Act-On

Transparency in Data Processing Purposes

Act-On excels in providing clear information regarding the purposes for which it processes contact data. This transparency is crucial for users who want to understand how their data is being utilized. With an OPTI Base (Privacy) Score of 61%, Act-On ensures that users can easily access information about data processing activities, which is essential for compliance with regulations like GDPR and LGPD. Knowing the specific purposes helps users make informed decisions about their data sharing, fostering trust between the platform and its users.

Clear Data Retention Periods

Another strength of Act-On is its explicit communication of data retention periods. Users can find detailed information on how long their contact data will be stored, which is vital for compliance with privacy laws. This clarity allows users to manage their data more effectively and ensures that they are not retaining unnecessary information longer than needed. By understanding retention policies, users can align their data management practices with legal requirements, minimizing risks associated with data breaches or non-compliance.

Uncertainty in AI Data Retention

Despite its strengths, Act-On has notable weaknesses, particularly concerning its handling of AI-generated data. The platform does not specify retention periods for prompts and responses generated by its AI functionalities. This lack of clarity can lead to uncertainties regarding user privacy, as users may not know how long their data is being stored or how it is being used. For users concerned about privacy, it is essential to inquire directly with Act-On about these practices and seek assurances regarding the management of AI data.

Lack of Identification for AI Features

Another significant weakness is that Act-On does not clearly identify which features utilize AI in its privacy policy. This omission can leave users unaware of potential risks associated with AI functionalities. Users should be proactive in understanding which features may involve AI and assess whether they align with their privacy expectations. It is advisable to reach out to Act-On for detailed information on AI features and their implications for data privacy.

Absence of a Data Processing Agreement (DPA)

A critical area of concern for users is the absence of a Data Processing Agreement (DPA) from Act-On. Without a DPA, users may face challenges in ensuring compliance with legal frameworks such as GDPR and ISO 27701. This absence can expose users to risks related to data handling and processing. To mitigate this risk, users should consider discussing the need for a DPA with Act-On and explore alternative platforms that provide clear agreements to protect their data rights.

Practical Steps for Enhanced Privacy Management

To enhance privacy management while using Act-On, users should take specific precautions. First, review the settings related to data sharing and AI functionalities. Disable any features that are not essential for your marketing efforts, especially those that involve AI, until you have clarity on their data handling practices. Additionally, regularly audit your data retention settings to ensure compliance with your organization's policies and legal obligations. Finally, consider seeking legal advice to understand your rights under GDPR and LGPD, ensuring that your data processing practices align with these regulations.