Update Tuta product #214
Open
Update Tuta product #214
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
doamatto
reviewed
May 23, 2025
Collaborator
doamatto
left a comment
doamatto
left a comment
There was a problem hiding this comment.
Sorry for the late review.
| value = "yes-72" | ||
| notes = [ | ||
| "Tutanota is based in Germany so it is legally obliged to notify users of data breaches, but does not make any mention about if they will do so." | ||
| "Tuta is a German company, and adheres to German law which requires the company to notify users in case of a data breach. Tuta even informed users about a security weakness, which to the company's knowledge, did not cause any data being leaked: https://tuta.com/blog/vulnerability-fixed" |
Collaborator
There was a problem hiding this comment.
We err on the side of caution (and pessimism) — I have no doubts Tuta can and will follow the law, but if it's not explictly stated in the privacy policy or some other tightly linked document (like a whitepaper), then we can't grade it higher.
| "Insofar as we process personal data during the campaign analysis, this is done on the basis of Art 6 para. 1 p. lit. f) GDPR. Our interest in being able to evaluate advertising campaigns and to improve our marketing activities constitute a legitimate interest within the meaning of Art. 6 para. 1 p. lit. f) GDPR." | ||
| ] | ||
| notes = [ | ||
| "Note: The privacy policy has been misunderstood. Tuta does not collect personal data from third parties, but explains here how it handles user data in their own campaigns." |
Collaborator
There was a problem hiding this comment.
Admittedly, reading over the citation I'm struggling a titbit to grasp the exact "timeline". My understanding is :
- You click an AdSense ad or some other Google advert which brings you to
tuta.com/abc?utm_id=abc - Tuta stores the IP and user agent as a hash (probably to discern unique visitors rather than generic hits) alongside with the campaign ID from before and, if you came from a search, what you searched.
- After 72 hours, Tuta deletes all that information.. except after 72 hours what you searched can still be used for ad testing despite having been deleted ?
If that is the case, then I see no reason this couldn't be graded no
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of pull request: product edit
Related issues: N/A