Joyn Privacy Notice
This is not your typical Privacy Notice.

It is not a tick-box compliance exercise or CYA (cover-your-ass) legalese.

 

This is more of a Privacy Manifesto, because respect for privacy, fairness and user trust is in our DNA – and in the design of our platform, app and business model. It’s why we created Joyn.

Why?

Because social media is broken. Instead of connecting people and giving them authentic experiences and meaningful engagement, the major platforms have trapped us in ‘digital sweatshops’, reduced us to inventory, colonised our attention, weaponised our data against us, cyberstalked us, and turned children into ‘underage adults’ rather than full digital citizens. We created Joyn to fix this.

Who should read this?

Anyone who visits our website, beta-tests our prototype, attends a virtual or in-person focus group, workshop or event, or who corresponds with us including:

  • Potential impact investors, donors, mentors

  • Social entrepreneurs, potential Tech-for-Good and Privtech partners

  • Community organisers

  • Supporters, peers, friends and…

  • the Joyn-curious.

Now we’re just getting started, so bear with us. We’re not fully ‘there’ yet. That’s where you come in.  Your feedback, engagement and support now will help us get the traction we need to build something great. You can ‘be the change you want to see’ and help shape a better social media network.

 

We’re still building out our platform, so we’ll update this notice as required to let you know about changes to our practices or third parties, but our core mission and our commitment to privacy won’t change.

What is Joyn and how is it different?

Joyn is putting the ‘social’ back into social media, and users firmly in control of their data and their digital lives. We’re joining a growing Tech-for-Good and Privtech community helping change the Internet. And we hope you’ll Joyn us.

Expand the sections below to learn more about Joyn:

Privacy, fairness and trust are baked in
Your data, your control
Age-appropriate and accessible
A Privtech and Tech-for-Good ecosystem
Better data. Better engagement. More access. Less risk
Investments that stay true to your values and drive positive change
Okay, but don’t you still have to process some of my data?

Yes. We limit the amount of personal data we process to what’s necessary to ensure a good user experience and to run and maintain our platform. That’s why we’re building on the HAT and integrating Privtech from the start. And, as we get more funding we’ll be able to invest in additional Privtech.

Until then, we will need to process a small amount of your personal data as part of our user-testing and fundraising phase.

 

  • Users: At this stage, we only need contact details and de-identified analytics and survey/feedback information from potential users to demonstrate traction with potential investors and partners, to register user-testers and to keep you updated on our news (if you opted in) and improve our service. When we go live, most of your data will be in your HAT, which will double as a single sign-on, and we’ll verify your identity using a privacy-preserving online identification service or method.

 

  • Investors, partners, mentors: We’ll need info about potential investors, collaborators or partners, which we’ll get by researching publicly available information, networking and referrals (e.g. through B-Corp’s directory, LinkedIn, media coverage and personal introductions, when you reach out to us through platforms like Angel.co and Kickstarter), information they provide us, and by talking to you.

In the know

We’ll always be upfront about how and why we’re using your data. We won’t use it for reasons you wouldn’t expect unless the law requires us to or permits us to do so (e.g. where disclosing it could frustrate a fraud investigation or a legal claim). 

Sharing is (not) caring if you’re (not) okay with it.

We will never sell your data to third parties. It’s yours. And that’s not the business we’re in. The fact is, we won’t have much of it anyway. We’ll only share data that can identify you where it’s strictly necessary, there’s a lawful basis and we’ve informed you about it (unless there’s a lawful and legitimate reason not to inform you).

You can find more detail in our Privacy Promise and our Privacy Facts, below.

Who can I contact with questions or complaints?

You can complain to us, to our DPO or to the ICO. We’re a work in progress and we want to get this right, so we hope you’ll come to us first so we can answer your questions as fully as possible and quickly work to resolve any concerns or incorporate your constructive feedback. Here’s how and who:

 

  • Directly to Joyn via email.

  • Joyn’s DPO via email or telephone +44 (0) 1494 702127. Our DPO is Data Oversight Ltd. (UK company no. 11097478). ICO reg. no. ZA478259. Reg. address 15 London End, Beaconsfield, HP9 2HN.

  • The ICO directly via live chat or their phone helpline: +44 (0)303 123 1113.

Privacy Promise
 
Our Privacy Promise

We’re committed to: 

  • processing the minimum amount of personal data necessary

  • ensuring users remain in control of their personal data and how it’s used

  • ensuring our partners and vendors do the same

 

Whenever we process your personal data we’ll do so:

Lawfully
Fairly and transparently
For a specific purpose
With as little as possible and for as long as necessary
Ensuring it’s accurate, updated and complete
Securely
Within the EEA
Your Rights

You have a number of data rights under data protection law.

