WingNews logo WingNews GitHub [2]

termsfeed's comments

termsfeed | 7 years ago | on: Ask HN: US based SAAS company, no EU clients. Should we do anything about GDPR?

GDPR applies to company doing business in the EU and/or have customers from the EU.

If your app doesn't allow EU users but if your marketing website uses third party tools such as Google Analytics, email marketing, and you don't block EU users from visiting the marketing website, you may need to have a look at GDPR requirements for compliance.

termsfeed | 7 years ago | on: Ask HN: How to make your Google analytics and Adwords account GDPR compliant

Hopefully this helps.

> Google Analytics: > - Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?

If you only want to disclose what kind of personal information you collect, you don't need special clauses. Simply disclose what personal information you collect.

However, a Privacy Policy should include:

- What personal information you collect - What are you doing with that information (the purposes) - What controls users have - Whom you share the information with (third parties)

> Google Analytics: > - Have a cookie consent banner for EU that is opt-in i.e. no tracking cookies are set until the user says so. Hardly anyone is doing this yet.

You can have a look at https://privacypolicies.com/cookie-consent/ as it's easy to implement with jQuery to categorize non-important cookies to not load before you get consent from users.

> Google Analytics: > - Use anonymizeIP function in google analytics i.e. : ga('set', 'anonymizeIp', true);

Yes. This article, aimed at Rails developers, can help as well:

https://pawelurbanek.com/gdpr-compliance-blog-rails

> Google Adwords: > - Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?

Same as above.

> Google Adwords: > - If you are using re-marketing, either disable it or let it be known in privacy policy ?

You should disclose it in your Privacy Policy and inform users how they can opt-out from behavioral remarketing done by AdWords cookies.

termsfeed | 7 years ago | on: Ask HN: GDPR Boilerplate Terms of Service

Just to clarify, there's a difference between a Terms of Service and a Privacy Policy [1]:

- A Privacy Policy describes the types of data you collect, how you collect it, and what you do with it.

- A Terms of Service acts as a contract between you and the user that indicates the requirements, limitations, and standards involved in using your website / app.

GDPR impacts Privacy Policies more than it does Terms of Service agreements. Over at TermsFeed, we're looking to see if GDPR impacts other agreements such as the Terms of Service or EULA or a Disclaimer, but so far GDPR is really about privacy practices and Privacy Policies.

[1] https://www.slideshare.net/termsfeed/differences-between-com...

termsfeed | 7 years ago | on: Ask HN: Bootstrappers, how are you implementing GDPR?

You can start with a review of what kind of personal data you collect, if data is only "personal data" or it includes "sensitive personal data".

Then, consider how to get consent from users. A passive way of getting consent would not work under GDPR. You can look at the examples with those "I agree with..." type of checkbox (also called clickwrap) for inspiration how to get consent.

Then, take in consideration the user rights under GDPR and how you'll help users in this matter: right to update data, right to delete data, right to data portability and so on:

https://gdpr-info.eu/chapter-3/

We've released a small presentation on SlideShare titled "GPDR Compliance Plan" that might useful:

https://www.slideshare.net/termsfeed/gdpr-compliance-plan

termsfeed | 7 years ago | on: Ask HN: Regarding GDPR and 3rd party database hosting providers

You don't need to move data to an EU region, but you should disclose that data is moved internationally (ie. outside the EU). This is generally done through a "Transfer of Data" clause that looks like this:

https://termsfeed.com/blog/wp-content/uploads/2018/03/adobe-...

An example of consent from VSCO app for EU users to agree that data will be transferred outside the EU:

https://termsfeed.com/blog/wp-content/uploads/2017/10/vsco-e...

termsfeed | 8 years ago | on: Ask HN: GDPR compliance for a systems-oriented SaaS

Email address + billing address is personal data.

The minimum requirements for SaaS would be:

- Having a Privacy Policy. Among other things, specific identify the Data Controller (you), inform users of their rights (there are 8 rights under GDPR), whether you transfer data internationally (EU>US), and others.

- Getting active consent from users. Under GDPR, you must request a "clear, unambiguous affirmative consent" from users. The "clickwrap" method of design might be good to follow.

We shared a quick "GPDR Compliance Plan" video on YouTube a while ago that might be useful: https://www.youtube.com/watch?v=K2F9HEhTpSg

termsfeed | 8 years ago | on: Ask HN: How to comply with EU GDPR?

GDPR allows you to store user data. It just adds more requirements about the collection, usage and sharing of user data.

For example, it emphasizes getting proper consent from users ("active consent"). You can find examples of this under the name "clickwrap", which is the "I agree to..." type of checkbox. [1] ; There are also additional requirements to keep in mind for your app [2]

- You need to disclose data retention (how long are you planning to retain user data) - User choices - Disclosing if you're the data controller or data processor - Disclosing the data processors you work with (Google Analytics, Mixpanel)

[1] https://termsfeed.com/blog/browsewrap-clickwrap/

[2] https://www.slideshare.net/termsfeed/gdpr-privacy-policy

termsfeed | 8 years ago | on: Ask HN: Do I need a terms of service?

You may need a Terms of Service but also a Privacy Policy, which is required by law if you collect personal data.

