A Note on Security, Data Privacy and our Terms of Service
In just over a month, May 25th will mark the deadline for compliance with the EU’s new General Data Protection Regulation. The GDPR has struck fear into the hearts of businesses within the EU and beyond. At Tito, however, we greet the GDPR with cautious optimism. Strict data protection regulation aligns with our attitude on the matter since the start: respect people’s data.
We’ve been busy doing our homework on GDPR, and laying the groundwork for our own compliance. For our own reference, and if you want to follow along, we’ve set up a public repository with the steps we’re taking and working drafts of new documentation.
Now seems like a good time to talk about our high level approach to data privacy, terms and conditions, and other policies at Tito. In the next few weeks, we will refresh our terms of service and our privacy policy, and add data retention and security policies. Ahead of that, I thought I would go through how we’re approaching these updates.
Infrastructure Security
Over the last weekend, we’ve been hard at work to ready infrastructure that sees us double-down on our commitment to security. We have prepared a brand new stack, entirely contained inside its own virtual private network within Amazon’s cloud, with no outside access to any services other than our load balancers.
All three data layers within our stack: database (MySQL) and application caches (Memcached, redis) all have encryption at rest enabled. All the application servers and datastores are in Amazon’s Dublin region, very much within the EU.
This new stack will be live by the end of this month.
Data Privacy
Since we started Tito, our approach to data privacy has been fairly simple: do nothing, claim nothing. In GDPR terms, for anyone who signs up to our service: event organisers and their teams, we act as a data controller. This means we are responsible for how the data is used, and for getting permission on how we use it. We have around 17,000 folks in this database.
We have never sent an automated marketing message to anyone in this database. For GDPR, we will be sending one email asking our customers to review their preferences on a new data-privacy page we’re working on, and giving them an update about our new platform. After that, we’ll never email anyone who doesn’t explicitly want us to.
We also hold details of just over 2 million attendees of all of our customers’ events. In GDPR terms, we are the processor for these data. Anything we do with these, we do on behalf of our customers, who act as the controller.
In short: we have never, and will never do anything with these data. We simply hold it, store it and present it to perform the tasks our software does. If you are someone buying tickets from an organiser who uses Tito, you can do so safe in the knowledge that we are not doing anything with your data: we don’t share it, we don’t sell it, we don’t try to claim it as our own.
Terms of Service
It always seemed to me that the terms of service for any web-based software should be simple: you use the software, the software does its job, there are no malicious side-effects, and that’s it. You shouldn’t have to worry. Unfortunately, in practice, over-reach seems to have become the norm as popular web services want to do more and more with customers’ data.
Our existing terms of service are based on the really awesome Creative Commons wordpress.com terms of service (thanks Automattic!) and have served us very well. We have worked with our legal advisors on an initial version of a new set of terms and after some of our own tweaks we’ll publish this to be compliant before the GDPR deadline.
To put it simply, if you use Tito and you run a legitimate event, or purchased a ticket to attend one, you should have nothing to worry about. We’ll endeavour to keep your data safe, to keep the service running, and to help as best we can if something goes wrong. Oh, and if we ever attend your event, it will be because you invited us, or we bought a ticket, and it will be to learn, to hang out, and to talk about how we can improve. We’ll only bring a recording crew if you want us to.
With Great Power…
I’ve been playing The Witness on my phone recently and one of the game-development principles really stood out to me when I was reading about it:
Blow [the developer] wanted The Witness to be for the player that “is inquisitive and likes to be treated as an intelligent person”.
Mirroring this, we trust our customers to do right by the data that they use Tito collect, and we treat them like the intelligent people they are.
Our strategy is to do research and produce educational material to steer our customers along what we consider the correct paths to be. For GDPR, we produced a guide to help organisers negotiate the ins and outs of data protection as it relates to events. Our next guide will be about event safety, and we’ll keep going with these guides as long as folks find this stuff helpful. We’re only too happy to share.
Wrapping it all up
Our approach to all of this is to try to keep things simple. We want our terms to be straightforward, transparent and fair. We believe that it’s possible to run a successful software business and to maintain reasonable expectations of security and data privacy.
Finally, a big thank you to all of our customers, and in particular those who have been saying lovely things over the last few days. This is all for you.