New terms policy

owen_sparks

Hi folks.

I had to accept an "optional" privacy policy to be able to get into Onshape today.  Was that deliberate / legal?

Cheers,

Owen S.

noa

Hi @owen_sparks,

As with any software product, acceptance of our Privacy Policy and Terms of Use is required for use of the product. Your subscription to Onshape communications (e.g. marketing emails) is optional and can be changed at any time as described in the Privacy Policy.

If you have any questions, don't hesitate to email us at privacy@onshape.com.

Best,
-Noa

john_rousseau

Hi @owen_sparks. Here's a little more information in the hope that it helps you and some others.

The EU's GDPR regulations, which went into effect on 25 May 2018, specify how we can collect and use your personal information. Your email address is considered personal information and we use that email address to authenticate you to our service. GDPR requires that you provide “freely given, specific, informed and unambiguous” consent for us to collect and store that information. That's what we needed by having you check that second checkbox. The first checkbox was that you accepted the updated Privacy Policy that contained the legal language around GDPR and how we handle personal information. By not obtaining your consent, we would be in violation of GDPR regulations.

As Noa mentioned, the marketing communications are "optional". The consent to collect your personal information and acceptance of our Privacy Policy and Terms of Use are not.

The changes in the Privacy Policy were outlined in the mail sent to all our users. 

We decided to extend GDPR protections to all our users, not just the users that we identify as being EU "data subjects", because we think this is the right thing to do. Our Privacy Center (https://www.onshape.com/privacy-center) attempts to explain, in clear language, how we handle your personal information. I'll happily take any feedback on how we can make the Privacy Center language better.

Thanks
-John

owen_sparks

@noa and @john_rousseau

Thanks for the quick replies.  I trust OS with my data but take a few issues with how this is implemented.

GDPR is about gaining consent to store information.

As Noa mentioned, the marketing communications are "optional". The consent to collect your personal information and acceptance of our Privacy Policy and Terms of Use are not.

This was in no way optional, without checking the box there was no way to continue to your documents. 

Having briefly reviewed the policy doc Noa linked to I'm still at a loss as to how to change my preferences.  It certainly didn't seem to a link buried in the policy text nor does it appear in the my account preferences...

The bit I objected to, and foolishly didn't screen grab and now can get back to", was the bit about contacting the customer.  The training we're received seems to contradict this methodology.   One has to seek explicit consent. This specifically excludes the "we're going to do it anyway unless you object" method that a lot of companies seem to interpret the laws to mean.  This is exactly what GDPR is intended to protect against, having to click on terms and conditions, and being presented with contact by phone or email that a recipient does not want. 

That said I'm happy to receive any communication from Onshape, you're a great bunch of folks.  The only exception to that is unsolicited sales calls thinly veiled as "courtesy calls" or "check ups".  

I personally feel the frequency of your blog alert posts is just right.

Thanks for letting me vent,

Cheers,

Owen S.

noa

Hi @owen_sparks,

Your feedback is heard loud and clear. We are legally required to obtain your consent to our Privacy Policy, Terms of Use, and processing of data, which was the intention behind these checkboxes, but we can do a better job of separating out your consent to these from communications. We are working on clearer language and a better mechanism for this.

In the meantime, for those going through this process – rest assured that if you had previously opted out of communications from us, checking this box will not change that. Additionally, for those looking to opt out, you can do so by clicking the unsubscribe link at the bottom of any email from us.

Thanks for your understanding,

-Noa

ts_sklett

I just submitted a feedback via the OS ui regarding this same thing.

I just logged in and was presented with this:

"By checking this box, I agree to be contacted by Onshape in relation to Onshape's products and services which may be of interest to me and I acknowledge that I can withdraw my consent at any time, as outlined in Onshape's Privacy Policy."

I tried not checking it but it wouldn't let me proceed. The way I read that you are forcing me to consent to receive emails from you about your products. In other words, forcing my to receive spam.

Maybe I have it wrong, but if I don't I think it's gross and obnoxious and it will be a major ding in your otherwise stellar reputation.

Regards,

Steve

StephenG

Interesting bedtime reading.