These rights apply to your personal data that we control, i.e. what you make public on our platform, what you share with us, or what we collect indirectly from you, such as when we’re researching potential partners or investors. All the juicy stuff will be in your HAT, which you own and control (and which we can’t access).

 

Plus, with the HAT you have more rights, because you keep your data, which you can re-use and re-share. You control and decide on what terms you’ll share data from your HAT in real-time.  Businesses can simply inquire into your data on a permissioned basis, without acquiring it and storing it, as and when needed.

Expand the sections below to understand your rights:

Access it
Correct it
Take it with you
Erase it
Object to its use
Object to Automated Decision-Making (ADM) where no humans are involved
Restrict it
Change your mind
How can I exercise these rights?

We’re planning to build a self-serve privacy dashboard, but until then, please send an email to privacy@joynsocialmedia.com with ‘DSAR’ in the subject line. 

 

We’re required to verify your identity and we’ll do this in a privacy-preserving way. We must respond to verified DSARs within one month. Note that these rights aren’t absolute, and there may be situations where we may refuse. If we do refuse, we will explain the reason and explain how you can challenge our decision or complain to the ICO. Find out more on the ICO’s website

Privacy Facts
 

This section gives detailed information about how we process your personal data.

When you visit our website…

We place necessary cookies on your device and optional performance and analytics cookies if you opt in. We also collect web logs and video analytics.

 

Our suppliers only process that data on our behalf and under our instructions. They’re not allowed to sell or use any of it for their own purposes, and they’ve signed legal agreements we can hold them to.

 

We use Wix to host our website, and we’re trialling a few privacy-preserving analytics tools: Hotjar and Visitor Analytics for analytics and feedback, though we will also try Matomo and Simple Analytics. We use Vimeo for video playback and analytics.

Why?

We use necessary cookies to help our website function and meet our legal obligations, e.g. website security, cookie preference management. We use optional performance cookies to remember preferences like selected language and improve performance.

 

We use trackers and cookies, web logs and other analytics tools to collect general traffic information, analyse trends and user behaviour and distinguish users without identifying them to get accurate visitor counts.  We use advanced video analytics for our videos to learn how people find your video, approximately where they are in the world, what types of devices they’re using, and when they drop off.

 

This helps us confirm we’re getting our message out and make it even better. It also helps us demonstrate user traction to potential investors and partners and tailor it to the demand so we can make our goal of creating a game-changing, profitable and impactful privacy-focused social network a reality.

 

We also collect and analyse web logs for security, fraud-detection and website operation purposes.

Click here for more detail on what we collect, why, and how long we keep it.
We’re not trying to identify individual users and we don’t sell users’ data

That’s exactly the kind of creepy Corporate Surveillance Joyn was created to combat. We’re track use and engagement, not users. We do all of our analytics anonymously wherever possible, or in ‘pseudonymised’ form.This means we can still identify you with some work and additional information, though we don’t intend to. The only exception is if there’s a really compelling legal reason and we can’t find reasonable alternative in the circumstances (e.g. to investigate and prosecute fraud or a cybersecurity attack on our service). We’ll only share it with the third parties listed in this notice for the purposes we describe.

We get it, you still may not want to be tracked or accept cookies

Don’t worry, they won’t be set unless you opt-in by ticking the boxes in our Cookie Dashboard. We’d be grateful if you did, but we get it if you don’t. We respect that. You can still give us feedback or engage with us in other ways, even if you do so using our anonymous polls and surveys.  

 

Here’s how you can prevent tracking:

 

  • Hotjar: You can opt-out of the creation of a Hotjar user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites that use it by following this opt-out link.

  • Visitor Analytics by Wix: You can opt out of user tracking by Visitor Analytics here. This will prevent Visitor Analytics and its app from getting your data, but it will still be available to us.

  • To opt out of or manage all tracking (across the web, including by Joyn): You can use a private browser like Brave, Firefox, or Onion Tor-based browser (note it blocks video feeds); tools like Baycloud Bouncer, Privacy Badger or Privacy Possum, or use any of the techniques described by the ICO here. Learn more about how to protect yourself online with these toolkits by CitizenLab and EFF.   

  • To exercise your other rights over this data, contact our DPO.

Sharing is (not) caring if it’s (not) necessary or you’re (not) okay with it…

We limit who receives your website data and why.

 

We share with our processors:

Wix (who hosts our website), Hotjar and Visitor Analytics by Wix, and Vimeo provide analytics tools. We’ll also try Matomo or Simple Analytics before we settle on a tool. We have a Legitimate Interest to share with processors as they help us provide the services and have taken steps to ensure we strike the right balance and ensure your data is protected:

  • We’ve selected processors that have good privacy controls that we have configured to make sure we’re collecting the minimum amount necessary and focusing on trends and big pictures, not individual users.

