There are so many really innovative products online right now. A good friend was showing me amazing product called Intercom that lets you see who of your users are online, their social profiles, even direct message/chat them live on your site.
You just add this JavaScript to your site. Here's the snippet from their home page:
<script id="IntercomSettingsScriptTag">
var intercomSettings = {
app_id: 'tx2p1ufd7g30c',
email: 'john@example.com',
created_at: 1234567890
};
</script>
<script>
(function() {
function async_load() { var s = document.createElement('script'); s.type = 'text/javascript'; s.async = true; s.src = 'https://api.intercom.io/api/js/library.js'; var x = document.getElementsByTagName('script')[0]; x.parentNode.insertBefore(s, x); }
if (window.attachEvent) {
window.attachEvent('onload', async_load);
} else {
window.addEventListener('load', async_load, false);
}
})();
</script>
My buddy was thrilled and thought this was an amazing product. It totally is. With modern browsers and modern JavaScript we can more quickly integrate applications like Intercom, Google Analytics, UserVoice, JainRan and a thousand others into our websites. It's a LEGO web, indeed. Just add some JavaScript like above and you're off.
However, after looking at this for about 5 minutes, I rained on my friends parade.
"Hey, is that the user's email address there?
"Yes! The 3rd party needs that so they can populate their dashboard and keep track of who's who."
"Ah, OK, but you're sending that email to them, right?"
"Yep."
"And they're storing that, right?"
"Yep."
"So, what's their privacy policy and how will it be added into yours? There's a chain of privacy policies that needs to happen here. What 3rd parties does this company use? And theirs?"
"You're totally raining on my parade. But you're right."
We emailed the folks at Intercom and they knew immediately what we were talking about and answered exactly as they should. Here's their email:
Sure thing, firstly our official terms & privacy policy are here:
http://docs.intercom.io/#PrivacyAndTerms
The short summary is...
1. You own your data, when you kill your account we don't keep it. We never sell it. We never contact your users. We will never do anything with your data that we wouldn't be proud to tell the world about.
2. We have a feature where we use a 3rd party service called FullContact, to augment your data, for example find an twitter/linkedin/facebook/github account that matches an email address. This can give you extra insight into the types of users you have. You can easily disable this in your app settings.
Regarding updating your privacy policy, you obviously should note that you send data to Intercom for the purposes of providing support and extended communication with your customers. You might already have this covered under other areas (for example if you use helpdesk software, certain analytics packages, etc then you're already doing precisely this)
Ultimately you should check with your lawyer who created your privacy policy to ensure that using Intercom doesn't violate your existing privacy and find out precisely what changes are necessary.
Exactly. Knowing is half the battle. Are you using a number of 3rd party services? Are you integrating "on the glass" with JavaScript? Step 0 is making sure your Privacy Policy reflects the chain of Privacy Policies for all the products you use.
Sponsor: Again, I want to thank my friends DevExpress for sponsoring this week's feed. There is no better time to discover DevExpress. Visual Studio 11 beta is here and DevExpress tools are ready! Experience next generation tools, today.
© 2012 Scott Hanselman. All rights reserved.