Disclose how data is handled in your privacy policy

Your privacy policy is fairly lackluster. It doesn’t give any information related to what you consider to be “personal information”, how you obfuscate or strip other “data” to deem its protection unnecessary, what tracking technologies you use to what extent for what purposes, exactly who you share what information with, how bound those external entities are to this policy, which data is encrypted, how data is encrypted, who holds the encryption keys, how user credentials are stored & handled, and whether you obtain data on users from third parties & how that is handled. I know that’s a lot, and I probably missed something along the line. I haven’t ever read a privacy policy this hollow before, I even found that your FAQ discourages your users from reading it! There was a pixel tag of all things in my confirmation email, that went to your domain, proving that it’s not a third party that’s handling all of this. Please do something about this.

1 Like

As this community site is based on Discourse, our privacy policy is based on Discourse privacy policy (same for the FAQ). I’d love to dedicate some extra time to the privacy policy & the community FAQ, but I would need some examples to do so. Do you know other sites that specify their privacy policy with such details? It might be useful to use them as an example to improve our privacy policy.

About the email tracking, we’re using elasticemail.com to send emails, and to use their service we have to configure a CNAME record (tracking.aseprite.org) which is pointing to api.elasticemail.com (on Linux-like platforms, you can verify this running a simple host tracking.aseprite.org command in your terminal).


@Treadlight I was working in a new privacy policy, I’ll publish it next Tuesday if everything goes OK.