[jmix]

Great, then you can respond to some observations and answer some questions:

1. Your FAQ is at odds with your privacy policy (http://www.wolframalpha.com/privacypolicy.html) which states that you can collect and retain Personally Identifying Information. How do you explain the discrepancy?

2. In a conflict between a "FAQ" and Privacy Policy, which one is the officially binding document? Why should I entrust my data to comments made by a pseudonymous user or to something that is called a FAQ?

3. Your privacy policy is subject to change without notice. How can I be assured of any guarantee given that you have this blanket clause? Why would you not offer your users to opt out of any changes that weaken their privacy?

Please back up your responses with URLs to legally binding documents that provide strong guarantees we can rely on.

Thanks.

[jcburnham]

I'd be delighted to answer your questions:

1. I don't believe that the two documents are in conflict. Our privacy policy states:

"When you use any Wolfram|Alpha application associated with a Third-Party Site ("TPS"), including but not limited to social networking sites such as Facebook, we may collect personally identifiable information about you from the profile you have established at the TPS."

When you use Wolfram|Alpha Personal Analytics for Facebook, we do access your Facebook data, which you have to authorize through Facebook. That data does contain personally identifiable information. That isn't in conflict with the FAQ. The FAQ states (apologies if this is repetitive):

"In order to do analysis on your Facebook data, it is necessary to cache it temporarily on our servers. We acquire the data through the Wolfram Connection app using the Facebook API, respecting whatever privacy settings you and your friends have given to Facebook. Our system is set up to cache your data on our servers for one hour, which allows you to perform queries efficiently. The default behavior is to delete personally identifiable data after one hour."

We do collect personally identifiable data from Facebook, but we don't save this data for more than an hour (unless you specifically enable Historical Analytics which tracks changes to your Facebook over time).

2. There shouldn't be any conflict between the FAQ and the Privacy Policy, the FAQ is specific to Wolfram|Alpha Personal Analytics for Facebook whereas the Privacy Policy is global to all of Wolfram|Alpha. As far as my being pseudonymous, my name is John Burnham and the above link is to my blog post. Send me an email at johnb@wolfram.com if you like.

3. & 4. Yes, the privacy policy is subject to change, which is standard for many TOS's. I'd like to point out though, that our Privacy Policy also states at the bottom of the page that we haven't changed it since March 2009. If we do change it, you can refresh the page at any time and check the bottom of the page for the date of previous change. What's currently on the web is the current legal document.

Links: FAQ http://www.wolframalpha.com/fbfaqs.html Privacy Policy http://www.wolframalpha.com/privacypolicy.html

[jmix]

These is non-responsive PR:

1. The PP explicitly says that Wolfram can collect and retain data indefinitely. The FAQ promises a horizon of 1 hour. 1 != ∞. Which of these documents is to be believed? Which of them constitutes a legally binding document?

2. I don't want reassurance from some Joe Random Shmoe. Your users have a relationship with Wolfram LLC (or whatever the legal entity is). So any meaningful guarantee needs to come from that entity. But until now, Wolfram has only provided weasel wording and cagey language. I appreciate you sharing your name, but then again you have a product to peddle, and we both know that nothing you say here is legally binding for Wolfram, so you could say anything.

3 & 4. PP provides no meaningful long-term guarantee. Saying that this is standard for many in the industry is a cop out. If your company is really committed to these principles of privacy you espouse and claim here in this forum, it certainly has the legal staff to get it written into those two documents to which you linked.

Time to get your principles in your legal documents. It's duplicitous to claim the high road while peddling agreements that sign away so much PII to Wolfram.

[taliesinb]

1. Two different meanings of data: connecting your Facebook account to your Wolfram ID, which is necessary to do the analytics, is by definition PPI (your Facebook account IS your name and email address). That's why the privacy policy says that.

However, the actual data retrieved from your Facebook profile (wallposts, friend lists, etc) is deleted after 1 hour -- unless you enable Historical Analytics, obviously.

There is no contradiction here.

2. This question is phrased in such an insulting way I can't imagine you aren't deliberately trolling.

3&4. We've been quite upfront about what we do with your data. All your Facebook data goes away unless you opt in to Historical Analytics. Otherwise there is no PII derived from your Facebook data that we keep. You can disable Historical Analytics at any time, and you can disassociate your Facebook account from your Wolfram ID at any time, too.

To sum up: we've taken the high road from the beginning. Unlike many FB-based businesses, users aren't the product here, they're the customers.

Have a nice day.

[jmix]

Yes, we all follow what you have said, but I see no guarantees offered by Wolfram, the service provider. You can pretend to be offended and avoid the question, but at the end of the day, the assurance you are trying to provide here is not legally binding and you know it. If you really believe in your last paragraph, why don't you have the Wolfram legal staff put these guarantees in writing, into the ToS and Privacy Policy?

At $600/hour for a lawyer and 30 minutes of their time to add a sentence or two, it'll cost $300 to make the changes. That's well under however much your time cost to make unbacked assurances online. And at the end of the day, your service and your users will be better off for it.

[tedunangst]

Alternative strategy: don't use it.