Re Popia. Yes, we probably need to be more clear in the terms.
I am not a lawyer, but it seems it comes down to this:
- Communicate clearly what you collect and what you use it for.
- Don’t use that information for anything else than the intended lawful purposes.
- Have a plan of what to do should that info be leaked, and what to do to prevent it from leaking.
Now when the terms was written (a little cheekily, because legal documents are so boring otherwise), we did say “don’t use your internet banking password”. The intent behind that is that you should not use any password at all that you care about. If a breach ever occurs, they attacker should ideally get your email address (which he can already get from a hundred other places), and a useless password.
Further to that: The email address is collected for one reason and one reason only. We need a way to do password resets. That’s it. Yes, you can also get notifications of replies to your posts blah blah blah those are all secondary. We will not send you marketing material about deals in our “shop”… snigger…