Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Merits 9 from 7 users
Re: Foundation Passport (FE) hardware wallet review and walkthrough
by
zherbert
on 13/09/2022, 02:04:10 UTC
⭐ Merited by n0nce (2) ,Pmalek (2) ,dkbit98 (1) ,vapourminer (1) ,WhyFhy (1) ,JayJuanGee (1) ,DdmrDdmr (1)
Hi all, I have been summoned to this thread, and I appreciate all your comments and discussion! I lurk here from time-to-time but will make a more intentional effort to reply to comments in this thread. If you have any questions, please send my way! And thank you to n0nce and dkbit98 for being especially active.

Regarding our privacy policy – we currently have our Wordpress + WooCommerce instance set to automatically clear personal data from orders 60 days after shipping. For cancelled orders, those clear automatically after 30 days.

We do download, encrypt, and store data offline for sales tax reporting (typically need the zip code for each order) and for warranty/repair requests. If someone contacts us 6 months after ordering, for example, we need to be able to look up the order details and confirm they are a customer in order to send a replacement device. I hope this is reasonable, as it is necessary to store some information when operating a business where customers are buying a physical product.

We are working on an internal "vault" tool that will allow us to automatically encrypt all customer data and rate limit + audit internal requests to view that data. That will be live internally sometime next year, and will allow us to more aggressively purge data from Wordpress + WooCommerce.

We self host a lot – Wordpress, our own mailing list, our customer support center, even our internal video chat tool and scheduling website. But we do sadly rely on some third parties. First is Google, who we use for company email. This means any interaction with our customer support team has emails stored with Google.

Second is our outgoing marketing emails – we do not host our own email server, so we use Mailgun for SMTP. They log messages for 2 days (I believe).

Therefore, in our official privacy policy, we legally are required to say that we share data with third parties for marketing reasons – because we use Mailgun for SMTP for marketing emails.

We 100% do not sell your data to marketing companies or anything like that.

We have a new privacy policy going live soon that better details the exact systems we use.

As always, when buying a hardware wallet, we recommend providing as little personal information as possible. As an American company we may be required to comply with law enforcement requests (though we'd fight any request as hard as possible).

Our blog actually lays out some posts on how to preserve your privacy when buying a Passport:

Buying a Passport with PayJoin and general privacy tips: https://foundationdevices.com/2022/03/passport-coinjoin/
Using Bitcoin more privately: https://foundationdevices.com/2022/05/interacting-with-bitcoin-privately/

Thank you for reading and please send your questions!