Lickstats embraces privacy by design.
Put simply, we respect everyone’s privacy because privacy is one of our core values. As a matter of fact, we are obsessed by privacy. So why are we the makers of an analytics platform? Because analytics is there to stay and the tech marketing space needs ethical vendors. We are one of them. We pride ourselves as being the DuckDuckGo of shortlinks.
Dropping some GDPR compliance lines here:
In a nutshell, we only collect the data required to operate Lickstats and try our best to share as little as possible with third parties. What we share is disclosed in parentheses.
We will never share your data with third parties or use it for any other purpose than operating Lickstats.
We use Lickstats (IP, geolocation and user agent) to track marketing campaigns.
We use Mailchimp (email, first name, last name and plan) and SendGrid (raw data in transit only) to send emails.
We use Intercom (email, first name, last name, plan, geolocation and some usage data) to offer customer support.
We use DigitalOcean (all user data in transit and at rest) to host the Lickstats infrastructure.
We use Stripe (email and credit card) to capture payments.
That’s it. No bullshit.
Here’s what we have done so far to respect everyone’s privacy and what we are working on. The following is a good framework if you wish to embrace privacy by design.
What we have done
We removed Google Tag Manager and Google Analytics from all our web properties.
Although we love many aspects of Google, this company earns a living by data-mining users. Google has unfortunately crossed the line of ethics a very long time ago. It’s hard to buy out of Google’s ecosystem but we have and are proud of it.
We removed Facebook pixel from all our web properties.
Same as Google from a privacy standpoint.
We stopped using Inspectlet to monitor how users interact with Lickstats
Session replay tools are amazing to understand how users interact with services, but they allow us to literally see what users are doing.
We migrated our domain names to Gandi
Gandi is a French domain name registrar reputed for caring about privacy. Domain name privacy is enabled by default and is free of charge (most other vendors charge fees for that feature). Also, the legislation in the EU is much more suited for companies that care about privacy.
We have migrated our emails to Gandi
Google initially profiled users using the content of emails in Gmail. Gandi doesn’t read emails nor has an incentive to.
What we are working on
Develop a Firefox web extension (almost finished)
Firefox is a great browser when it comes to privacy but the Lickstats web extension doesn’t exist yet. We’re on it!
Encrypt user-identifiable data in backups (almost finished)
Passwords and integration tokens have always been encrypted in transit and at rest. That being said, we will shortly encrypt user-identifiable data in our backups using GPG.
Switch to deleting vs archiving data and incentive this behaviour (queued)
Currently, when a user deletes a link, data is archived not deleted to keep track of total clicks per month, a metric used to enforce our paywall. We decided to drop this “feature” and allow users to delete links freeing up their monthly quota. The idea is that archiving vs deleting is a bad practice when it comes to privacy. Did you ever wonder why Gmail has unlimited storage?
Self-host Google Fonts (almost finished)
Google uses Google Fonts to track users across multiple web properties. Self-hosting the fonts solves this privacy issue.
Proxy Google favicon web service (queued)
Google uses their favicon web service to track users across multiple web properties. Running that web service behind a proxy solves this privacy issue.
Remove Gravatar (queued)
Although Gravatar (owned by Automattic) is currently an ethical vendor (in theory), the nature of Gravatar’s offering means users could be tracked across multiple web properties (and devices).
Move the company to a country that respects human rightS to privacy (wish list)
Iceland, Norway and Switzerland have some of the best jurisdictions when it comes to privacy. We wish to move the company there some day or, at the very least, move our servers there.
Love, the Lickstats team.