Both SLASCONE's licensing and analytics module require your software to communicate over the internet with the SLASCONE API and transmit installation, licensing and analytical data. This naturally raises legal considerations about data privacy.
This article gives general data privacy guidelines concerning your software's connection to SLASCONE. It is by no means a legally binding document. Such a document depends on the laws of your operating country and those of your end-customers.
LICENSING - ACTIVATION
As a vendor, you have the right to enforce a license activation or validation over the internet (without allowing an opt-out). You just have to make sure that the process is clearly described in your Terms of Services or End User License Agreement.
Here is a sample formulation:
When you activate <YourProduct>, a specific product key is associated with the device on which your software is installed. The product key (and data about the software version and operating system of your device) is sent to <YourCompany> to help validate your license to the software. This data may be sent again if there is a need to re-activate or validate your license, or to validate your session (in floating license scenarios).
ANALYTICS - TELEMETRY
While online licensing and activation are almost industry standards, data privacy gets more complicated when collecting usage (analytic) data, also commonly known as telemetry data.
The collection of telemetry data can raise at least three relevant concerns for users of that software, as described here:
- Individual data privacy: Does the telemetry data lead to the ability to track or uniquely identify the user? Even if it doesn’t, does the telemetry data otherwise include some form of personal information that is subject to laws and regulations, or even just that the user doesn’t realize is being shared?
- Awareness of collection: Does the software ensure that all relevant users and installers of the software are aware of the telemetry data collection, before it is enabled? Is it opt-out or opt-in? Can notices or consents be inadvertently bypassed when the software is installed through automated means?
- Security of collection mechanism: Does the connection to an external API open up any inadvertent security vulnerabilities? Could those vulnerabilities be present even for users who refuse to enable telemetry data?
SLASCONE's (usage) analytics functionality is generic, which means that you as a vendor can collect any data you want from your installations. In other words, SLASCONE can be seen as a database. Therefore, it is your responsibility as a vendor to make sure that the collected data comply with data privacy regulations.
However, usage analytics are typically used to collect data about the usage of specific product features and modules. Here is a sample formulation for such a scenario:
When you use <YourProduct>, activity data such as when a session started on a device, how long it run and which product features were used or how often they were used, may be collected.
All analytical data collected through the API is associated with a specific license token, i.e., the license token is the lowest granularity level. Based on that, data can be analyzed in aggregated form (e.g., license, customer). Please note that depending on your application (B2B/B2C, web/desktop/mobile) this may enable the unique identification of a user.
OPT OUT MECHANISM
In any case, it is recommended to ensure that your end-customers can opt out of telemetry data.
SLASCONE is a modern, multi-tenant, cloud native application, enabling you to choose the residency of your data, based on Microsoft Azure's availability zones:
All data is transmitted to the SLASCONE API in encrypted form, using TLS and HTTPS. This is standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.