I know you wrote this to Josh, but just jumping in here to address the ProfitWell side. :)
1. You're 100% right. We don't have a live demo. We're working on a solution for you here, but it's been delayed for some other cool features. Happy to share when we launch something for you. I know a call can be annoying, but it wouldn't be a sales person. Most metrics demos are from our product/engineering team. :)
2. As for pricing - we don't typically hear it's confusing, but it's 100% free forever. We make money through our add-ons. There's definitely something here to get better at though, so I'll take this back to the team to make it rock.
The short answer to your question is, “Yes.” The long answer is:
> INFORMATION SHARING
1. With Third Parties:
We may share your information with third-party business partners...
...
2. With Service Providers:
We may share your information with third parties who provide services on our behalf...to which these services may include:
Payment processing
Providing customer service
Sending marketing communications
Conducting research and analysis
Providing cloud computing infrastructure
...which also means, “Yes.” In particular, “research and analysis” is not clarified (nor would a clarification outside the formal ToS be legally binding). As long as there is a defensible interpretation of these clauses, they can freely sell all of your information. This also might be of interest to you:
> We will respond to your request within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
There is a legitimate reading of this clause which allows ProfitWell to retain your data indefinitely because they’re providing a service to someone.
Let's back up a second. The silence isn't because I/we don't want to talk about this, it's because it was 2am here in Boston and I was sleeping at that point (coincidentally after leaving the office around 1130pm pouring over our new GDPR paperwork).
The short answer is 100%, absolutely no - we do not, have not, and will not ever sell your data. We say this pretty clearly at the top in our terms and services, which you didn't link to (found here: https://www.profitwell.com/terms-security). For context, there's a difference between a privacy policy and a terms of service. I'm not a lawyer, but from my understanding the reason here we structured things this way (as a lot of BI/analytics providers do) is because one handles the actual handling of data, especially pursuant to EU/International/US law, and the other handles the actual service of that data. For instance, we will share your email address with our email service or with our payment processor. The terms are inclusive of the privacy policy.
From a terms perspective, we don't access someone's account unless given permission for QA, analysis, and the like. We do aggregate data for research purposes, but there needs to be a minimum of 30 companies in that data set and if you'd like to opt out of that we're more than happy to sign/put together custom Ts&Cs, which we do with almost every company that requests one.
Additionally, with GDPR the nature of our privacy policy is going one step further beyond EU/Swiss Privacy Shield compliance to offering up DPAs and a whole host of new functionality to make sure we go beyond the requirements.
Apologies if I'm coming off any bit passive aggressive/defensive. Just trying to explain and sometimes the legalease can be tough to sift through. I started my career working in network security/intelligence, so I personally take this really seriously and we put a lot of work into all of this fun stuff (pen tests, training, our policies, etc.), so I take it too personally when hearing someone misinterpret how we work. We can always make this clearer, as we tried to do with the pre-amble to our terms, but happy to do what some other companies have done and really refine the plain speak of our terms and privacy policy (especially since they're shifting a bit with GDPR). Assume you meant the best here with your comments though, so hope this clears this up at least a bit.
From a monetization perspective, we do offer a service to _someone_ - our customers. We sell Price Intelligently, ProfitWell Retain, ProfitWell Recognized, and ProfitWell Premium. All of these products are feature and performance based - and more than paying the bills for us to continue to invest in building the company without a drop of funding (which is intentional to keep us independent).
The reason we set up our monetization this way is that frankly we don't think there's a whole lot of value in taking your data and putting it into a bunch of graphs. I know that's trivializing BI/analytics, but that's the crux of the industry right now. Plus, doing willingness to pay and pricing analysis supports this - hence why most BI companies have to go upmarket to survive/grow. Instead, metrics are the gateway.
The world we're building is one where ProfitWell can show you the one graph (or few) that you need to look at - not the 60 you need to sift through to truly understand if there's a problem or not. Then we're going to help you see exactly the metric you should worry about (and the ones you shouldn't worry about) before offering up resources to help you fix it or a product that takes care of that metric for you with 0 work on your part through what we call an anti-active usage product (like ProfitWell Retain). This just feels like the right move to best serve our customers and the greater community.
