Note: this article does not replace or amend our published policies and nor does it not constitute legal advice.
If you are concerned about any aspect of our privacy or cookie policies, please read this article for additional comments and clarification.
A very short history of privacy policies
For many ‘indie’ mobile or web sites/apps, it went something like this:
- ~2000s: often, no privacy policy
- ~2010 - 2015: complex, verbose, unreadable privacy policies (or no privacy policy)
- ~2015 - 2018: a movement to move towards simple, concise and readable policies
- Mar 25 2018: GDPR comes into effect
- Oct 3 2018: Apple required all apps to publish a privacy policy
- 2017 - today: additional national privacy laws enacted; increased enforcement activity; increase scrutiny of data practices by major companies
What does it all mean?
Well, for many smaller companies serving a global audience, like us, writing (or paying to have a lawyer write) your own privacy and cookie policy is no longer practicable. The sheer complexity of rules and regulations around the world means you’d need a whole firm of lawyers to stay on top of it all.
As a result, increasingly around the web, you see the use of privacy and cookie ‘solutions’ - software-as-a-service that will help you generate privacy and cookie policies and manage cookie consents (the dreaded, ubiquitous ‘cookie banner’). We currently use Iubenda for this purpose.
Your policy is too long or too complex to read
While short and simple policies are great for end users in one way, they are risky. It’s unlikely that a short policy can offer full transparency about how your data is collected, stored and used. It’s also unlikely that it’s compliant with legal requirements in many countries, particularly where the GDPR or similar laws are in effect.
Because of the need for transparency, a privacy + cookie solution allows its customers to list all services their site or app uses, indicate how the service is used, and then generates a policy with the currently applicable policy language required by current regulations.
As an end user you gain transparency. But, once you look beyond the policy summary, you lose in terms of sheer length and apparent complexity.
In our view, there’s unfortunately not much choice. Much better to provide more details than too few, which could be construed as misleading.
So if you see a short privacy policy, unless it’s the simplest or apps/sites, there’s a possibility that it is not providing full details of how your data may be used.
I’m concerned about how many companies may have my personal data
That’s a legitimate concern. But how to assess the risk? Firstly, consider what personal information you’re providing to the site. In the case of app.photoephemeris.com and our mobile apps, it is primarily the following:
- Name (you can make one up instead of using your real one if you prefer)
- Email address (needs to be a real, non-temporary address)
- Password (we store them securely and cannot view them in plain text form)
- IP address: the address of the computer or device you use to access our service
- Saved locations (optional): e.g. your favorite photo spots. (But if you choose to add your home address, then yes, we’d be storing that too)
- Usage information: e.g. which pages you visit on the site or web app
We don’t ever save payment details (other than in non-usable summary form, e.g. last four digits of a credit card and the expiry date), but instead our online Merchant of Record, Paddle.com, handles all payment related data. We don’t want the responsibility of storing and securing your payment information - best leave it to the people who do that for a living.
We also don’t ask for additional personal details, such as education history, phone number etc.
When looking at the list of companies included under the section ‘Detailed information on the processing of Personal Data’ in our privacy policy, it’s not at all the case that all companies are receiving all the data we do collect - only a very small subset receive that as necessary to operate the service.
If you have concerns on a specific vendor you see listed in our policy, please don’t hesitate to write and ask for additional details. We’d be happy to try to help.
Can I configure my browser to minimize my privacy exposure?
Yes. You can choose to