We selected to inspect Google (not including Postini, which offers e-mail security services) and Evernote. Their privacy policies can be found here and here, respectively. Although the services the companies provide differ quite a lot, they both handle a lot of private information.
Google very likely needs no clarification.
Evernote is a service that provides note taking in a cloud. Users are able to sync their notebooks across various devices including desktops, mobile phones and different mobile gadgets. It is used by millions of users across the planet. This company is operating in an highly competitive market, for example Google itself had a similar service called “Notebook” but then its development was shut down due to management of the company thinking that it was not promising for Google. Other services do exist as well, but Evernote is known to be a ‘de facto’ leader in note management.
There is a possibility to open company-wide accounts called “Sponsored” where all members of a certain institution can be participating in updating one single database of knowledge/valuable information. Various companies use it for conducting research and sharing crucial for their business information, which possessed in wrong hands can cause serious damage to the enterprise. In this case the privacy of information stored in Evernote is very important.
Privacy policies typically contain information on how the business gathers, handles stores and distributes data they may receive from their users. In general, companies usually reserve the right to distribute the data to their partners (variations on the amount of given data), declare that they are taking measures against not giving the data out unintentionally to third parties (both through network or physical) and which laws they apply in their operations (for example the legislation of USA). Privacy policies can differ quite a bit depending on the operating range of the business, since usually smaller companies do not focus that much on those issues due the smaller customer base. When the business grows, it is more likely that the company draws unwanted attention from hackers or that they start to expand their operations and distribute the gathered data to their associates, which might then lead to problems with the customers.
Evernote mentions one interesting detail in their privacy policy:
“Evernote may allow third party business partners that display advertisements on some of our web pages to maintain their own cookies on your computer. These business partners do not have access to Evernote's cookies and their use is subject to their own privacy policies.”
In our opinion it might be a threat to user’s policy since cookies are known to be a possible gateway for attacks.
Another point which drew our attention was the following:
“Evernote complies with the U.S. Federal Trade Commission (FTC) Children's Online Privacy Protection Act (COPPA), which requires us to inform parents and legal guardians about how we collect, use and disclose personal information from children under 13 years of age.
Evernote is not currently directed to children and we currently require users to verify that they are at least 13 years of age upon registration. We will not knowingly collect personal information relating to children under 13 years of age, and if we learn that we have inadvertently done so, we will promptly delete it.”
Although Google very likely operates with minors below this age, they had no mention of this matter in their privacy policy. It could be, that one below the age limit is not able to register him/herself with Google services, but it still seems quite odd that they do not state it openly. Some of the services Google provides (e-mail, search engine) are bound to relate to minors, so it remains unclear how Google handles those situations.
More or less, the privacy policies of these two companies share same points and provide comprehensible information for those who may be interested in reading them. Google provides strictly structured points of their view of privacy that users of their services have. Also, Google mentions service-specific sets of policies. Evernote, on the other hand, has a more detailed policy published on their site, but it is also clear and mostly easy to understand. Both of these companies probably spend a reasonable amount of money on lawyers who carefully think about every word in the policies that they have. In general, it seems that Google is more strict with the distribution of the collected data, but as Google has more partners as Evernote, the result is still the same: a third party might always know something that you wish not.