Hacker News new | ask | show | jobs
by jwithington 1644 days ago
I think the OP is talking about the "How We Use Your Personal Information" on https://drata.com/privacy

That would seem to only pertain to their website. Yes, they're going to want to market it to you, so that makes sense.

The actual privacy policy for the product the OP is using is likely found in the contract Drata signed with the client company.
1 comments
neonnomad 1643 days ago
You are 100% correct.

Source: I am the Drata CISO

link
illud_tempus 1643 days ago
> You are 100% correct. > Source: I am the Drata CISO

May be you should go over your user agreement documents and:

1) Make sure that all relevant information is available, so a user can make an informed decision.

2) Distinguish between the user roles, and have different agreements for the different roles. One role is your customer. A second role is the employee of your customer. A third role is the contractor for your customer. A potential fourth role is the person(s) working for the customer that is responsible for dealing with personal and confidential information related to you, employees and contractors.

As of today, your user agreement is a mess, appearing as something you have copied and pasted together without much thought, except for how to cover your own asses. Including the ridiculed clause Microsoft is infamous for, warning that your software is unfit and unusable for any purpose.

link
jwithington 1635 days ago
it sounds like you’re trolling tbh
link