| ▲ | wavemode 4 hours ago | |
I disagree. The article very clearly makes it sound like there is some reason RudderStack ought to be listed by name in the privacy policy of the Stardust app. When in reality, it would make no more sense to list them by name, than it would make sense to list AWS or CloudFlare or any other technical infrastructure through which customer data passes. > Mozilla uncovered numerous privacy problems across various apps, but Stardust was the only one found sharing detailed reproductive health data with another company. > The report found that Stardust sends users' health information to a data management company called RudderStack, which isn't named in its privacy policy. That data includes pregnancy status, birth control, moods, alcohol consumption and specific symptoms like tender breasts and stomach cramps. > Companies often share data with outside services to process information and analyse user behaviour. There's nothing unlawful going on, and there's no reason to think RudderStack (or any company mentioned in this story) is doing something nefarious. > However, experts say it's inherently risky when your data spreads to more places. It creates another opportunity for security breaches or legal requests for information. Besides, you may just be uncomfortable with another company seeing your health data. > A Stardust spokesperson says the company only uses RudderStack as a "technical pipeline" to route data into its own analytics systems, and the app doesn't share anything that could allow RudderStack to identify your name or contact information. "Additionally, RudderStack is contractually prohibited from selling or using it for its own purposes," and RudderStack doesn't store the data long-term, the spokesperson says. > "People deserve better," says Shoshana Wodinsky, a privacy research analyst who conducted Mozilla's tests. At the very least, she says, you should know what's happening. | ||
| ▲ | soumyadeb 4 hours ago | parent [-] | |
Even the statement, "RudderStack is contractually prohibited from selling or using it for its own purposes," implies that the "contract" is what prevents us from selling customer data. In reality, that's not our business model and not how we operate. Granted, that statement came from our customer and not incorrect, but these small things can be mis-interpreted. | ||