When we first unveiled our Privacy Policy last month, some users were rightfully concerned that it appeared that we were reserving the right to spam them: the policy said that we might use the email address you provided when you registered to "contact you regarding services or products that we believe may be of interest to you." And that certainly sounds like spam.
When we set out to construct our privacy policy our lawyers gave us a generic policy which we adapted to the particulars of our service. The generic policy had in place the spam provision, which, in our haste to get the policy out the door, we neglected to curtail. That's been fixed now. We agree not to spam you unless you ask to be spammed; and even then, it seems unlikely that spam will ever be part of the Foxmarks experience. From where we sit, spam is, like, totally un-foxmarxian.
If you're interested, check out the Privacy Policy here.
Thanks for being so responsive to user concerns.
ReplyDeleteThe personalization concern is two-fold. To begin with, the phrase "we may vary the content you receive in future visits to the site based on your preferences and activities" is too often used in service of targeted marketing, as in Google's AdSense system. Additionally, people have an expectation of privacy for their bookmarks, and even if it is only a keyword-sniffing subroutine (and not a person) poking through their data, folks get upset. (I'm not personally upset by this clause, but I'm guessing that others are. Could be wrong.)
The "disclosure or use of information" opt-in could be part of the signup process, with a pre-selected checkbox and a message like "Allow us to use your data to study and report on how people use this service." Most people leave pre-selected options selected (according to some marketing study I read, once upon a time), and this gives folks an up-front choice which can be modified later.
As for the unsolicited email, perhaps you might make a distinction between newsletters and system messages. When a person signs up with a service, they are implicitly soliciting communications regarding their status as a client -- this includes policy changes, downtime warnings, upgrade requests, etc. "Newsletters", on the other hand, are optional communications, which require an explicit opt-in.
You might also make a clarification regarding where the information is collected, i.e. whether the Firefox extension does collection or whether it is only the server's job. (This is useful information for someone who wants to set up a private server to avoid privacy concerns.)