  • They store pseudonymous or anonymous data on our behalf. They understand that this is our data (and yours), not theirs, and they commit to never selling it or sharing it on.

  • Hotjar and Visitor Analytics have promised they will never use the data to identify individuals. but is prohibited from using it except on our behalf and according to our instructions.

  • We have signed legal agreements with our processors to ensure they commit to protecting our visitors’ data and only process it according to our instructions.

  • See their privacy policies for more information: Hotjar; Visitor Analytics by Wix; Simply Analytics; Matomo; Vimeo; Wix.

We share with potential investors and partners:

  • We have a Legitimate Interest to share a limited amount of personal data with potential investors to demonstrate user traction and share feedback to convince them that Joyn is a worthwhile investment and justify funding requests. They have a Legitimate Interest in validating information we provide and conducting due diligence. Like we said earlier, this data is generally aggregated and anonymous (or strongly de-identified) because we’re not looking at individuals, we’re looking at trends and traction.

In rare circumstances we’ll share with law enforcement, regulators, investigators, and external advisors:

  • (lawyers, cybersecurity experts) when we work with them to investigate a cybersecurity incident or criminal or regulatory investigation. We’ll only share identifiable data where it’s truly necessary or legally required and where reasonable alternatives are unavailable. The fact it, because we’re trying to collect anonymously there just won’t be a lot to share in any case, or someone would have to work really hard to identify the individuals.

When you add your email address to our waitlist, opt into email updates or sign up for user testing…

We use Ascend by Wix (for now) as our processor to manage sign-ups, email exchanges, contacts, your communication preferences (subscribe/unsubscribe, etc.) and to run email campaigns. We have connected a G Suite for Business mailbox and G Suite services (yes, it’s Google) that integrates with Ascend by Wix for our communications and contact management. Both Wix and Google are processors for this information and have committed to only process personal data on our behalf and under our instructions. Google says G Suite for Business is designed to meet the most stringent data protection requirements and Google has committed not to use data it processes for advertising or for its own purpose. It will only use as required to deliver the service.

 

We know, that’s what they say and it’s difficult to trust that Google’s made a change. Once we get more funding and after we’ve demo’d a few options we plan to switch to a more privacy-focused CRM built on Privacy by Design principles. So please bear with us for now!

Why?

Because we need information to communicate with users, waitlisters and anyone else who has signed up. We need to know how to get in touch with them and their communication preferences, and who is interested in user-testing versus who wants to wait until the product is ready to go. And for those who’ve opted in to get updates from us and other promotional information (marketing messages), we need those contact details and preferences for our email marketing campaigns.

Click here for more detail on what we collect, why, and how long we keep it.
How do I make it stop?

You can manage and update your communication preferences directly in the email message you receive by clicking the link in the message. If you don’t want your engagement with email content tracked don’t click the ‘load all images’ link in your email provider for that message. If you don’t have that function, you can contact our DPO to make the request. If you don’t feel like doing that and you’d like to follow a links, you can also copy the link and paste it in your private browser. We’ll still know which campaign led someone to view the content (unless you remove the ‘refer’ or ‘source’ or other prefix from the URL first), but we won’t know it was you.  We’re looking for ways to make this easier, and exploring whether we can just get aggregated engagement data.

Sharing is (not) caring if it’s (not) necessary or you’re (not) okay with it…

We limit who receives or sees your email address, contact details and communications to those with a strict need to know. Even then, we limit what we share to the minimum necessary and do so without identifying you wherever possible as a default.

 

  • Our processors Wix, Ascend by Wix, Google (for G Suite) and Microsoft (for Office 365 products) have committed to only process data on our behalf and under our instructions, and not to use the data for their own purposes.

  • When we do need to share, we limit who receives the data and what they can and can do with it.

 

For example, we have a Legitimate Interest in sharing data with potential investors and partners to demonstrate user traction and interest. They have a Legitimate Interest in doing their due diligence, in particular confirming we have real, authenticated users signed up to user test or on the waitlist, and that feedback we’ve received comes from real people, not bots or fake accounts or us. We don’t need to share actual email addresses and contact details for this purpose. We’ll always focus on aggregated data and metrics first and if an identity verification partner has verified the identities that should be enough (we’re working on that!).

 

If we are not at that stage they and if in the unlikely situation potential investors or partners feel they need to see actual email addresses and sign-up pages, we’ll ensure they are only able to view them for this purpose and for a limited time (e.g. with screen shots), and that they commit not to contact you directly or use the data for any other purpose.

