[lancesells]

Looks like a great product but you're using Facebook Remarketing and Google Ads. That makes me not want to use an app with potentially very personal information. Let's say I save 100s of articles about a specific health problem. Having any of that info going to Meta scares me.

[tristanho]

We definitely do not share reading data with meta or google.

Honestly we installed those a while back when experimenting with ads, but dont use them anymore… will look at ripping out!

[esperent]

> We definitely do not share reading data with meta or google.

At the moment. It seems like your privacy policies allow you to change that in the future. Either you or a company you sell out to in ten years...

[professor_meow]

> Either you or a company you sell out to in ten years...

Has Readwise in particular done anything specific to garner your skepticism here, or is this just general HN distrust of the longevity of third-party services?

From my own limited exposure to their team and philosophy [1], it seems like they are genuinely passionate about their problem space, and intent on building for the long-term.

[1] https://blog.readwise.io/why-were-bootstrapping-readwise/

[autoexec]

Yeah, I'd recommend that everyone check their privacy policy very carefully. This seems like yet another service where you are the product being delivered.

[tristanho]

This is simply not true. We not sell user data to anyone at all. The business is _entirely_ funded through customer subscriptions.

[autoexec]

> We not sell user data to anyone at all. The business is _entirely_ funded through customer subscriptions.

The privacy policy says that you "share" data with advertisers and publishers. In a privacy policy, the word "share" most often means "sell", or perhaps your service really is different and the data you're "sharing" with advertisers and publishers is being done for free? Out of kindness?

Third parties that your privacy policy explicitly mentions will collect data are Facebook, Amazon, Google, and Mixpanel. These companies are notorious for being highly risky when it comes to privacy concerns. Your page on the play store says "No data shared with third parties" which clearly doesn't tell the whole story.

Look, lots of people are perfectly happy with surveillance capitalism. I'm just saying people should take time to read your policies to see if there's anything in there that might make them uncomfortable.

[tristanho]

Yes, we do use common third party apps for analytics/ads. We do not share personal reading data with them. Amazon is just used for their Oauth login API for example (for an easy sign in flow for users), and mixpanel is a very common analytics library that we use to understand product usage, but it does not get reading data either.

You also omitted the term "non-identifying and aggregate information" in your quote from the policy.

I especially take umbrage to your claim that "you are the product", when again, 100% of our revenue comes from customer subscriptions.

What you're saying is simply not true -- we're a small team of bootstrapped hackers that have worked on improving reading for five years and the lies about us aren't appreciated.

[autoexec]

> The privacy policy says we _may_ share _anonymized_ reading data, aggregated across many users. Even that, we have never done, but needed to have in the policy to cover our asses legally.

Why would you legally need to specify that you might send data to advertisers and publishers? Even the examples you provided like "We may tell an advertiser or publisher that X number of people imported Z annotations from a particular book." suggests that even if you haven't done it already, you anticipate selling data to publishers and advertisers about what people are reading.

That's not a bad thing, in fact it's exactly the sort of thing I'd expect from a service like this (along with making recommendations to users based on their reading history), but it seems weird to dismiss that as something you only put in there for legal CYA reasons.

Please understand the position I'm in. I have no way to know if you've sold data to advertisers and publishers. I can only know what you tell me that you do, or "may" do, in your privacy policy (in context of a privacy policy "may" should be assumed to mean "will").

You may actually be the most privacy respecting SaaS company that has ever existed, who never has and never will make a single dime on anything but subscription fees. I can't know that. I can only go by what your privacy policy says. To me, that policy makes your service look like it will capitalize on the data you collect from your users and that it depends on third parties like amazon, google, facebook, and mixpanel for things that you consider to be essential to your service. Your privacy policy says that you may share anonymized data, yet anonymized data is often trivial to deanonymize, and even aggregated data is not always sufficient to protect people's privacy.

From the information that I have, my assessment is that it's reasonable to expect that in addition to subscription fees my interactions with your service will likely be used to generate profit for you.

If that's wrong today, then I'm happy to have been wrong about that. If you never intend to make a single penny from anything other than subscription fees and you have carefully taken every precaution to the point where you can ensure that user's reading lists and interests couldn't, in any way, be revealed to third parties like Google, Amazon, or Mixpanel then I sincerely apologize for by assumptions, and I'd suggest that you could do a lot more to make that clearer in the information you provide. I'd even open with your intentions to only accept money from subscription fees in your privacy policy.

[antiframe]

A reason I won't use a SaaS for my data is that even if today the policy is that they do not sell my data, tomorrow they might change their policy to do just that. Even if I stop using it before that change, they already have my data and are unlikely to allow me to completely delete it.

[1123581321]

Sorry. Most people here can tell that you simply make money by selling a reading and highlight management service. Unfortunately it gets tiring to repeatedly reply to things with "we understand what you are doing, carry on," so we're a silent majority. Obviously the other user that replied to you has no intention of buying your product, no matter what your privacy policy says.

Congratulations on the launch; the reader app looks ambitious and I hope you will keep building on it and improving it. Thanks for posting it here.

[baby]

This is such a weird comment to read on hackernews. I miss the product/new app oriented community that HN once was.

[smcleod]

I don't think it's that weird, a lot of us are especially concerned with privacy and security.

[1123581321]

It's not genuine concern, in this case. If someone were interested in privacy, they would be better at understanding when a paid SaaS has boilerplate in their privacy policy and why they might use analytics.

[Terretta]

You shouldn't have boilerplate in a policy. It's easy enough to find a dozen sites (Shopify, termly.io, etc.) that will generate a tailored policy for you based on your intentions.

[1123581321]

Indeed. I typically point companies to the aptly named https://www.privacypolicies.com which I’ve found to be configurable enough for most. There are productized legal consultations available, too.

As someone who also understands the challenges of guiding a business through implementing finely tailored privacy policies, you’re in a position to read between the lines and empathize when you a see a business that collects and uses data more minimally than their policy claims.

[rchaud]

Product Hunt dot com is the place to be if you want all smiles, back-patting and no awkward questions.

These are the forbidden realms where one can have the temerity to task "why would anyone use this over rsync?"

[jerryzh]

It is weird that you think even hn user should not be the group to be privacy oriented. I definitely don't prefer that future.