Not a day seems to pass without hearing of a new scandal involving tech companies doing unscrupulous things with customer data. For many years now the trend has been toward ever more sophisticated visitor monitoring and personal information collection. Sign up in good faith to one service and before you know it your data is everywhere on the internet.
To be honest, in previous versions of our terms and conditions, we never paid particular attention to the issue of privacy. This isn't because we weren't keeping customer data private; in fact the opposite: we just never even considered doing anything else. We make money by building great software, not by surveilling our customer base or selling their data. So we didn't think too much about it; we just put up a fairly standard looking privacy statement, and went back to work.
However it has reached a point where we can't just ignore the noise going on around us. Understandably many internet users are now putting privacy considerations at the top of their priority list when it comes to choosing services, and looking for a candid description of this aspect from the outset.
So this time around we decided to spell out exactly where we stand on this issue, and provide a complete breakdown of what we do with the information we collect. (Spoiler: we don't collect much information, and we don't share it.)
Our General Philosophy:
We treat client confidentiality very seriously, and are strongly against misuse of your data. To reinforce our commitment to privacy we recently decoupled ourselves completely from external third party services. We use only self-hosted or home-grown code, and by default do not transmit any information beyond our own servers (ie. no cloud-hosted chat servers, Google Analytics etc.) However, we may use third party services with your consent (e.g. code hosting platforms such as GitHub).
The Practical Details:
Yes, this is the most devious thing we do: monitor the traffic on our
website. Pretty much every website does this, but we point it out
because in fact it is the only information we collect that you did not
deliberately give us. We record the information present in the
requests that are made on our site, and we determine the approximate
location (normally the city or area) the request was made from. We do
this to obtain statistical feedback on things like marketing campaigns
and popularity of web pages and applications. In other words we do it
to try and improve our services. We are interested primarily in
statistical trends and not individual activity. We keep this
information on our own servers, we do not share it, and we delete it
after 6 months.
Note that we DO NOT block VPNs or anonymizer software. We believe you have the right to surf anonymously if you so desire. You are more than welcome to thwart our website analytics by using such software. (If you want any advice on how to do this, then feel free to ask!)
Aside from website analytics, we only collect data you voluntarily supply to us. If you subscribe to newsletters, product updates or other notification services, we will only send you the thing you signed up for. We keep the name and email address that you provided on our own servers. We keep this database securely and do not share it with any third parties. When you cancel a subscription (normally via a link in any of the subscription emails) your name and email address will be deleted from the database - i.e. they will actually be physically removed so we no longer have them in any form (the record will not just be marked "unsubscribed").
When you create a user account with one of our web services, we ask you to provide a username and password. Generally we do not need to know any other information, such as your real name, address etc. However, it may be necessary to provide these to sign up for certain services (e.g. receiving merchandise by post). All the information you provide related to your user account will be stored on our servers and will not be shared with any third party. If you choose to delete your user account(s) all associated records will be physically deleted from our servers (and not just marked "deleted").
The password you provide will be transformed via a cryptographically secure salted one-way hashing algorithm before storage, and we will not keep a copy of the plain text password. This means we will be able to verify your password matches when you log in, but we (or anyone else) will not be able to deduce your password.
We cannot guarantee other service providers use similarly secure practices, so we recommend you use a different password for each service you sign up for.
We offer credit card payment for some of our services. However, we only present a gateway to dedicated credit card payment providers (Stripe, Paypal etc.) When you pay by credit card the information required to make the payment is submitted directly to the payment provider. The information is not transmitted via our servers and we do not keep a record.
This is perhaps the most important section of this statement, as it refers to our core business. When you contract us to develop software for you, you become our client. We are strongly committed to keeping all aspects of our business relationship confidential. This means an iron-clad promise to keep all communications, agreements and project information strictly to ourselves. Our developers all sign non-disclosure agreements with a specific emphasis on client confidentiality.
When we develop software for you we DO normally ask broader questions about how the software will be used, who the target audience will be and other similar questions to ascertain how your project fits into a bigger picture. We do this because we want to be able to offer our expertise not just on technical details, but also on business development and growth strategy. We want to help you avoid wrong roads. We want your business to succeed - because then you'll keep using our services!
However, we can still provide services for you if you DO NOT want to tell us this kind of information. We can operate strictly on a need-to-know basis if you so desire. Generally our agreements are structured so usage of the software we produce is your responsibility, which means we don't even need to know how you are going to use the software, if you don't want to tell us this.
We can suggest a non-disclosure agreement; alternatively we are usually happy to sign one that you provide.