Loomio
Sun 13 Mar 2022 9:16PM

Privacy Policy (under construction)

TH Tim Huegerich Public Seen by 3

For now, the signup form contains this statement: "Your contact info will only be used for purposes directly related to empathy.chat"

Here are some potential exemplars we could follow in developing a more robust policy:

Please communicate any specific concerns or requests in this area.

MT

Makarios Tabor Mon 4 Apr 2022 1:38AM

The details of this is beyond my knowledge and experience, but it's important to be transparent and clear with users. There's the question of how empathy.chat directly uses people's info, but there's also the issue of how the platform itself stores/uses info, even if you don't do so yourself. Do you have an attorney review the Terms of Service and Privacy Policy for a website like this? Does Anvil have a template for how it stores/uses info for analytics, and so forth?

TH

Tim Huegerich Mon 4 Apr 2022 4:51PM

Yes, these are questions I've pondered. For now, I've been hoping to basically just ask users' trust in a simple way, to be able to focus on building and iterating, without the hassle of emailing updates to the Privacy Policy whenever I add a new feature. But maybe I should prioritize this?

A previous version of the site (back when it was called Empathy Spot) included the following text on the landing page, most of which is still true (the exceptions being that I haven't open-sourced the newer code yet and the site now solicits more information beyond just email address). Perhaps I should add an updated version of this to the Privacy Policy above?

> ### Is the website safe in terms of data security and privacy?

> The Empathy Spot prototype is built using Anvil, an easy way to create web apps. It is considered reputable in the Python development community. They seem to take privacy and security seriously. They use Amazon Web Services under the hood.

> The Anvil (python) code for Empathy Spot is open source, which doesn't provide much immediate reassurance but ultimately means that technically-inclined users will be able to inspect it themselves with regard to its privacy and security. In any case, the only information currently stored is your email address and activity on the site (basically, time stamps recording when you requested empathy and when you were successfully matched with someone for an empathy exchange). Any text chat logs are deleted once your empathy exchange is complete.

> One inherent risk in participating via video chat is the possibility that the other person will secretly record you and share that recording with others. It may also be possible to use your image or voice to determine your identity. Voice-only and text-only options are available to mitigate this risk.

> ### What is Jitsi?

> The video conferencing is provided via Jitsi, which is an open source project with an active community. It doesn't require account login, and it emphasizes privacy and security. It is owned by 8x8, which seems legit. (See this interview with Jitsi's founder for more on its origins.) The video conferencing is hosted separately from the Anvil webapp, so the Anvil app doesn't even see the video conference data.