You should resolve the discrepancy between this comment and your Privacy Policy. A message board comment is not legally binding, and what I linked to has substantial wiggle room in interpretation.
Yup - a HN comment is definitely not legally binding. Given some of the flame wars on some of the threads over the years, that would definitely be a scary world.
Based on a number of lawyers (we've gone deep on this over the past several years), I'm confident this is resolved through the combination of our terms and privacy policy - the EU/Swiss privacy shield stipulations, which drove the privacy policy encompasses the specific data there that's shared (check out the section entitled "Collection", which is then what's referenced in the shared section). These are common information to engage in internet commerce like email, billing info, etc. This is actually specifically why we had language in our Terms to encompass the actual financial data. The ironic part of all this is we repeatedly told our legal folks we needed to simplify, simplify, simplify.
All that being said - you clearly came to the page and thought the worst based on the language, so I guess it doesn't really matter if we're legally doing the right thing, we need to make sure you (and other folks who reach us) are interpreting and seeing what we're doing as intended.
Give me/us a little bit of time to figure out how to make this instantly obvious. As I mentioned, we're in the midst of clearing up our house based on GDPR requirements, so it's a good time to revisit. Really appreciate the feedback - only way we get better. :)
For greater context, the reason why I’m saying your Privacy Policy needs to be revised for precision is because:
1. I have experience acquiring data for the financial industry, and your privacy policy looks like the kind used to discreetly allow data brokering for free apps that have a lot of user data, and
2. I’ve seen executives who do sell data deny that they sell data by being overly literal and obtuse about what users mean when they ask if their data is sold. When users ask if their data is sold they’re usually including “data sharing with affiliates”, even if they aren’t savvy enough to use that terminology. The concern there is that user data collected by third parties is allowed to be reshared by their affiliates and under opaque terms that do not preclude monetization.
In EU, you need to write something like "...share data with third-party service providers..." already if you use AWS, because customer data will not only be held at your premises, but also held by another company (Amazon).
It seems to be difficult to phrase the Privacy Policy in a way that will satisfy this condition, and at the same time remove the 'wiggle room' you see.
That has the big disadvantage that if you switch from AWS to Google Cloud, you need to notify all of your customers about the changed policy and ask them for consent again. I have not seen any Privacy Policy yet which lists the service providers.
You don't need to ask for consent, because it's typical that a clause will simply state, "Continued use of this service indicates acceptance of these terms", etc. That seems like a non-problem as far as these things go.
The reason you don't see privacy policies which list that information is not because it has an exorbitant inconvenience cost, it's because they benefit directly from that information asymmetry.
You actually do, because now you want to send data to Google Inc., for which you don't have the consent of your customers yet. They only agreed to sending it to Amazon. You can't make them agree to any future changes of your Privacy Policy.
edit: yes, you can send out a notification on every change and tell your customers that it is an implicit consent if they don't object. But I still wouldn't want to do that for every change of service provider, and there can be quite a few such providers in an SaaS.
If I understand correctly, finishing the last citation with:
"[in order to continue proving a service] to you."
would at least resolve the problem of retaining user data indefinitely, but I also totally agree with the free interpretation of "Conducting research and analysis".
Also, because Profitwell is available to customers in Europe, it will soon have to align with GDPR requirements (which also includes the right to being forgotten), even if it's not a European company or otherwise face fine risks.
Re: privacy/terms - hope the other comment I just made clears some things up. Happy to answer any questions if not, of course.
Re: GDRP - you're absolutely right. We'll be required to align with GDPR in just over a month. We're all set from an engineering perspective and rolling through all the fun documentation, agreements, compliance records, and trainings from a legal perspective now.
Hey Joewee - wanted to answer this directly here in case the other longer, more in-depth comment gets a bit buried - short and long answer is no. We have never and will never sell user data. We monetize through a bunch of products that help optimize different pieces of your business - pricing through Price Intelligently, churn through ProfitWell Retain, revenue recognition through ProfitWell Recognized, etc.
I explained this in depth in response to one of the comments here, but the crux of this is that metrics are the gateway, which allow you to see the problems in your business. We then offer resources or products to help with those problems.
