Changes to Software, Terms of Service, and Privacy Policy

You must login to your account to accept the new Terms and Privacy Policy on this page.

In light of the General Data Protection Regulation ("GDPR") coming into law on May 25 2018, we have updated our Terms of Service and Privacy Policy (collectively, the "Terms").

In addition to the new Terms, we have updated our software, with the goal of these changes being to make SPS fully GDPR compliant.

Here we will cover the major changes and allow you to accept the new Terms at the bottom.

SPS software changes

This update is all about visitor privacy. There is a lot of new info in our help section.
There is a new global opt out page.
There is a new visitor privacy option in your user preferences that lets you specify who you want the maximum privacy settings to apply to. Defaults to "All visitors".
There is a new custom tracking option called visitor_consent. This allows you to override your visitor privacy settings for individual visitors by obtaining their consent to track Personal Data that you disclose up front. How you obtain consent from visitors and remember that consent is up to you, but supposing you do that, then privacy settings will be ignored for this visitor.
For visitors that your privacy setting apply to, IP addresses are anonymized, "Do Not Track" headers and "Opt Out" cookies are honored, and custom visitor data is disabled.
Our Unique ID (UID) tracking cookie contains no actual "Personal Data" about visitors, but alas UIDs are considered Personal Data by the GDPR. This is the only Personal Data logged by default, but per Article 6 of the GDPR, this cookie does NOT require a visitor's direct consent as it is well within the "legitimate interests" of a web site using the service to know how many unique visitors they have, which is best accomplished with a UID. You must disclose this cookie in your privacy policy though (see Terms of Service changes below), or (not recommended) fully disable tracking cookies.
"Public access" is no longer an option for a site's data. Viewing data requires some kind of authentication now, whether it's a user login or a private link. We must do this to protect End User personal data from being accidentally leaked to unauthorized parties.

Terms of Service changes

Our new Data Processing Agreement ("DPA") is automatically amended to the Terms for business and commercial customers. The DPA covers our and your responsibilities when it comes to the GDPR and "Personal Data". It's important. Read it.
We now require you to disclose your usage of SPS in your site's privacy policy, including a link to our own Privacy Policy. If you log any Personal Data, you must disclose that as well as state why you need the specific Personal Data that you log. Examples of a basic disclosure and a disclosure with Personal Data are in the new terms page. This is the very first section of the new Terms page so it's easy to find.
EEA citizens have the right under the GDPR to access, modify, and delete any Personal Data that Data Controllers (you) have about them. You are responsible for handling their inquiries. We are building tools for you to easily find, update, and delete their info, which will be available by May 25 2018.

Privacy Policy changes

The Privacy Policy has been vastly expanded and moved to its own page (instead of buried in the Terms of Service). The old version was very short and basically just said that we respect your privacy, we won't share your data with any third party unless required to do so by law, and it also listed the data points we log and the cookies that were used. We didn't feel any more was necessary because we are a paid service, and we don't do anything shady with your information to make money. That's one of the big advantage of paid services! (Usually).

The one thing we didn't state in the old policy was that we used SPS to track SPS customers (you), although we thought that was pretty gosh darn obvious. The new policy states this fact.

The GDPR requires a lot more up front information than we had before, which we have zero problem with because we are honest and transparent, but that means the whole policy is basically new. It's easy to read and understand though, that's a hallmark of the legislation. The info from our old policy is still in there but there's a lot more now.

Do you accept these changes?

You must login to your account to accept the new Terms and Privacy Policy on this page.