The Privacy Policy is also required by Mixpanel. If you're using the tracking tool it means that you're agreeing with the terms of Mixpanel (https://mixpanel.com/terms/). The terms require you to inform users that you are using Mixpanel. You also need to inform users about the opt-out policy of Mixpanel.

>>> include a notice about the Mixpanel opt-out for Customer’s site and the Mixpanel opt-out link in Customer’s privacy policy or in a notice on Customer’s website(s). >>> Terms of Use of Mixpanel

The Terms of Service agreement isn't usually required by law but you can use it to include guidelines and rules for users to agree with and follow if they want to join your community (i.e. no spamming other users, no abusive accounts etc.)

Hopefully our two presentations on these agreements will help you:

1. What's a Privacy Policy --> https://www.slideshare.net/termsfeed/the-privacy-policy-agre...

2. What's a Terms & Conditions --> https://www.slideshare.net/termsfeed/whats-a-terms-and-condi...

Also, it's important to research how to integrate and get consent to the legal agreements you make available to your users. For this, research "clickwrap".

termsfeed | 8 years ago | on: Do I need privacy policy or TOC for Landing page?

Generally you might need a Privacy Policy as you may be collecting personal data through the landing page: email address, first and last name, and so on. The Privacy Policy is required by law [1].

However, depending on your type of landing page you might not need the policy:

- If the page is just a click-through page (i.e. the user would click through to reach another part of your website), you don't collect data from users directly. - If the page is a lead generation page, then you're most likely collecting data from users directly (i.e. web forms) and you'll need the policy.

Keep in mind that regardless of the landing page if you use analytics tools (like Google Analytics) or you have the remarketing code added (Google Analytics remarketing, Facebook pixel etc.) you'll need the policy.

The Terms & Conditions is not usually required by law but it's useful to add it when users are submitting personal data to you.

Look at the "clickwrap" implementation methods as well.

[1] We have a presentation on this requirement here: https://www.slideshare.net/termsfeed/privacy-policies-are-ma...

termsfeed | 8 years ago | on: Is it ok to copy the TOS or PP from another site and modify it for my own uses?

As rsto mentioned you can copy the agreements from Automattic as they released their Terms of Service and Privacy Policy under the Creative Commons Sharealike license [1]. However, it's important to consider that their legal agreements are suitable for their own business needs, their own website functionality, and so on [2].

A few things to look after in the Terms of Service for a SaaS app:

1. Payment terms. A "Subscription" clause can let users know exactly how subscriptions work for your app, that billing occurs in advance on a recurring basis (monthly or yearly), that subscriptions can automatically renew unless canceled (for example).

2. User-generated content. A "Your Content" clause can outline users' retained ownership of data as content created by users in an app would most likely be proprietary content.

For the Privacy Policy you can look at:

1. Communications. A disclosure to inform users that you may contact them with promotional and transactional emails.

2. A Business Transaction or Transfer clause.

[1] https://en.wordpress.com/tos/, https://automattic.com/privacy/

[2] https://termsfeed.com/blog/no-privacy-terms-wordpress/

termsfeed | 8 years ago | on: Do you need a lawyer/professional to write an iOS app privacy policy?

It depends on your business and app functionality. As we've written here [1], have a look at what Privacy Policies usually need to disclose:

- What kind of personal information you collect from users

- How do you use that personal information

- If you share this information with third parties

- If third parties can collect personal information through your app

- How can users access and change the personal information you collected

For example, if you're about to display ads through Google AdMob in your iOS app, then read AdMob Behavioral Policies [2]. At the "Personalized advertising" section, Google makes it clear that it may show interest-based ad to the users of your app and that any apps using AdMob must update their Privacy Policies to reflect this:

> Additionally, your app's privacy policy may need to be updated to reflect the use of personalized advertising (formerly known as interest-based advertising) served via the Google Mobile Ads SDK.

[1] https://www.quora.com/What-do-privacy-policies-typically-inc...

[2] https://support.google.com/admob/answer/2753860?hl=en&ref_to...

termsfeed | 9 years ago | on: Introducing the Invisible reCAPTCHA

To use the reCAPTCHA service you must agree to its Terms of Service agreement that clearly specifies that you must inform users on the collection and use of the data collected by reCAPTCHA + get consent from EU users [1]:

> You acknowledge and understand that the reCAPTCHA API works by collecting hardware and software information, such as device and application data and the results of integrity checks, and sending that data to Google for analysis. Pursuant to Section 3(d) of the Google APIs Terms of Service, you agree that if you use the APIs that it is your responsibility to provide any necessary notices or consents for the collection and sharing of this data with Google. For users in the European Union, you and your API Client(s) must comply with the EU User Consent Policy [...]

The "EU consent policy" from Google is here:

https://www.google.com/about/company/user-consent-policy.htm...

[1] https://termsfeed.com/blog/privacy-policy-recaptcha/

termsfeed | 11 years ago | on: TermsFeed – Privacy Policy Generator

We're aware of this on the Free Agreements and looking into it.

As replied below, we're looking to extend these Free Agreements to include much more clauses to make them more attractive.

page 1
more