Unfortunately it will keep you up into the early morning hours to get through all 11,740 words in the TOU, and 3,830 words in the PP.  

Onshape should award a "merit badge" to those who actually read every word of it.

Note: If you need to review the TOU and PP at a later time they can be accessed through links on the bottom of the Onshape home page.



A quick scan and couple things caught my eye.

1. YOUR CONTENT, 1. Ownership

"...  Onshape does not guarantee that any Content will be available or useable by Customer following the termination of Customer’s subscription or otherwise. ..." 

I wonder what is meant by "or otherwise".  Does "or otherwise" mean if Onshape shuts its doors, access to my data is lost?  Long term data access is an important consideration that needs precise answers and guarantees where a tremendous amount of expense/value is in the user's data; especially important for a cloud based product like Onshape.

4. USAGE RESTRICTIONS, [b] Certain Obligations: You shall not and shall not allow a third party to:

(iii) Analyze the Service, Software or Documentation for purposes competitive to
     Onshape, or access or otherwise use the Service, Software or Documentation
      in order to build a similar or competitive service offering;

Is Onshape demanding its users (including Onshape account holders who happen to work for a competitor to monitor Onshape) not engage in an industry accepted practice?

It would be discouraging to learn the Onshape employee's adhere to this principle and purposely remain ignorant of what the competition is currently doing to address/meet market needs.

Hendrik_

Right now I feel a little shell shocked about all this...
After being assured prior to finally committing to a pro membership earlier this year that our files will remain both accessible and private should we not renew our paid membership, the new terms obliterates that comfort, which was a big driver for deciding to commit.  This to me seems like breach.

I’m also seeing a very worrying pattern in OS’s business strategy.  Still formulating my thoughts around all this but all is not well here...  never thought I’d start considering their competition again but this is exactly the kind of crap that makes the seemingly impossible prospect a consideration.

Ugh!!

larry_hawes

I'm always curious about the thinking behind policy and agreement decisions that change previous agreements. Why change the policy now? What was the problem that needs solving by this new policy change? Is it simply legal concerns? Are there really any legal risks that are now mitigated? Are all old policies and agreements that users agreed to suddenly null and void? Are there monetary concerns that this addresses? Every user can smell a reason behind the changes but what are those reasons? Why? What problem was fixed and why alienate the user base if those concerns are simply 15,000 words of legalize designed to mollify the legal team at the expense of user loyalty?

StephenG

I checked the prior (original) Terms of Use (TOU), dated Dec 15, 2015 and Privacy Policy (PP), dated Feb 26, 2016 documents.  They are also lengthy, coming in at 11,914 and 2,570 words respectively. 

I assume the reason for the recent TOU and PP update was simply to comply with new/changing government regulations. 

The two things that caught my eye initially: 1. YOUR CONTENT, (b) Availability and Security and 4. USAGE RESTRICTIONS, (b), iii have not changed substantially in the new TOU.

It would be most helpful to existing users for Onshape Legal department to prepare a marked up prior TOU and PP that clearly show deletions and insertions that were made (similar to MS Word track changes feature) to create this new and any future TOU and PP documents.

The 1. YOUR CONTENT, (b) Availability and Security paragraph ends with a very important statement:

    Customer is encouraged to practice effective and secure content retention practices.

It is very important that Onshape customers have a clear understanding of the significance of this simple 11 word sentence. Customers need to ask themselves why this statement is in the TOU when one of the main selling points of Onshape is the supposed elimination of having to provide and maintain in-house capabilities to protect its CAD data.   
 
I am not trying to be negative about the Onshape product or its business practices; there are practical and legal limits to what Onshape services can provide and they should be clearly understood by its customers. With the exception of 4. USAGE RESTRICTIONS, (b), iii everything seems reasonable.  

noa

@Hendrik_ your documents do NOT become public if you discontinue your paid subscription. They remain PRIVATE and can be viewed/exported. You simply cannot edit them within Onshape until you deliberately make them public yourself, or upgrade again to a paid subscription.

