and the inclusion of any Linked Sites does not imply endorsement of these Sites or any association with its operators. Certain services made available on our Sites or mobile app may be delivered by third party sites and organizations. By using any product, service or functionality not originating from our Sites or mobile app, you hereby acknowledge and consent that we may share such information and data with any third party with whom we have a contractual relationship to provide the requested product, service or functionality on behalf of our Sites or mobile app. Third Party Accounts While using your account on these Sites or mobile app you will likely utilize third party services. When such third party access occurs, you acknowledge and agree that you are consenting to the continuous release of information about you to others (in accordance with our privacy policy and published third party site privacy guidelines). If you do not want information about you to be shared in this manner, do not use these Sites or mobile app. A good start but probably could be improved upon by the community. Please note I depersonalized it in order to be suitable for other sites. My Terms and Privacy Policy is filled with legalize. Believe me I would prefer to keep things simple but being too simple opens one up to potential legal jeopardy. If the mobile apps is enabled in the ACP one would hope that entries for Apple and Google would be added to the Third Parties Section with links to their privacy policies. Also any login handlers or community enhancements should have entries posted as well. If such functionality doesn't exist or we can't add to the list ourselves, then not including such functionality might be a better approach. We could simply add a "Third Parties" section ourselves and populate it with all of the appropriate third party services used by IPS as well as any utilized by marketplace or custom apps. Edited February 22, 2021 by Chris Anderson Jordan Miller 1
Linux-Is-Best Posted February 22, 2021 Posted February 22, 2021 (edited) I will be candid with you and straightforward. YES, anything you add to your website, embed on your website, or enable onto your website can and will further allow tracking and data collection. Even your users, hotlinking a harmless photo, can trigger further monitoring and data collection. Yes, 3rd parties will collect your information and all your users too. Suppose you are using Google login and Google Analytics (for example). In that case, Google will include several tracking cookies well beyond your website's interactions. Facebook login will add their own cookies to track your users for a month or more. Long after they sign off your site and logout off Facebook, assuming they do not clear their browser history. Do you plan to have advertisements on your website? More tracking there too. And I am only covering the cookies aspect on a desktop or laptop. Within a month's time (if not less), your name, address, phone number, e-mail address, where you shop, what you like to browse, and much, much more are now out there. Suppose your user is using a mobile device such as a cellular phone or tablet. In that case, they're even deep into the spider's web (metaphorically speaking). But I digress. YES, anything you add to your website, embed on your website, or enable onto your website can and will further allow tracking and data collection. Even your users, hotlinking a harmless photo, can tricker further monitoring and data collection. Invision has provided an excellent example within their own privacy policy of how to word such a document. https://invisioncommunity.com/legal/privacy/ Edit: I see you have updated your post. Originally you had worded this as more of a question. I think you did an excellent job wording this. Edited February 22, 2021 by Linux-Is-Best more because OP edited their post Jordan Miller 1
Chris Anderson Posted February 22, 2021 Author Posted February 22, 2021 It might be nice to create and make a updateable list of all third parties utilized by IPS and the marketplace complete with links to their privacy policies that we could readily copy and past into ours.
Recommended Posts