Ask HN: Server providers missing from privacy policies?
I reviewed a few privacy policies of SaaSes and they don't mention third-parties that they obviously use, like:
- server providers (hosting)
- email sending services (like SendGrid)
- other SaaSes they use like error tracking, backup hosting (S3)
In many cases these SaaSes host personal data in unencrypted forms. Yet the privacy policies mention that they don't share these details with anyone.
Shouldn't they list all used third-parties?
3 comments
[ 2.7 ms ] story [ 18.1 ms ] threadMaybe then a SaaS company can reasonable say, the hosting company isn't looking at the data thus it's not considered sharing with them. That's my thought behind it anyway. I'm interested in what others might think.
You can encrypt backups, but in many other cases you can't do it (sending emails, generating invoices) or it's too much work (error/log aggregators that can leak personal data).