Introducing Casa's "Privacy and Data Protection Policy"
A major problem with user privacy today is the lack of easily readable privacy and data policies. They are typically pages of intentionally complicated legal language presented in small font, so users skip reading and quickly click “I accept.”
At Casa, we strive to deliver customer-first products with user privacy as a priority. With that in mind we've spent considerable time and money with our legal firm to build a new kind of policy that is easy to read and clear to users.
We call it the Casa Privacy and Data Protection Policy, and here are just a few of the ways it is different:
- The policy document itself is easy to read and minimizes legal jargon.
- We are not only writing in what information we collect, we are also writing in information that we explicitly do NOT collect.
- Our policy helps you understand how far we go to protect your privacy, and legally binds us to notify you if we ever start collecting that information.
But this isn't just about our users – we also want to make it easier for all companies to adopt better privacy and data protection.
So today we’re also releasing an easily forkable, open-source Template Privacy and Data Protection Policy on Github for the community. We invite all companies to join us in taking a stand for user privacy and data protection and copy, fork, modify as you see fit!
Read on for a breakdown of our new policy.
What kinds of information do we collect?
Directly Collected Information
We only directly collect information from you when you provide us with that information. If it isn’t essential for us to know in order to provide our Services or comply with the law, we don’t ask for it.
*Once the products you purchase are delivered, we delete your shipping info. This serves the purpose of respecting your data sovereignty as well as negating the ability of anyone to take advantage of your data.
We most often collect this type of information from you in order to do things like set you up with account credentials for login, help troubleshoot any issues you’re having, or to ship products to the correct person.
Because you provide us with this information, you can be as private as you’d like. You can make an email address specifically for Casa correspondence, or provide us with a P.O. Box address for shipping. Whatever your concern is, we’ll work with you.
Automatically Collected Information
Some personal data is automatically collected as you use our Services.
This type of information is most often used so that we can help you troubleshoot any issues you’re having.
What kinds of information do we NOT collect?
Here’s a quick list of information that we do NOT collect:
- Date of birth, social security number, or any government-issued identification
- Phone number
- Browsing history (except on our own website, anonymously)
- Publicly available information from your social media profiles
- Cookies for targeting and marketing purposes
This information isn’t necessary for any of our operations, so we don’t ask you for it.
Many other companies collect this information simply because they can. Sometimes it makes it easier for them to run their business, and other times they sell it for profit. We put our customers’ privacy and security at the highest order of importance, even if it means more work for Casa.
- We do NOT utilize any third party cookies placed on your device by those parties.
We only use what are known as “Essential Cookies”. These cookies are used for:
- Allowing you to log in to secure areas of our site
- Maintaining your preferences over time
- Recognizing you when you return to our Services, so you don’t have to log in repeatedly in a short period of time
How do we protect your data?
Essential Data Only
As a customer-first and security-first company, we only collect personal data that is essential to operation.
Least Privilege Principles
Across our company, employees only have access to what’s required for their role. Our design team doesn’t have access to your shipping information. Our operations team can’t decrypt your node’s troubleshooting logs. Unless it’s specifically required of someone’s role, that visibility won’t be granted.
Minimizing Third Party Services
We mitigate the use of third-party services to only those required to deliver our products and services to you. We don’t use Google Analytics, third-party cookies, tracking pixels, or web beacons. This is an active, conscious decision, despite it negatively impacting our ability to track customer trends.
Transparent. Secure. Self-reliant.
We use self-hosted, end-to-end encrypted software tools wherever possible. This often requires us to spend more time setting up and maintaining our internal software tools, and it usually means we don’t utilize any of the well-known company software providers due to their data collection practices. Examples of areas we use open source or end-to-end encrypted tools include:
- Internal chat
- Customer support platform
- Company blog
This helps to protect your personal data from outside threats and prevents unnecessary data sharing.
We have a big vision for the future of personal data privacy.
Send us a tweet @CasaHODL -- we’d love to hear from you.