[techdiff]

Thanks for the question! Absolutely understand the scepticism. We have a user ID that we match to the Twilio response, so staff can't submit multiple answers. We delete our data from Twilio after seven days at the moment (Twilio mandated min); we’re working on a 1-hour retention policy via their Rest API. We’re always working toward minimising any end-user identifiers back to comments.

For me, there's also our reputation - if we claim we're protecting users and then don't, our product would be over quickly.

[neilv]

Have your lawyers looked into whether anything can be done in the customer contracts, to help avert having to disclose this info to them (and all the damage that might mean for your trust-based business)?

[techdiff]

Actually, that's a great idea! I might see about a ToS update to cover it. Thank you!