alex-phillips
commented
3 years ago Also interested in this.
Closed nomandera closed 3 years ago
alex-phillips
commented
3 years ago Also interested in this.
turbo124
commented
3 years ago This is the line of code:
We don't require volumes of data, and we are also very conscious of peoples privacy, however there are scenarios when we may need to reach out to users who have installed our software (the main one being a discovered security flaw in the software where disclosing this information directly is the best method), as such I don't see us changing from our current systems.
nomandera
commented
3 years ago Thank you for taking the time to consider and reply to this ticket; highlighting the code where PII is submitted.
I continue to appreciate the openness of your approach to privacy and telemetry however I do struggle to understand your specific answer in this context as it appears to be circular:
e.g. there are scenarios when we may need to reach out to users who have installed our software would not be possible regardless as by very definition these users would have opted out by legal email and you would no longer have their contact information to use anyway.
All we seem to have done is create a unnecessary hurdle and a situation where the initial leak of information is unavoidable.
To be clear I am not suggesting this opt out is enabled by default only that it is available to those that want (and in some cases must) not leak confidential information.
grokky1
commented
3 years ago Also interested in this
turbo124
commented
3 years ago We don't have any plans to change this. I think we've made it clear in the ToS and Privacy policy what we collect. From there it is up to the end user to make decisions based on their own preferences.
SKFrozenCloud
commented
2 years ago This is the line of code:
We don't require volumes of data, and we are also very conscious of peoples privacy, however there are scenarios when we may need to reach out to users who have installed our software (the main one being a discovered security flaw in the software where disclosing this information directly is the best method), as such I don't see us changing from our current systems.
The only PII that function sends is first_name, last_name and email but in the self hosted privacy data control:
https://www.invoiceninja.com/self-hosting-privacy-data-control/
There are more (optional) PII. When and where in the code are they submitted?
turbo124
commented
2 years ago @SKFrozenCloud I believe that data would be submitted if the user purchases a white label license. @hillelcoren can you confirm?
hillelcoren
commented
2 years ago Yes, that's correct
What version of Invoice Ninja are you running? ie v4.5 / v5 V5.1.13
What environment are you running? Docker
Have you searched existing issues/requests? Yes
Screenshots Not applicable
Additional context I am unable to locate the v5 code that submits the collected data as described in https://www.invoiceninja.com/self-hosting-privacy-data-control/
Could you indicate where in the code the PII is sent?
Would you consider the addition of an opt-out variable that can be defined at install rather than having to email your legal department?
I should note that I appreciate the level of openness of detail as described in
https://www.invoiceninja.com/self-hosting-privacy-data-control/ https://www.invoiceninja.com/self-hosting-terms-service/
but I would like to have, as a private person, better proactive rather than reactive control over this information.