Hacker News new | ask | show | jobs
by sinalet 2401 days ago
Thanks for taking the time to carefully read our terms of service! We share your point of view that these aren't merely a series of boxes to check.

Our “privacy-first” claims are namely three-fold:

1. We limit the data returned to our customers and enforce a maximum data retention period after which data is permanently deleted. We encourage customers to reduce the amount of data they need and the number of days it must be stored.

2. We built our own image watermarking service to protect the sensitive images we process and store. This helps ensure that the images cannot be used to verify an identity on any other service.

3. We completed our SOC 2 Type 1 examination in March 2019. This is an intensive security audit performed by an accredited third party. We perform these annually.

And thanks for the feedback regarding JAMS specifically. We are in the process of revising our terms that were first drafted early this year before our public launch.

We really do appreciate this feedback, which we will take into account as we continue to iterate on both our Terms of Service and Privacy Policy to best-reflect our business practices. As part of this effort, we are making a commitment to always publish a record of all changes to our terms.
4 comments
anadem 2401 days ago
Commenting as an uninvolved bystander: your entire reply sounds like corporate-speak to me, and it's offputting. I get that you're trying to state your intent, and perhaps English isn't your native language, but it's deterring me from looking further into Berbix. Also, your second claim really just seems to be a lock-in, not a user-friendly positioning.
link
Animats 2401 days ago
If your primary business is trust, you have to commit contractually to back it. Not just make "claims".
link
e1g 2401 days ago
FYI: SOC 2 Type 1 has no weight for corporate/data privacy/infosec because anyone get it with a dozen .docx templates from the internet. Type II report is substantial because it requires the auditor to observe your actual operations for the previous 3-6 months. If you got Type 1 report in March, does that mean that Type 2 report will be available to prospect customers any day now?
link
londons_explore 2401 days ago
How can you force your customers to have a retention period for data you provide them? They could just keep a copy, and you'd never know.
link