[ceejayoz]

This is potentially enormously sensitive data that'd be very valuable to competitors etc. I'd want to see a much more extensive privacy policy than the current state of https://www.swayfinance.com/privacy, particularly as it's a free service in need of an eventual business model.

[shostack]

I'd add that this is all too common with data/analytics startups I've seen. I've seen instances where the first thing they asked you to do is link your Google Analytics account. No privacy/data security policy worth speaking of, no info on the team, nothing.

For anyone who deals with this data (analytics, financial, etc.) for their company, particularly if it isn't of the "two guys in a garage with no real revenue" variety, we take data super seriously. I could lose my job (or worse, get sued) if I was negligent in handing out sensitive company data in a way that put the company at risk (let alone actually caused monetary damage to the business).

A clear privacy policy, details on the team and information about where the HQ is located (so I can make sure they are in my legal jurisdiction should it ever come to that) are the absolute minimum IMHO.

[juecd]

Physical location and about the team is a great point. Appreciate it!

[devnull42]

And to add to that the real issue is that Slack stores data unencrypted on their servers.

This would be handing your financial data over to a third party to old in an unsecured format. Yikes.

[shostack]

Wow--didn't realize that. If that's the case that's a major issue for anyone considering building a product that transmits sensitive data on top of Slack's platform.

[mikegreen]

Do you have a source for

  "Slack stores data unencrypted on their servers" ?

[mikegreen]

I'm not terribly keen on providing my actual login to my bank. Ie, adding Betterment asks me for my user/pass Betterment user login (they don't offer 2 factor) - something anyone could then use to login and manage my money there.

I see you're using plaid underneath to connect; so giving some assurance that plaid is handling the data flow and sway will not be storing usernames/passwords would be nice (if that is true).

[juecd]

Great point about the privacy policy. It's important to us to make it clear that we're not misusing the information. Thanks for the feedback!

[dsr_]

No.

It's important to your customers that you make it clear that their data is safe.

If it isn't, you need to make that clear, too.

Right now, I have no basis to extend trust to you, and no desire to do so.

[ceejayoz]

Another thing you need to be clear about is that data is permanently removed when a user closes the account. "Your photos might stick around for years after you click delete" works for Facebook, but not for you.