Write a Privacy Policy

[andrewbranch]

We use Crashlytics and Answers as part of Fabric.io to collect crash reports and analytics anonymously. Using these services require that we disclose to users what we are collecting (Answers Agreement Section 9.1). Planned updates would potentially give us the opportunity to track users non-anonymously, which we should not do, but once those systems are in place it becomes especially important that we’re transparent about what we’re doing.

We should write a brief, plain-English privacy policy as soon as possible. To sum it up in my own words, we anonymously collect information about the device, conditions leading to a crash, and certain actions users take while using the app. We use that information to fix bugs and make informed decisions about improvements we can make, new features we can add, and the overall future of the app. This kind of information can’t be used to personally identify anyone. If we do gather information that can identify a user (e.g. in the future registering for a Wednesday night dinner or something), it will be prompted by the user’s actions that clearly indicate their (plural “their” was the word of the year in 2015) consent and intent to share that information, and will only share it with church staff and volunteers for administrative purposes at our discretion.

A non-exhaustive list of things we might collect during a crash:

• iOS version
• iPhone model
• What screen was active or what action was taking place
• Battery level
• Available hard drive storage
• Memory usage
• Whether the device was jailbroken

Examples of user actions we might track:

• Watching a video
• Viewing a bulletin
• Viewing a calendar event

We should also eventually amend this privacy policy with a description of how we treat the distribution of personally identifying information (PII) from the church directory... once we decide that, which will be the subject of an upcoming phone call. So far, my idea is to authenticate devices to access the directory data by an in-person request process. So basically, “we keep your directory contact information safe by only granting access to church members who we can personally verify, just as if we were physically handing them a printed copy. You can request the removal of your entry at any time by emailing [whoever].” Or something.

I think I want to remove the prayer request form, as it seems a bit of a privacy liability. What email it is sent to is controlled by an option in the database, and during testing it went to me. If we changed it back to me for more testing and forgot to change it again after that, or that email alias was deleted and it went to Kyle as the catchall, I don't want any of us to inadvertently become an eavesdropper on someone’s confession or something.

[andrewbranch]

Any status update on this?

[andrewbranch]

Guiding principles
This document is intended to be an expression of transparency and good faith. It avoids legalese and technical jargon wherever possible. We take your privacy and security very seriously. We use technological best practices when it comes to transmitting, storing, and handling your data. In and beyond the specifics outlined here, we treat your personal information with discretion, using our best judgment.

Collection of anonymous user data
By using the app, you:

• Allow us to collect anonymous data about how, when, and on what kind of device you’re using the app so we can improve its design and fix bugs
  • For example, if the app crashes, we might know if your battery was low or if your hard drive was almost full. However, we would not and could not know where you were, who you are, or what any of the other content on your phone was.
• Allow the third party analytics services we use to access that anonymous data in order to improve their products and services
• Allow those third parties to disclose aggregated forms of that anonymous data

Collection of non-anonymous user data
Some features of the app are only available to users who personally identify themselves via name, phone number, a connected social profile, or other information. By providing us with that information and using those features of the app, you:

• Allow us to collect and store the information you provide about yourself using modern and secure technologies
• Allow us to collect non-anonymous information about how you use the app so we can make decisions about the app’s future development based on the engagement of church members
• Acknowledge that we will never disclose personally identifying information that you provide via the app or non-anonymous app usage information to third parties without your consent
• Allow us to share anonymized and aggregated usage information with discretion

Availability of personal information

• A digital version of the church directory is made available to church members in the app. If you are a member and have provided us with contact information, that information may be included in the digital church directory. However, it is protected and only accessible to other church members. We can verify (sometimes automatically and sometimes manually) whether an app user is a church member. Anyone who we cannot automatically verify will be subject to a screening process. In the same way that we wouldn’t hand out physical copies of the church directory to strangers, we don’t distribute your digital information to strangers either. If you have any questions about this process or would like to be removed from the digital directory, please don’t hesitate to contact us.
• We may, with discretion, make certain information you provide via the app available to church volunteers. For example, if you RSVP for a church event on the app, the list of individuals who are attending the event might be processed by a volunteer in the church office. In general, we make these kinds of decisions using the same judgment we use when handling written information you might deliver to the office staff by hand.

@JebHunt please comment with anything I am leaving out. Feel free to have others look over it. Once we polish it and organize it, maybe we should send to the CommComm.

[JebHunt]

Would you recommend separate privacy policies for the app and the website (FUMCPensacola.com)? Or one containing both?

[andrewbranch]

Separate. What I've covered here is pretty specific to the app.