 

  • You have a right to object to any of this sharing. If we’re unable to find an alternative, for example if you object to our use of G Suite and you’re not satisfied with a different communication channel such as Signal or our efforts to prevent you from being identifiable in our communications, we may not be able to continue to offer the service to you. If you object to an email address being shared with a potential investor (even if only a screenshot) we will consider ways to remove or hash your address.

When you respond to a survey or poll or a virtual or in-person focus group…

We use Hotjar polls and surveys and Ascend by Wix forms to get feedback from our website visitors and email subscribers. We are looking for a privacy-focused platform for virtual focus groups (probably a webinar tool) and will let give you updated privacy info before you participate in one of those. To protect your privacy and ensure more candid feedback, we’ll keep your feedback and contributions anonymous unless you want your comments to be attributed to you. Other participants must agree not to share identifiable information about you and your feedback without your permission.

Why?

We need to know that real people are interested in and trying out our platform. We need anonymised demographic data to understand which segments of the population are interested (age, geography, sex, accessibility needs, profession, purpose for using the platform, role (e.g. parent-child; teacher-student; etc.) so we can tailor our services to meet user needs.

 

And we want to get your constructive input on what you liked, what you didn’t, glitches, what changes you’d propose, etc. so we can improve the product. This gives you a change to help shape a game-changing social network and engage directly with its creators. Anonymous quotes and statistics on focus group participation will help us convince investors, partners and regulators that we’ve done our homework, and will help us justify design choices we make and the funds and resources required to make them.

 

We have a Legal Obligation to consult with stakeholders where possible when we do our Data Protection Impact Assessments, and we also want an array of voices to help us as we use optional data ethics and privacy tools like Consequence Scanning and the Data Ethics Canvas to help us consider and address privacy risks and ethical issues. We have a Legitimate Interest in getting this information to improve our service and make a case to investors and partners, and we strike the right balance by making it as anonymous as possible so information we process and share can’t easily be linked back to you (if at all).

Click here for more detail on what we collect, why, and how long we keep it.
Sharing is (not) caring if it’s (not) necessary or you’re (not) okay with it…

We use processors to process some of the information we process. Most of it is not identifiable in any case (without a lot of work), and the identifiable data is limited to registration data unless you choose to have feedback attributed to you.

 

  • For now we’re capturing that data in our G Suite application and , anonymised as much as possible.

  • Online polls and surveys: You’ll see Hotjar branding for any Hotjar polls and surveys. Ascend forms will simply appear as part of our website.

  • We haven’t yet selected our virtual focus-group tool but we’ll update you before you participate.

When we communicate with you about possible investment, collaboration, partnership or integration…

In some cases we’ve contacted you because we believe based on our own research or referrals that you may be interested in supporting Joyn by investing, providing mentorship or coaching, participating in user-testing, incubating our start-up or covering it in a podcast or article. 

Why?

We need investors and mentors to help us build our platform, journalists and influencers to help us spread the word, and like-minded integration partners in the Tech for Good and Privtech communities to help us turn our platform into a Tech for Good ecosystem that leverages and cross-promotes the great work already being done in this area. You may have reached out to us as well, for example after seeing our listing on Kickstarter or after being introduced through Angel.Co or a similar investor or incubator platform. In many cases we’ll be focused on company information, but we may have information specific to you as we try to generate leads.

Click here for more detail on what we collect, why, and how long we keep it.
Sharing is (not) caring if it’s (not) necessary or you’re (not) okay with it…

We use this information for internal purposes but we may share information with our investors or mentors as we update them on progress or if we need to demonstrate financing or traction. This will primarily be focused on company-level information but in some cases we may need to refer to individuals directly. We have a Legitimate Interest to do this and will limit what personal data we share and ensure it’s done securely. In some cases you may want us to share publicly. You have a right to object to this use of your data.

 

We rely on processors to process this data on our behalf. The information is stored in G Suite (for now), Office 365 (e.g. Excel, Word), and Wix.

Is it over?

Phew! That’s a lot for just a landing page and some comms. But such is life in our data-driven world. You’ll notice that we spent a lot of time talking about anonymous data and data-minimisation. It’s actually not a lot of data. But we know that ‘anonymous’ doesn’t mean what it used to in our hyper-connected world, and wanted to reassure you that we’ve really considered all the possibilities and we’ve taken strong steps to be data minimalists. 

 

As we continue to develop our platform and integrate more privtech, and once we can rely more on interacting with you through your HATs to inquire rather than acquire data, we’re looking forward to being able to shorten this privacy notice considerably. But for now, this is it. We think we’ve captured everything.

 

Feel free to reach out to let us know if we’ve missed anything or if you have questions or concerns. Meanwhile, we hope you’ll Joyn us on our journey to making the internet a better place.