Here’s everything wrong with the Privacy Policy outside of what I stated

"Your safety...is a top priority": This is very common language that holds little tangible meaning. Companies will say this while simultaneously prioritising other things (profit, functionality, etc.).

"We...only use your data for...": Limited purposes don't automatically mean ethical purposes. What do those "data reports" entail exactly? Who sees them? It's unclear.

"We do not sell, track...": This is likely where blatant lies could emerge.

"Sell" has complex legal definitions - they might share data in ways that skirt its technical definition.

"Track" is vague. If there are ANY analytics for website improvement, that in itself is some form of tracking user behaviour.

"If your data is sold or tracked...": Throwing the website builder (Wix) under the bus is a red flag. It implies they have little oversight of or responsibility for a significant element of how data flows.

"To protect sensitive information, avoid providing it...": Places the burden of privacy completely on the user despite lengthy data collection. This indicates an attitude of prioritising data acquisition over user control.

"Amount of time spent on the website/app": Many privacy-conscious people would view this as intrusive even if anonymised in reports.

"Type of device...": It's unclear why this is needed at all for most sites. This COULD be relatively innocent depending on site functionality, but the lack of explanation is suspicious.

"Posts you make...Groups you're a part of": The combination of this data can build a detailed social graph and interest profile of you, highly valuable to third parties even if they can't see direct content.

Just saying, these changes are going to get you in a lot of legal trouble, here’s why

“protect your personal information in compliance with regulations such as GDPR legislated by the European Union and CCPA legislated by Californian law.”

That’s not true, Blaze uses Google Analytics and an IP grabber which do not comply with GDPR or CCPA.

“Location”

Why do you need that exactly?

"If your data is sold or tracked, it might be from WIX (our website builder), and details are available in their Privacy Policy."

This not only contradicts your claims of not selling your data or tracking you, but is also in violation of GDPR and CCPA

"We are committed to respecting and complying with applicable laws, including GDPR and CCPA. If you believe that we have violated your rights or the relevant privacy laws, you have the right to file a complaint."

Yes I will be, where's the complaint email address?

"feel free to DM us on @Blaze."

Hmm, no, that's not good enough. To comply with GDPR you need an actual email address and you must respond to all complaints within 60 days.

Hello Blazers,

We have changed our privacy policy to collect less information about you, especially the info that you optionally can give.

To learn more, visit https://blazeapp.net/privacy-policy

Thank you for your time.

Sincerely,

Blaze

comments