FAQs

Enter your question in the search field or browse through the whole list.

 

Business

The Personal Data Store (PDS) is an encrypted data locker dedicated to one specific user. The PDS holds the personal data of a user and is hosted in a secure data center in the EU or in Switzerland. Each PDS is secured by a user password that only the user knows. No third party can ever read or access the data without that password, not even BitsaboutMe.

Category: Business

The PDM is completely separated from your individual Personal Data Store (PDS) and connected via our Consent Management System (CSMS). If you decide to share your personal data profile under clearly defined terms and conditions then these data profile will be uploaded from your PDS to the PDM. The PDM is the online marketplace where your data is put to work. In the PDM the data is anonymized  and decrypted – otherwise it is unusable. Those data processors that you grant access to your personal data profile can access it for analyses.

The PDM is part of the next phase of BitsaboutMe and currently only used for debugging purposes.

Category: Business

 

Traditional model
(Google, Facebook, etc.)

BitsaboutMe

Business model: Selling user data, the consumer is the product. Business model: Service provider, enabling consumers to monetize their own data for a commission.
Privacy as after-thought Privacy by Design
Consumers give away the rights on their data by signing the user agreement. All data always belongs to the consumer. BitsaboutMe cannot touch, see or sell the data.
Data is stored unencrypted in order to data mine and monetize it. All data is encrypted, only the user has the key to decrypt it.
Data is used to build user profiles which are then sold to advertisers. Only user initiated analysis is done on the data. User profiles are curated by users and only shared by them.
Little control over data, extracting and deleting data is made cumbersome. Full control at all times, straight forward extraction and deletion.
Data controllers bag all revenues from data sharing/selling. Consumers earn revenues from sharing their data, BitsaboutMe gets a commission for the sale.
Category: Business

We sell services – not data. We charge companies when we build automatic connectors to their IT systems, in order to make data export easier for you and for them.

In the long term we will become an online marketplace (ala eBay) for personal data, where you can decide to share your personal data profile with data processors (Universities, Market Researchers, App developers, etc…) some of which are willing to pay you for specific access. On this platform, data can be accessed only for the agreed purpose but not extracted and used in ways that you cannot control anymore.

If you explicitly agree to provide this access, then we manage the transaction and make sure that it happens according to the agreed terms in a save and secure way. If the data processor pays you for the access, then we will take a commission of that transaction.

Category: Business

Privacy

Your password is used as a master key to encrypt all your personal data. If we wanted to offer a convenient way to reset this password (e.g. via security question) we either would have to store your password somewhere on our site or store your personal data unencrypted. We consider both options as not secure enough for a Personal Data Store containing highly private and sensitive information.

The flip side of this enhanced data security is the obligation to select a strong password and to make sure you remember it.

Categories: Privacy, Technical

Your data is stored in a Personal Data Store (PDS) on an encrypted DB (SQLlite) hosted in a high security Swiss or French data center. We host a separate (SQLlite) data base for every user. Your data in the PDS is not mixed with others’, it is a private storage space exclusively for you. The data in the PDS can only be accessed by you with your personal key while you use our services.

Category: Privacy

In order to understand the usage of the product and to constantly improve it, we have to collect some basic statistics on usage. When we collect those we always respect the “Privacy by Default” principle. We will soly use them to improve our product and never to profile you for whatever purpose.

Hence by default all stats are collected anonymously. That means we know the numbers but cannot link the numbers to a specific user.

We will offer the option to opt-in to sharing statistics (never the content of your personal data) on an account level. That would help us a great deal to understand how the site is used by different types of users. Especially in the beginning we hope that you trust us with your stats and help us to improve the product as quickly and efficiently as possible.

The statistics that we track are:

  • What automatic data imports you used
  • Total size and number of records automatically imported and their status (Delete, Secret, Private, Share)
  • Which data holders you have requested your data from in the offline process
  • App/Web usage (page views, clicks and time spent) via privacy protecting open source tool Matomo (formerly Piwik)
Category: Privacy

Every data record in your PDS can be stored in 3 different modes:

Private: Default setting for all the data you import into your PDS.
Share: Data that you are willing to share under conditions you define. Currently the only application is that you can make parts of your data accessible to us for debugging.
Secret: Events that are only displayed, if the “Secret” mode is enabled. These are things you want to always keep for yourself and not accidentally show or share with anyone else, e.g. your Google searches on a health issue. Secret events are not displayed in the graphics and cannot be shared in default mode.

You have a checkbox in the menu on top of the page to select “Show secret events”. If selected, all data (incl. secret events) are displayed. As a default, this setting will be set to “off” every time you log in, in order to avoid that you accidentally share sensitive data. You can change the mode for every individual data record under Stats/Details.

We have introduced this differentiation, to account for your different privacy needs.

Perhaps the novelist Gabriel García Márquez was able to foresee the issue at the heart of the privacy debate today when he said: “All human beings have three lives: public, private, and secret.” We have our public life, which is what we willingly do and share with others in a wide range of social settings. There is our private life, which we reluctantly give away in the hope that it is not fully revealed to the world or to those who shouldn’t see it. Finally, there is our secret life, which, for now, can only be found offline.

Category: Privacy

No, we do not and we never will. Even if we wanted to, it would be impossible, because the data is encrypted and only you can access it.

