Yup - a HN comment is definitely not legally binding. Given some of the flame wars on some of the threads over the years, that would definitely be a scary world.
Based on a number of lawyers (we've gone deep on this over the past several years), I'm confident this is resolved through the combination of our terms and privacy policy - the EU/Swiss privacy shield stipulations, which drove the privacy policy encompasses the specific data there that's shared (check out the section entitled "Collection", which is then what's referenced in the shared section). These are common information to engage in internet commerce like email, billing info, etc. This is actually specifically why we had language in our Terms to encompass the actual financial data. The ironic part of all this is we repeatedly told our legal folks we needed to simplify, simplify, simplify.
All that being said - you clearly came to the page and thought the worst based on the language, so I guess it doesn't really matter if we're legally doing the right thing, we need to make sure you (and other folks who reach us) are interpreting and seeing what we're doing as intended.
Give me/us a little bit of time to figure out how to make this instantly obvious. As I mentioned, we're in the midst of clearing up our house based on GDPR requirements, so it's a good time to revisit. Really appreciate the feedback - only way we get better. :)
For greater context, the reason why I’m saying your Privacy Policy needs to be revised for precision is because:
1. I have experience acquiring data for the financial industry, and your privacy policy looks like the kind used to discreetly allow data brokering for free apps that have a lot of user data, and
2. I’ve seen executives who do sell data deny that they sell data by being overly literal and obtuse about what users mean when they ask if their data is sold. When users ask if their data is sold they’re usually including “data sharing with affiliates”, even if they aren’t savvy enough to use that terminology. The concern there is that user data collected by third parties is allowed to be reshared by their affiliates and under opaque terms that do not preclude monetization.
Based on a number of lawyers (we've gone deep on this over the past several years), I'm confident this is resolved through the combination of our terms and privacy policy - the EU/Swiss privacy shield stipulations, which drove the privacy policy encompasses the specific data there that's shared (check out the section entitled "Collection", which is then what's referenced in the shared section). These are common information to engage in internet commerce like email, billing info, etc. This is actually specifically why we had language in our Terms to encompass the actual financial data. The ironic part of all this is we repeatedly told our legal folks we needed to simplify, simplify, simplify.
All that being said - you clearly came to the page and thought the worst based on the language, so I guess it doesn't really matter if we're legally doing the right thing, we need to make sure you (and other folks who reach us) are interpreting and seeing what we're doing as intended.
Give me/us a little bit of time to figure out how to make this instantly obvious. As I mentioned, we're in the midst of clearing up our house based on GDPR requirements, so it's a good time to revisit. Really appreciate the feedback - only way we get better. :)