Thanks for the useful widget.

I'm reading your terms of use (http://www.plaxo.com/support/tos_widget) for this and it says:
User Information; Plaxo Policies
Plaxo will retain custody of all data and information collected or obtained by Plaxo through the Plaxo Network from users of Widgets in conformance with Plaxo�s posted Terms of Service and Privacy Policy and, as the same may change from time to time (together, the “Plaxo Policies”).

Looks like this means that Plaxo saves and keeps all the private emails the users import from their email accounts with the widget.

If this is indeed the case, it raises some serious privacy concerns.

Can you please clarify your policy on this, and how the terms of use reflect this policy?

Dan - the section you have referenced comes from the "User Information; Plaxo Policies" section of the Widget TOS. The purpose of that section is to make it clear to site operators who wish to offer the Plaxo Widget to their users, how those user's information is used.

As the section describes, information processed by the widget is processed through Plaxo. Obviously, during this processing the information is flowing through our systems and we therefore have "custody" of the information during this time period. But this does not mean that Plaxo owns the information or is free to use that information in any fashion.

On the contrary, as the "User Information; Plaxo Policies" section describes, the usage of the information flowing through the Widget is governed by the same Plaxo Privacy Policy that governs how a Plaxo member's information is used.

Under this privacy policy, Plaxo does not own your information. Your Information is your own and you decide who will have access to it. Plaxo will not update or modify Your Information without your permission, and Plaxo will not sell, exchange, or otherwise share Your Information with third parties, unless required by law or in accordance with your instructions.

As for retaining a permanent copy of private emails (addresses) the user imports using the widget, this may occur if the user elects to become a Plaxo member after using the widget. Otherwise, the interaction becomes transactional and all of user's information is discarded at the end of the transaction. But if the user elects to join Plaxo, their information continues to be preserved in a new created Plaxo account and governed by the Plaxo Privacy Policy.

I hope helps to clarify and address any privacy issues you may have. If not, please let me know.

Thank you,

Stacy Martin
Plaxo Privacy Officer
privacy @t plaxo.com

As the section describes, information processed by the widget is processed through Plaxo. Obviously, during this processing the information is flowing through our systems and we therefore have "custody" of the information during this time period. But this does not mean that Plaxo owns the information or is free to use that information in any fashion.


The Terms of Use say "retain custody" which as far as I understand is an opposite of "custody during this time period". Reading the terms of use, I can understand that the data will be "permanently saved" by Plaxo.

Also, although Plaxo doesn’t "own" the information or has rights to "use" it, merely "saving" it on record raises privacy concerns (the very recent AOL privacy problems are a good example).



As for retaining a permanent copy of private emails (addresses) the user imports using the widget, this may occur if the user elects to become a Plaxo member after using the widget. Otherwise, the interaction becomes transactional and all of user's information is discarded at the end of the transaction. But if the user elects to join Plaxo, their information continues to be preserved in a new created Plaxo account and governed by the Plaxo Privacy Policy.


This sounds good, but I think your Terms of Use should reflect this. There is no mention of "interaction becomes transactional and all of user's information is discarded" – just “Plaxo will retain custody”. I believe the Terms of Use should be made clearer - I think it should say something like "No passwords, email addresses or other data obtained through the use of the Plaxo widgets will be saved by Plaxo, unless you request Plaxo to do so".

Currently, there is a big discrepancy between what the Terms of use say and your explanations here, and at the end of the day, the terms of use are what counts.

Privacy is becoming a very important issue for the users (especially now), and I think your terms of use should be less vague about what you do and do not save.

The Terms of Use say "retain custody" which as far as I understand is an opposite of "custody during this time period". Reading the terms of use, I can understand that the data will be "permanently saved" by Plaxo.

I'm sure you will agree there is no mention within the TOS of any "permanent storage" of information processed through the Widget, so I think it is incorrect to conclude such action will occur. The truth as I mentioned is, it does not occur unless the user chooses to create a permanent Plaxo membership account. We could attempt to explain in greater details the various senarios, but then we run the risk of creating a TOS which is overburdened with either legal or technical jargon.

In the end, we chose to keep things factual and simplistic. "Plaxo will retain custody of all data and information collected or obtained by Plaxo through the Plaxo Network from users of Widgets...", is true. There is no time period specified because it will vary depending on the situation and interaction. If people wish to (understandably) assume the worse scenario, they can base their decision to use the Widget based on this assumption. Regardless, what ever time period they assume, they are still protected as to how their information is used by the overall Plaxo Privacy Policy.

Also, although Plaxo doesn’t "own" the information or has rights to "use" it, merely "saving" it on record raises privacy concerns (the very recent AOL privacy problems are a good example).

I agree, but this is an issue for any 3rd party that processes information of users. For example, when you send an email to someone, that email is likely processed through a number of different 3rd party systems as it works its way to its final destination. Most people are probably unaware of this fact and that while those systems process their email, they essentially have "custody" of that information during that time period, and therefore subject to the same type of privacy concerns. Our TOS simply attempts to explicitly highlight this fact, hopefully allowing people to make more informed decisions.

I think it should say something like "No passwords, email addresses or other data obtained through the use of the Plaxo widgets will be saved by Plaxo, unless you request Plaxo to do so".

Of course I'm not saying our TOS could not be improved. I appreciate your suggestions and comments and may look to incorporate them into any revisions we make to the TOS or Privacy Policy in the future.

Thank you,

Stacy