Here’s is a look back at the privacy-related changes and milestones of the Healthchecks.io website. If you also run a small SaaS, feel free to compare the notes. If you have suggestions or questions, please let me know!
Jun 2016, Published Terms & Conditions
I was adding a PayPal payment option, and PayPal additionally required the site to have Terms & Conditions.
I used TermsFeed to generate a generic Terms & Conditions document for $50.
Leading up to the GDPR coming into force, I was looking at what I needed to do to prepare. On the technical side, the site seemed to already be in good shape. It was not using any advertising or tracking cookies. It was not collecting any unneeded information. It was using the collected information only in the intended way (email addresses to send notifications, phone numbers to send SMS notifications, etc.). The “Close Account” function was there, letting users remove their data from Healthchecks.io systems at any time, without assistance from Support (me).
Mar 2019, Implemented Inactive Account Deletion
Data is not an asset, it is a liability.
I implemented a system that automatically removes abandoned accounts. If an account is inactive for a full year, the system sends an email notification. The notification basically says, “Sign in in the next 30 days, or we will delete your account”. If the account is still inactive 30 days later, the system deletes the account.
There is a neat side-benefit to sending the deletion notices: they can sometimes “reactivate” old users. I haven’t investigated how often that happens, though.
Jun 2019 Stopped Using Cloudflare Load Balancing
I started running my own Haproxy instances on bare metal servers. I did this mainly because I wanted a better and lower-level control of the load balancers. But it also improved the privacy aspects: Cloudflare was no longer proxying my traffic. I’m still using Cloudflare as a DNS provider to this day.
Note: I was and still am a fan of Cloudflare. Nevertheless, there is one less thing to worry about GDPR-wise if the traffic does not go through them.
Sep 2019, Improved Database Backups
Every day, the database server creates a full database dump, encrypts it, and uploads it to an S3 bucket. It does this in a cron job. (And, of course, I have monitoring set up for the cron job!)
I made a few DevOps-y improvements there:
- Moved the storage location from
us-east-1(N. Virginia) to
- Added a lifecycle rule to delete backups older than 45 days. That’s one less thing I need to do manually every month!
May 2020, Statuspage.io Cookie Saga
I’ve written a separate blog post about this, but the short version is: I discovered that status.healthchecks.io sets tracking cookies. That was not OK. Several months and several hundred emails later, Atlassian removed the tracking cookies.
Jul 2020, Migrated Email Sending to AWS EU Region
Healthchecks.io uses AWS SES to send email notifications. Like backups and S3, I decided to switch from
us-east-1, their default region, to
eu-central-1. I was not aware of Schrems II at the time; I only wanted to move the SMTP servers closer to my servers for reliability.
There is a privacy benefit on the paper, although I’m sure AWS engineers in the U.S. can access AWS infrastructure in the EU, so the Schrems II concerns still apply.
Sep 2020, Removed Customer Data From Accounting Reports
I outsource Healthchecks.io accounting to a local accounting company. At the start of every month, I collect all invoices and bank statements and send them off. They process the documents and prepare the tax reports.
I realized that some of the statements contain personal information. For example, PayPal’s monthly statement contains customer names and email addresses. I checked with the accountants, and they confirmed they don’t need the names or emails for anything. So, I started scrubbing the personal information from the statements before sending them each month.
Nov 2020, Closed ChartMogul account
In light of Schrems II, I was reviewing the list of Healthchecks.io data sub-processors based in the U.S.; there were four:
- Amazon (emails)
- Twilio (SMS, WhatsApp, voice calls)
- Braintree / PayPal (subscription management, CC and PayPal payments)
- ChartMogul (revenue analytics)
The first three were essential and not easy to replace. ChartMogul, however, was merely nice-to-have. It was also the only one with no mention of Standard Contractual Clauses anywhere in its Data Processing Agreement. So I decided to stop using it and closed my account.
Dec 2020, Migrated from Zoho Mail & GMail to Fastmail
For receiving and sending email at firstname.lastname@example.org, I had cobbled together a Zoho and Gmail setup: Zoho was receiving email on my custom domain and forwaring it to my personal Gmail address. This was back in 2015 when the service was not yet generating any revenue.
This winter holiday break, I moved email hosting to Fastmail ($50 / year). It’s a simpler setup, and I am more comfortable as a paying customer of Fastmail than a free user of Zoho and Google.
And this is where we are now. Now, why do I care about privacy anyway? I’ve thought about it.
In my experience, a company’s privacy practices are an indicator of its general “wholesomeness.” An obnoxious cookie banner is a sign of more dark patterns to come. On the other hand, privacy-first companies tend to treat their customers with respect in other aspects as well.
This corner of the codeverse is mine to decide where engineering steers towards, and this capability is extremely precious to me.
And, with that, thanks for reading!