It sounds like a great idea. I did notice a carveout in the privacy policy for "if we get acquired, they can do whatever they want with any information" which seems... undermining, given how getting acquired by one of the worst data brokers is generally assumed for any successful social media startup.
> Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
? It doesn't mention the "they can do whatever they want with any information" explicitly, but given that the parallel "Affiliates" section says they'll have to adhere to this privacy policy and this section doesn't, I suppose it's implied.
To be clear, this is always the case whether or not it's explicitly mentioned in the policy, unless the opposite is mentioned - some kind of "any merger contact will require our acquirer to adhere this same policy", which I've never seen from any company. And it'll be an unlikely (albeit very welcome) addition given that it'll affect the acquisition potential and the $$$ bottom-line.
At Clever we include this in our privacy policy. It caused no problems when we sold our company last year:
> In the event of a change of control: If we sell, divest or transfer our business, we will not transfer personal information of our customers unless the new owner intends to maintain and provide the Service as a going concern, and provided that the new owner has agreed to data privacy standards no less stringent than our own. In such case we will provide you with notice and an opportunity to opt-out of the transfer of personally identifiable Student Data.
I wouldn't assume malicious intent here, as this exact clause shows up word for word in dozens of privacy policies. It appears to just be a stock part of a generic privacy policy that made it past their initial edits.
I'm also unsure if its absence would really change anything. If a data broker acquires the company, what's to stop them from just changing the privacy policy to be compatible with their uses?
Thanks for the benefit of the doubt. Yeah, this is part of a stock privacy policy. Slow Social is a hobby and experimental social network, not a startup. I fully intend to support any users on the platform and hopefully make it into a really nice experience, but there are no investors or stakeholders to incentivize me to do anything other than my original goal, which is to make a Social Network for friends, not influencers.
You're posting on such a service right now. From Y Combinator's privacy policy, which applies to HN:
> Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your Personal Information and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
What are the chances that you haven't already? Sounds like pretty low, unless you habitually read the entire privacy policy for every website before signing up.