That does not change even if BitsaboutMe would be acquired by another company. The data is and remains yours independent of corporate ownership.

Category: Privacy

Yes, you can export your data. We are an open platform and comply with the EU General Data Protection Regulation (GDPR). You can manage and extract all of your personal data. You find the export functionality in the account section.

Category: Privacy

Yes, if you choose to do so with no questions asked. After you do this, there is no way to restore it other then starting again from scratch and re-importing what various data holders are still storing about you.

Category: Privacy

Currently we do not offer actual editing of the data. What you can do is to delete false data. In order to correct it at the source you have to work with the data holder where the data originally came form.

Category: Privacy

We only use session cookies (definition). They are needed to manage the encrypted communication between browser/app and the server. Those cookies are automatically deleted when you close your browser.

We do not leave any data trails behind. This is the reason why you do not see a cookie disclaimer on our site. We also do tracking in Matomo (formerly Piwik) deliberately without cookies. We believe that this is the maximum we can do to protect your privacy while you use our service.

You will never find any 3rd party cookies on our site that are used to profile users and then to sell that data to advertisers.

Category: Privacy

Yes we are required by law to log this information and to store it for 6 months.

Category: Privacy

Technical

Your password is used as a master key to encrypt all your personal data. If we wanted to offer a convenient way to reset this password (e.g. via security question) we either would have to store your password somewhere on our site or store your personal data unencrypted. We consider both options as not secure enough for a Personal Data Store containing highly private and sensitive information.

The flip side of this enhanced data security is the obligation to select a strong password and to make sure you remember it.

Categories: Privacy, Technical

The data is stored remotely for three reasons: storage capacity, universal access, processing power. This is not a cloud solution in a narrow sense, but an infrastructure rented from the world’s third largest hoster OVH, which we manage independently.

We envision that your Personal Data Store (PDS) will grow over time. Maintaining local versions of the PDS on all your devices in addition to a remote backup, would take up a lot of storage space, which especially for mobile devices quickly becomes unfeasible.

With our solution you can access your personal data from any device, with full end-to-end encryption. The central PDS ensures that the data is always up to date, safe and secure.

And last but not least, data processing needs a lot of computing power and especially for larger data sets is done much faster on a server than on a smartphone or in a browser.

To ensure that data never leaks out of the PDS, all analysis can only be performed when you are logged in. After you have logged out, the data is encrypted again and unreadable.

Category: Technical

For the PDS we use SQLCipher. SQLCipher is an open source extension to SQLite that provides transparent 256-bit AES encryption of database files. In the mobile space, SQLCipher has enjoyed widespread use in Apple’s iOS, as well as Android for quite sometime.

For the communication with our servers we use only HTTPS end-to-end encryption.

Category: Technical

In an end-to-end encrypted environment debugging of specific constellations becomes a challenge. We cannot reproduce a users’ bug with encrypted data. Hence when a bug occurs we ask users, if they are willing to share with us the underlying data that caused the bug. User do this by putting data visibility to “Share” (with BitsaboutMe) for the data concerned. Only then we can try to reproduce the issue and fix it. During that process, your data is of course treated confidentially by the BitsaboutMe-team. Once a bug is fixed, the visibility of the data is set back to “Private”.

Category: Technical

There are 3 different options to delete your data:

  1. Delete individual data records. There can always be records of data that you do not want in your PDS. You can delete those in the “Details” tab of the “Stats” section of the site. Here you can use filters and select any number of records to be deleted.
    The data in those records is deleted and only the key of the respective record is kept, in order to prevent the same record to be imported again, the next time the respective data source is synced.
    Please be aware that deleting data in the PDS does not delete it at the original source. To do this, you have to manage it directly at that source.
  2. Delete an entire data source. You can do this on the “Data Sources” screen by selecting the respective card, and then selecting “Disconnect data source” on the screen.
  3. Delete all data and close your account. This is the nuclear option to remove all traces. In order to this, please write an email to privacy@bitsabout.me
Category: Technical

When you connect your email account to your PDS we do this read-only. The email on your server remains unchanged. Also, your email account always remains private and only accessible to you unless you explicitly decide to share parts of it.

If you are having problems connecting your email account, it can have a number of reasons.

Your account or password is wrong

BitsaboutMe needs the same credentials that you use e.g. to connect your smartphone to your email. If in doubt, you can double check your login and password combination by login into your webmail client of your provider with those credentials.

Your email provider is not supporting IMAP

Unfortunately there is nothing we can do in this case. Other protocols do not allow for read-only access.

We cannot determine the configuration of your provider

We have configuration information for all major providers. If your email provider is not included in this, please send us an email with your address, so that we can investigate and try to add it.

If your problem is not resolved, please report it directly in order to help us fix the issue.

Category: Technical

No, all data is deleted permanently and physically in the PDS. We have no way to restore it on our side.

Depending on how you manage your data at the individual data sources, you might still have a copy on the data controller’s site. If that is the case, then you can reconnect the data source and import it again into the PDS. All modification to that data, that you did in the past, will be lost and you have to start over to manage it on a record level.

The same method needs to be applied, if you wanted to revoke individually deleted data records of a specific data source. To do this you would have to disconnect the entire data source and reconnect it again, in order to import the full set again.

Category: Technical

You did not find the answer to your question? Then do not hesitate to contact us at support@bitsabout.me or on