Privacy policies for crowdfunding portals

By Eric Misterovich

8661000014_cb0056d718_m
Photo Credit: Rocio Lara

Crowdfunding portals require strong terms of use and privacy policy agreements to protect their business interests. The public is generally aware of the role data collection plays in society and most particularly online. Users are now aware that they are being tracked and that certain data is being collected about them. We believe websites that provide a clear, open, and honest discussion of privacy tend to establish a level of trust with their users that can be an asset to the business overall. As a result, we believe making privacy policies clear and understandable can help businesses acquire users and acquire their trust so they become repeat users.

Here are a few things to think about when reviewing privacy polices for crowdfunding portals.

Number 1: Tell Users What Data You are Collecting

The users of websites generally understand that at some level their actions are being tracked. However, many don’t understand or know what website is collecting what data. If a user wants to find out exactly what’s happening, they’re left to go to the privacy policy. Too often, these privacy policies are extremely long and confusing documents, even for an attorney to read. We suggest drafting a privacy policy such that a user can quickly and easily identify what data is being collected about them. For example, if you are collecting the user’s name, email address, phone number, or address, tell them. The users should be aware that any information they submit to the website is being collected by you.

You should also take steps to advise users as to what other measures, actions, or data is being collected. For example, you may be collecting IP addresses and geolocation data. You may use cookies or web beacons to further track users on your website or how they interact with you online. All these are important considerations in providing an open and honest dialogue about the data that you collect and should be clearly explained in your privacy policy.

Number 2: Tell Users What you are Doing with the Data

Your privacy policy should explain what you do with the data you collect. Most of the time, website owners are collecting data primarily to help the owner understand how users interact with the website itself. For example, what pages are the most popular landing pages? What is the bounce rate on those pages? What are people clicking on these pages? Is there any particular correlation between specific content and people coming from a specific location in the world? These are all examples of people interacting with your website and creating data for you to analyze to better serve your users. If this is the type of action you take with your data, then you should tell your users that.

Compiling and selling user data

On the other hand, some websites choose to compile and sell those data to third parties. There’s certainly nothing wrong with that. However, you should advise users that you are selling their data to third parties. You can also include specific limitations on what you’re doing with that data or in some instances, leave the door open to how you intend to use that data.

For example, you may not have any specific plans to package and resell that data, but you may want to leave that door open. This is particularly important to leave open in the case of the sale of a business. If you’re selling business, the data you’ve acquired about your users is an asset and the purchaser will likely want to have access to that. As a result, it might be a good idea to include a provision in your privacy policy that says the only time you would sell the user data is in connection with the sale of the business, a merger acquisition of the business, or a judicial proceeding.  It’s important to keep that door open to avoid any potential liability or to keep your options open down the road.

Number 3: Follow California Privacy Policy Laws

California has enacted laws specifically regulating privacy policies. The California Online Privacy Protection Act sets out a number of rules to standardize the information contained in privacy policies. Specifically, the items that must be included in a privacy policy are as follows:

  1. Identify the categories of personally identifiable information that the operator collects through the Web site or online service about individual consumers who use or visit its commercial Web site or online service and the categories of third-party persons or entities with whom the operator may share that personally identifiable information.
  2. If the operator maintains a process for an individual consumer who uses or visits its commercial Web site or online service to review and request changes to any of his or her personally identifiable information that is collected through the Web site or online service, provide a description of that process.
  3. Describe the process by which the operator notifies consumers who use or visit its commercial Web site or online service of material changes to the operator’s privacy policy for that Web site or online service.
  4. Identify its effective date.
  5. Disclose how the operator responds to Web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection.
  6. Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.
  7. An operator may satisfy the requirement of paragraph (5) by providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.

User data use requests

1577999575_d8f36326f7_mCalifornia law allows an user to obtain a copy of how its data has been used over the past 12 months. This is a lesser known requirement of California law and it’s likely not used very often. However, if you’re conducting business in the United States, it’s certainly a smart idea to include all California protections within your privacy policy. Because California has arguably the strictest state laws regarding privacy policies, if you can comply with California’s requirements, it’s likely you’ll comply with the rest of the country.

Get your privacy policy reviewed by an expert

If your crowdfunding portal needs a privacy policy or would like your current privacy policy reviewed, please contact Revision Legal’s  experienced Internet attorneys. We handle these projects on a flat fee basis so you have a predictable cost and known deliverable. You can contact us through the contact form on this page.

Leave a Reply

Your email address will not be published. Required fields are marked *

Put Revision Legal on your side

LET’S DISCUSS YOUR CASE