Remix.run Logo
soumyadeb 7 hours ago

RudderStack founder here.

Although the article doesn't accuse us of doing anything improper, we weren't contacted for comment, so I'd like to clarify our role.

We are customer data infrastructure, not a data broker. We do not buy, sell or monetize the customer data that passes through our systems.

Our role is analogous to infrastructure: customers choose what data to send, and RudderStack routes that data to the destinations they configure (analytics tools, data warehouses, marketing platforms, etc.). The customer owns the data and decides where it goes; RudderStack does not repurpose it for its own business.

Infrastructure providers like us should be held to high standards for security and privacy, but we should not be confused with companies that collect or monetize end-user data.

dijksterhuis 5 hours ago | parent | next [-]

fyi you can report an editorial issue via email https://www.bbc.com/news/55077304

soumyadeb 5 hours ago | parent [-]

Even this page is behind a paywall :)

Managed to copy the email though. Thanks for the pointer

inigyou 6 hours ago | parent | prev | next [-]

Are analytics tools, data warehouses, and marketing platforms the only types of destinations you support? Because if that's the case then your system appears to only be useful for privacy invasions.

soumyadeb 5 hours ago | parent | next [-]

And others - customer support, feature flags, personalization, data quality, machine learning, internal BI, operational databases, security systems etc.

Ultimately, RudderStack is infrastructure that moves first-party data between systems more like message queues.

6 hours ago | parent | prev [-]
[deleted]
hluska 6 hours ago | parent | prev | next [-]

The article did not accuse you of anything and went so far as to say “There's nothing unlawful going on, and there's no reason to think RudderStack (or any company mentioned in this story) is doing something nefarious.”

I’m struggling to understand why you would feel the need to comment. Or why you even think the BBC would have contacted you. This is one of those moments in PR where a response with no reason makes reasonable people wonder why.

soumyadeb 6 hours ago | parent | next [-]

My concern is that terms like "data management company" (and another article described us as an "analytics company") are broad enough that many readers could reasonably infer we're collecting, storing, or monetizing sensitive end-user data.

I wanted to clarify that distinction because we've already had people reach out asking whether we were involved in collecting or using this data.

Its bad PR for us

wavemode 4 hours ago | parent | prev [-]

I disagree. The article very clearly makes it sound like there is some reason RudderStack ought to be listed by name in the privacy policy of the Stardust app. When in reality, it would make no more sense to list them by name, than it would make sense to list AWS or CloudFlare or any other technical infrastructure through which customer data passes.

> Mozilla uncovered numerous privacy problems across various apps, but Stardust was the only one found sharing detailed reproductive health data with another company.

> The report found that Stardust sends users' health information to a data management company called RudderStack, which isn't named in its privacy policy. That data includes pregnancy status, birth control, moods, alcohol consumption and specific symptoms like tender breasts and stomach cramps.

> Companies often share data with outside services to process information and analyse user behaviour. There's nothing unlawful going on, and there's no reason to think RudderStack (or any company mentioned in this story) is doing something nefarious.

> However, experts say it's inherently risky when your data spreads to more places. It creates another opportunity for security breaches or legal requests for information. Besides, you may just be uncomfortable with another company seeing your health data.

> A Stardust spokesperson says the company only uses RudderStack as a "technical pipeline" to route data into its own analytics systems, and the app doesn't share anything that could allow RudderStack to identify your name or contact information. "Additionally, RudderStack is contractually prohibited from selling or using it for its own purposes," and RudderStack doesn't store the data long-term, the spokesperson says.

> "People deserve better," says Shoshana Wodinsky, a privacy research analyst who conducted Mozilla's tests. At the very least, she says, you should know what's happening.

soumyadeb 4 hours ago | parent [-]

Even the statement, "RudderStack is contractually prohibited from selling or using it for its own purposes," implies that the "contract" is what prevents us from selling customer data. In reality, that's not our business model and not how we operate.

Granted, that statement came from our customer and not incorrect, but these small things can be mis-interpreted.

6 hours ago | parent | prev | next [-]
[deleted]
_blk 7 hours ago | parent | prev [-]

Awesome insight. Thanks for clarifying! @bbc please update because there's definitely an implicit complicity in your article.

soumyadeb 6 hours ago | parent [-]

Will do. Thanks