Privacy Comes First

June 16, 2023

I first logged onto the Internet as a teenager in the mid-1990’s. It was a heady time. The Internet was still perceived as fundamentally subversive. John Perry Barlow’s Declaration of the Independence of Cyberspace was one of many manifestos that shaped how many of us hoped the Internet would create a revolution in knowledge and overthrow hierarchies.

Needless to say, it didn’t quite turn out as we expected.

What drives much of the internet today is the panopticon: companies that create products that gather as much data as possible on their end users. Even products that you theoretically pay for often collect and store data well beyond its useful date.

Further, privacy policies are often opaque and it’s difficult to discern what a company collects, how they intend to use it, and when (or if) they will discard it. What actually happens when I delete my account? Is all my data still floating around in a database somewhere?

I’m not a fan of this practice. My fundamental philosophy around privacy is that you should only collect the data that you need to render services to your customers. Companies should indicate what they collect in plain-spoken prose. In fact, many new privacy laws (I’m looking at you, EU and California) are headed in this direction. Unfortunately, compliance is spotty and often still difficult to interpret..

There are a handful of companies that do have good privacy policies. One example is Automattic. They are the company behind WordPress, Tumblr, and PocketCasts. Each of these product has a fairly clear and concise privacy policy that addresses what they collect and how they use it. They do not require a law degree to read and interpret. Automattic has also very generously open sourced their legal policies so that other companies (like Calendaristic!) can reuse and adapt them.

And that’s exactly what we’ve done with our privacy policy, too. We’ve modified it to indicate what we collect and how. Further, we’ve added indicators to our code base that tell any future developers “If you change this list of items that we collect from the Google Workspace API, you need to update the privacy policy.” Ideally, there’s a 1:1 relationship between what we collect and what we say we collect. Businesses change over time; we want to ensure that we treat your information with care.

In future posts, I’ll talk a bit more about how we treat data collected from the Google Workspace API and how users can omit (blacklist) accounts that they do not wish to include in Calendaristic reports.

If you’d like to give Calendaristic a try, you may sign up here.

Photo by Matthew Henry on Unsplash