User Data and Privacy — 2018
User Data and Privacy — 2018
Pracplay has never collected more personal information than was necessary to provide a product or service. Here is a summary of Pracplay’s publicly-relevant offerings and their data and privacy impacts.
At present Pracplay has no free service offerings. In the past we have offered a variety of free services, primarily Glean version 1–4. Previous to that we offered an open-source codebase, open-source product, open-source patch and release management, along with weekly developer support.
We offered these and other free services primarily to:
- Generate interest and engagement around our paid products
- Identify trends and stay in contact with potential customers
- Improve the quality of our products
Email and Engagement
To interact with users of our products and services, we collect minimal personal data. In most cases this means an e-mail address. The e-mail allowed users to uniquely identify content created interacting with our services and community. Whatever e-mail chosen by the user was as anonymous as that person desired to be. Users were always able to change the e-mail account used, or to request removal of content they created in any of the platforms we provided, at any time.
As one example, we allowed early Glean users to optionally share trading strategy designs with other users. In opting to share, the non-domain portion of the user’s email was visible by other users looking at community strategies. So if firstname.lastname@example.org shared a strategy publicly, his design would show to others as johndoe (or johndoe2, johndoe3 if conflicting shares occurred). This was made known to the user both before and after he shared the design, and he could change his user account name or unshare the design at any time. This personal information was never downloadable or otherwise made available to 3rd parties via any api nor other means, direct or indirect.
We have involved or attempted to involve Pracplay in any business involving reselling emails, at any time. We have never shared our user or customer e-mail accounts with anyone outside of Pracplay in order to generate revenue or other income. In the rare instances we have offered “push” e-mail marketing to our users, this has always been via separate opt-in. At all times the user was in control of what they received. Our current e-mail database is triple encrypted and only the most recent 12-months of publicly submitted contact e-mails can be accessed by anyone other than at approval of our CEO.
Even though we have no plans for another free service at this time, if that changed we’d expect to maintain a similar policy of requiring only what is necessary to provide a meaningful service or product.
Cloud and Content Security
The vast majority of our products did not require cloud or centralized storage. One exception was Glean versions 1–4, which required cloud storage of user strategies. These strategies were protected with multi-layer encryption:
- certificate-signed and encrypted cloud communication
- multiple pracplay secret keys
- a user-generated secret key known only to the user
- additional cloud-provider-specific encryptions and protections
The cloud-storage requirement was announced when we launched the first version of Glean and repeatedly and clearly identified in a series of privacy and security questions in our Glean Questions page. This was done for all the years we offered this service. Neither Pracplay nor anyone besides the Glean user could access any trading strategy without the user’s awareness, at any time. Users could permanently remove their strategies from the cloud at any time. As these Glean versions were discontinued in 2016, we no longer offer centralized storage to any publicly-facing users. All user trading strategies associated with public-aka-retail Glean have now been destroyed.
Beyond e-mail, in providing technical support for products and services, we have frequently allowed users to submit electronic, opt-in technical reports. When submitting a request, the user would typically have a partially pre-filled help request which they could review to remove information they did not wish to include. Usually this was non-personal information, but in some cases an ip address, screenshot or user account name on a 3rd party service might be included. These submissions and data have been retained no longer than necessary to respond to the specific user.
As we have presently removed access to all publicly accessible products and are no longer supporting such products, we had no need for this information. Thus this information has been destroyed (including ip addresses, screenshots and user-submitted logs containing account names… all destroyed).
If we were to provide a publicly accessible product again, we would likely continue the same intention as only collecting information to provide a meaningful service offering. And then only retaining even indirect personal data so long as it maybe useful to the personal relationship in question. Beyond this, we would strive to use anonymous data archives.
Testing and Product Quality
In both our open-source and closed-source products, we collected anonymous usage data. This included an anonymized hash of the user’s ip address and primary network address (eg hash(ip+ethernet mac)). In the case of Glean 1–4 it also included an anonymized hash of the user’s e-mail address. This non-personal information was sent along with a product or service identifier and click-stream data, which we used to measure how frequently and how well users were interacting with our products. We have not and would never sell this information to a 3rd party. When collecting product quality data we never collected or retained any personalized click data, only anonymous.
For paying customers, we have collected what is legally required by law in the United States. This is typically name and e-mail but in certain cases may include an address, phone number or other information. We have never collected credit card numbers in any way. If you are a customer and have questions about what we retain with regard to your transactions, please contact us.
Future Privacy and Security
In all matter of relationships and public dealings, Pracplay has striven to be maximally valuable and minimally invasive. The above summaries hopefully prove this out. When we require more than the bare minimum, we want to continue to be transparent about why. Additionally we want to make sure that not only is the value we provide more than outweighing any risk, we want to ensure our services are designed to mitigate your personal and relationship risks in every way feasible.
If you have any concerns or questions, drop us a line.