Privacy · Email Marketing

Advice on privacy and email marketing

Tim Scott

September 6th, 2013

My question is about privacy. We've finished our MVP, and we are selling to prospective lighthouse customers. Our service entails giving our customers a link that they place in their advertisements. The link takes the consumer to our site where they join. A member will return to our site multiple times via ads of different customers. The customer gets value whenever the consumer performs an action on our site.

We're learning that our customers will be interested in obtaining the email address (and perhaps other info) of members that they refer us. Our privacy policy says we never share personally identifiable information of our members with anyone, but they have a case because:

a) it's their advertising money that gets us our members, and

b) by clicking their ad, the consumer has shown an interest in their brand/product.

We have good lawyers, but we're not especially savvy about the social and PR implications. I can envision three options:

1) Hold firm. Our members belong to us, and we guard their privacy. Hey, look at these wonderful analytics!

2) Offer an email marketing service to our customers. Send co-branded promotions to members who were referred by that customer and who also who opted in.

3) Change our privacy policy so we can share our members' info with the customer who referred them as long as they opt in.

Our customers will probably strongly prefer option #3. But does option #3 put us as risk of a PR death blow?  How would we even word the opt-in language?

Option #2 seems attractive for us because it locks in the customer. For the same reason, customers might not be satisfied with it.


Ken Carpenter Software Engineer at Arista Networks

September 6th, 2013

In my opinion, opt-in is the only viable option. 1. Sending email to members who don't want it will annoy them and ruin your reputation. 2. Sending email to members who don't wan it is a waste of their time and yours. 3. Members who opt in are MUCH more receptive to email marketing, so customers will likely get higher conversion rates. 4. I can't imagine why an opt-in would be a bad PR move, since you are being up-front (unless you're planning to not allow them to become a member without opting in, which would be crazy). Ken Carpenter

Harman Kochar

September 6th, 2013

You could add a checkbox (not checked by default is preferable) that gives the user the option of sharing details with advertiser (could also be worded as register simultaneously with advertiser, if makes sense). 

Jonathan Vanasco

September 6th, 2013

I'd go with another approach:

4) Hold firm and guard user privacy. But offer your partners a promoted + streamlined "One-Click" opt-in to their mailing lists.  Don't share any information other than an email address , unless the one-click pops up a registration form with a couple of EDITABLE form fields pre-filled.

Don't do the co-branded emails.  People will not like that, and use it as a chance to opt-out of your own emails.

Don't do #3 at all.  You will absolutely alienate users and come off as scammy.

There's a quick litmus test for co-branded signups:  Pretend you don't work for your company or potential partner.  Would you sign up for this?  How would you feel if you signed up and that data was shared?  No reasonable person would be pleased with option #3.


September 6th, 2013

Tim: Depending upon how big you can get to be, Option 3 is the best. There will be a lot of data much of which is not PII. If you collect enough the data becomes a product. Consumer behavior data sells. You could probably also do 2 with the understanding you will have to share the data with the customer but they may only use it for their own businesses and you may build a data base that is more diverse, robust and valuable. If you change your Privacy Policy, and you probably will have to in either 2 or 3, you will have an issue with existing customers but you can work around it if they keep opting in. Good luck. EJG

Tim Scott

September 6th, 2013

Just to clarify a couple points.  

We do not envision doing anything without opt-in.

When I say "co-branded" email marketing, I mean that it would come from us, but the content would be promoting a product or offer from a third party. We are kind of an aggregator, so it should seem pretty natural to the consumer who has already opted in.

It's interesting, some of you say "absolutely #3" and other say "no way #3".

Jonathan Vanasco

September 6th, 2013

I don't see differing thoughts, just differing conversations:

Harman Kochar implied a per-advertiser opt-in ( via the co-registration ).  I support that idea too.

Edward Gildea talked about creating products out of non-PII data ( personally identifiable information ) -- which isn't what you're talking about.

Ken Carpenter seems to be talking around the issues ( but I generally agree with what he says ).

Just to clarify my point:

- I think Co-Branded marketing can be dangerous if done improperly.  It can be very effective and have great open rates + is a great premium sales item ( like what Ken said ). The problem is that every email out from you has an unsubscribe button -- for your core list.  If you have multiple campaigns, you need a lot of internal overhead to ensure you're not overloading these people with messaging ( ie, 1 marketing email per 7 days, max)

- You have 2 ways to "opt-in" someone. 

Type A - Implicit Opt-In.  This is what your question seems to ask for approval on.  You amend the Terms of Service to allow you to share data with Partners.  Someone clicks the "ok" button when they register, or misses a TOS change and is converted over, then forgets about it.  Whenever they click an ad, you automatically share their info without confirming with them.

Type B - Explicit Opt-In.  If someone clicks on the ad and signs up for your site or promotion, they can select/deselect a checkbox to explicitly share that data back to the partner.  That explicit opt-in is valid for that advertiser and that advertiser only. 

I'm against Type A, and every PR backlash I've seen has been on that model.

Type B is the industry standard for co-branded promotions ( publishers , major brands, etc ) 

Also , with the "TypeB" Explicit Opt-In , you generally don't amend your own TOS/PrivacyPolicy; instead you add a quick clause /disclaimer onto the registration form that supercedes your TOS.  it's usually something quick that states "after registration, the information exists in 2 places , and they're opting into the other company's TOS too".  

Last note on the co-branded stuff -- if you're passing the partner the email addresses, you generally want to have the checkbox pre-selected.  It increases your list size , and you're not sending the messages so Conversion Rates and OptOuts aren't your problem.  If users get annoyed, the partner's "new" mailing list suffers.   If you're sending the emails yourself, you generally want to have the checkbox unselected -- because the emails are coming from you , they'll be linked to your opt-out pages.   if users get annoyed, your core mailing list suffers.