Hey Dictum - we're free for non-basic usage, basic usage, and everything in-between. I explained a lot of why this is the case in the blog post link below (when we went all in for free), but it really comes down to the following:
PHILOSOPHICAL
1. In software (and the subscription economy) we're moving away from function based pricing to outcome based pricing. Putting this simply in the context of analytics/reporting means that if I just take your data and put it into a bunch of graphs, it's helpful, but not valuable, even if they are the right graphs (and most of the time they aren't the right graphs, at least in most BI/analytics products).
2. Based on this, we believe in outcome based pricing. We make money by selling products like Retain, Price Intelligently, etc. that all have a specific number we can point to (in your free ProfitWell account :)) that we helped move in the right direction. For some of these products we then only perfectly charge based on our performance. Others where we can't measure this precisely, we still price on a value metric axis.
ANALYTICAL
1. Metrics/analytics are a terrible business from a willingness to pay and unit economics perspective. People don't really appreciate how much work goes into 100% accuracy (that's our thing compared to our competitors fwiw). It took years to be perfect and even now we're still finding edge cases of edge cases. Multiply this by the number of billing systems and it takes a lot of work to support this free product.
Here's the thing though - back to that lack of appreciation - when measuring the willingness to pay for analytics/metrics, people just aren't willing to pay that much. We measured this well ahead of going all in on free and found that our unit economics, especially in a market that's weak in number of logos (subscription market is much smaller than people think). As a result, most BI/analytics companies go up market. We're upmarket and do have an enterprise plan for all the fun enterprise fixings people need, but we don't want to waste massive amounts of CAC fighting for $50/month or even $150/month. Creating a phenomenal user experience (we're not there yet) is so much valuable. Plus, we're able to show our customers they have a problem that we can then sell an add-on for.
Long story short, this business and space requires a scalpel, not a sledgehammer for growth. Hope that's helpful. Always up for answering questions.
We don't plan on stopping. Admittedly this gets us in some trouble being a growing company, because we need to make sure our free product is the best for our customers AND we offer up stellar paid products. A whole lot of surface area, especially for a bootstrapped company (although we're past the Ramen stage - $10M+ ARR and 45 folks :)).
There's a lot of work we did to make sure we're learning as quickly as possible that really helps advance the mission on all fronts.
Hey there - this doesn't sound good (and definitely not our intention). We ported over some contacts here and there from different marketing migrations, but always made sure to hide out any unsubs or things like that. I just looked in our DB for the email address in your HN profile and I'm not seeing it anywhere, so I'm assuming it's a different email address.
Ironically, could you email me the email address to patrick[at]priceintelligently[dot]com and I'll investigate. If it slipped in or you ended up actually opting in, definitely will take it out. If it's a larger issue, definitely will solve it. Obviously, apologies either way.
It was probably my school email (which still works). Either way, the emails stopped in 2016. So no worries, it’s not worth looking into, but I sincerely appreciate your responding. Good luck with the business.
(Porting contacts between lists seems dangerous btw. IANAL but pretty sure subscribing to one list does not count as opting-in to another.)
Yea - found you actually and can share meta details privately if you liked. Fortunately wasn't the DB port.
On that front we automatically just don't touch any of the unsubs for the new system, so was worried that was messed up. Doesn't look like it though. Not a lawyer either, but from my understanding it's the same list even if you change marketing automation/email products. GDPR is making this fun, too. :)
Sure. If you examine the freemium model, you're either the product or you're going to be sold too. Personally, if I'm getting value out of a product and it's free, I'd rather be sold to than have my data sold in some manner.
I think I agree with you, but I'm not sure no one would use them. A lot of folks use Mint/Personal Capital and I believe they disclose a lot more about the data being the product for offers.
I'd be interested in slicing the outrage responses by age or tech sophistication. After all, my parents are still uncomfortable putting their CC in online. Just a different world now.
On one hand this is similar to all kinds of financial institutions who sell your data (which is why you'll get a bunch of credit card offers). It's a bit better than those, because it at least appears like the emails/receipts are anonymized.
On the other hand, this was hidden deep in the TOS and Privacy Policies, whereas some extra disclosure probably would have helped the backlash they're getting today.
I hate the phrase "if you're not paying, then you're the product", because plenty of freemium models don't follow that narrative, but in this case it seems crystal clear. I supposed we're just seeing how naive people can be with their personal data (email inboxes).
