| > OK, well, I've skimmed it and I can't see anything that suggests they are going to spy on our employees and sell the data to advertisers "We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:
...
Interest-based advertising.
...
We may also share information about our users with these companies to facilitate interest-based advertising
...
We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect
...
and share it with third parties for our lawful business purposes" Such "de-identified data" is often trivial to re-identify. There are research papers about that. It's well known in the security and privacy community. Also, they use dark anti-patterns for opting out from them even using your personal data for their own advertising. "You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at ..." If Drata intended to be a nice, trustworthy security partner, use of any personal data for targeted marketing, or sale of any personal information would be opt in, not "out out if you can figure out how ...". I have not read their terms of conditions or even their glossy information about the agent. I never got that far, as I declined to accept the terms and conditions for using their website. Already at that point, I saw red flags the size of Australia. I don't believe for one second that Drata has any intention of showing any decency or that they act in good faith towards their customers or anyone else. If they did, they would have developed reasonable terms and conditions. What they have don't even distinguish clearly between the roles of a customer and an employee or contractor for their customers. Hell, they don't even define the term "Customer". |