andrewbranch
commented
8 years ago Any status update on this?
Open andrewbranch opened 8 years ago
andrewbranch
commented
8 years ago Any status update on this?
andrewbranch
commented
8 years ago Guiding principles This document is intended to be an expression of transparency and good faith. It avoids legalese and technical jargon wherever possible. We take your privacy and security very seriously. We use technological best practices when it comes to transmitting, storing, and handling your data. In and beyond the specifics outlined here, we treat your personal information with discretion, using our best judgment.
Collection of anonymous user data By using the app, you:
Collection of non-anonymous user data Some features of the app are only available to users who personally identify themselves via name, phone number, a connected social profile, or other information. By providing us with that information and using those features of the app, you:
Availability of personal information
@JebHunt please comment with anything I am leaving out. Feel free to have others look over it. Once we polish it and organize it, maybe we should send to the CommComm.
JebHunt
commented
8 years ago Would you recommend separate privacy policies for the app and the website (FUMCPensacola.com)? Or one containing both?
andrewbranch
commented
8 years ago Separate. What I've covered here is pretty specific to the app.
We use Crashlytics and Answers as part of Fabric.io to collect crash reports and analytics anonymously. Using these services require that we disclose to users what we are collecting (Answers Agreement Section 9.1). Planned updates would potentially give us the opportunity to track users non-anonymously, which we should not do, but once those systems are in place it becomes especially important that we’re transparent about what we’re doing.
We should write a brief, plain-English privacy policy as soon as possible. To sum it up in my own words, we anonymously collect information about the device, conditions leading to a crash, and certain actions users take while using the app. We use that information to fix bugs and make informed decisions about improvements we can make, new features we can add, and the overall future of the app. This kind of information can’t be used to personally identify anyone. If we do gather information that can identify a user (e.g. in the future registering for a Wednesday night dinner or something), it will be prompted by the user’s actions that clearly indicate their (plural “their” was the word of the year in 2015) consent and intent to share that information, and will only share it with church staff and volunteers for administrative purposes at our discretion.
A non-exhaustive list of things we might collect during a crash:
Examples of user actions we might track:
We should also eventually amend this privacy policy with a description of how we treat the distribution of personally identifying information (PII) from the church directory... once we decide that, which will be the subject of an upcoming phone call. So far, my idea is to authenticate devices to access the directory data by an in-person request process. So basically, “we keep your directory contact information safe by only granting access to church members who we can personally verify, just as if we were physically handing them a printed copy. You can request the removal of your entry at any time by emailing [whoever].” Or something.
I think I want to remove the prayer request form, as it seems a bit of a privacy liability. What email it is sent to is controlled by an option in the database, and during testing it went to me. If we changed it back to me for more testing and forgot to change it again after that, or that email alias was deleted and it went to Kyle as the catchall, I don't want any of us to inadvertently become an eavesdropper on someone’s confession or something.