Does the Citi privacy policy promise not to sell your transaction history to 3rd parties? If no, then Privacy's service offering is still attractive from that perspective.
(b) Privacy.com still shares data that they don't deem "personally identifiable" [2]
(c) Privacy.com may share your data during a merger/sale of company stock etc. and I don't think they limit what can happen to it [2]
(d) Privacy.com may share your data "with financial institutions, processors, payment card associations and other entities that are involved in the payment process" (notice they don't limit the usage to actually processing your payment, or the storage to the duration of your membership... they just say "we may retain data about you for a period of time consistent with applicable law" which I assume could be quite a while)
(e) I'm not sure why I should trust a company named privacy.com themselves with my unique device IDs and location data, whatever the situation with third parties is.
The opt-out that Citi provides is extremely similar if not the same to the one that I receive annually from basically all financial companies I have an account with. They allow you to limit the sharing only as mandated by federal law.
Regarding (e) I can only say that I'm quite happy using Privacy's website to manage my account. Of course I disallow location sharing there, so the best location they have is via IP address which is a granularity I'm comfortable with (and which could be further obscured with VPN if you're really worried about it).
Overall it's a nice service. I completely agree with you on (d) being less than optimal and wish they would issue some stronger language on that point. Nothing is perfect I suppose.
I'm one of the founders. Just wanted to hop in here and clarify our current practices.
We do not sell any data to third parties (anonymized or not). We’re never going to do it for direct marketing purposes or anything like that.
The intent behind the non-personally identified information sharing clause is to potentially provide breach notification warnings to merchants:
Example: if a large number of locked cards were used at merchant X, and then subsequently stolen from merchant X, and used at other merchants, we could notify merchant X and our customers that shopped at merchant X (likely before anyone else in the ecosystem knew).
This is not a service we're planning to provide in the near term. Any other information we collect is solely for the purposes of fraud prevention, not marketing.
I definitely hear you on the language in the policy though, and it is something we intend to tighten up
The forms are all the same for opting out, but what exactly they let you put out of is different. In Citi's case it seems to include sharing information with their affiliated for direct marketing, which is what we're concerned about. (I'm not sure what the law is regarding sharing for other purposes though.)