@larry_hawes – good questions. The primary driver for our change in Privacy Policy and Terms of Use was the introduction of the European Union’s General Data Protection Regulation (GDPR). Most of the changes to these two documents are directly targeted towards addressing these new laws. The changes concerning the intended uses of our Free Plan and the document ownership surrounding the Free Plan were changed to disambiguate something that has been unclear for a very long time – our stance on what we’ve always intended the Free Plan to be used for (non-commercial use).

@StephenG – you are correct. These two sections have not changed since December 15th, 2015. Regarding 4. USAGE RESTRICTIONS, (b), iii – this is a very common clause across software services. It is natural for companies to not want their competitors using their service to build a competing product. I encourage you to take a look at some of the Terms of Use of other tools that you use and I expect you’ll find similar language.

@owen_sparks and @ts_sklett – thank you for the feedback. On Thursday we removed the language about marketing communications from the checkboxes for people who have yet to see them. Rest assured that your subscriptions preferences have not changed as a result of you checking that box previously.

owen_sparks

Hi @noa

Thanks for your rapid action with regards to the GDPR actions.

Would you please elaborate on the statement below please?

StephenG said:

1. YOUR CONTENT, 1. Ownership

"...  Onshape does not guarantee that any Content will be available or useable by Customer following the termination of Customer’s subscription or otherwise. ..." 

I wonder what is meant by "or otherwise".  Does "or otherwise" mean if Onshape shuts its doors, access to my data is lost?  Long term data access is an important consideration that needs precise answers and guarantees where a tremendous amount of expense/value is in the user's data; especially important for a cloud based product like Onshape.

In one post is seems our data is not guaranteed if we chose to allow a subscription to lapse, yet in your reply to @Hendrik_ you indicate it is, as was the original selling point?  It can't be both, and I'm sure TOS trumps a forum post so I'm already a little worried. 

This is also vague:-  " Customer is encouraged to practice effective and secure content retention practices."  Yeah, that's what we pay you for.  And how do we secure content when OS has a proprietary format that we can't save, and no local install?  Step files?  This just shouts throw away line buried in TOS so there's no come back if things go wrong.  It seems like just a week ago I was complementing OS on is transparency...

Also common clauses don't mean they're right.  For years internet service providers in the UK have been able to sell "Up to xx speed" knowing full well they couldn't provide it.  They didn't seem to like it when I'd propose that we measure the speed each few hours and pay "up to" the full price depending on the results.  Now such practices are finally outlawed.  Are you guys seriously saying you don't evaluate SW or F360, or if you do then you do so knowing breaching the TOS you signed up with, but that's OK because everybody does it?

I think I share a similar view as some other folks.  I trust OS to build the very best innovative CAD system it is possible to conceive and develop, the business aspect sometimes is great, other times not so much.

Regards,

Owen S.

john_mceleney

owen_sparks  at al: Thank you for raising these key questions/issues and your continued support. I think that you have found an area where our lawyers may have pushed the leagalese a bit too far. So, not being a lawyer, let me be absolutely clear (in plain english):

1. The ONLY person that can make a private document public is the owner. ALL private documents will ALWAYS stay private unless the owner changes the status.

2. You are correct, you pay use to keep your data safe. Our whole existence depends upon this and every day we are working 24/7 to earn and protect this trust.

3. One of our founding principles is that you should always have access to your data. Should you stop your commercial relationship with Onshape, you will always be able to access your data to download it in any number of industry standard formats.

John McEleney
Co-Founder and Board Member, Onshape

bill_daniels

I have a question about the "free" accounts used by "makers' and "builders".  All my documents are public with no intellectual property claimed and I would like these to be available to as many potential users as possible.  These users would need to be able to open free accounts.  (The advantage to Onshape is this exposes to product to potentially thousands of companies who might sign up as professional users - a quick scan of my email records shows just under a 1.000 contacts where I have recommended a Professional Onshape Account.)  

So. will the "free" option for non-professional users remain available?

ChuckKey

Could we please have an explanation of why we can no-longer attach licence terms to public documents? I have several to which I have applied the Creative Commons attribution non-commercial share alike (cc-by-nc-sa). I understand that the conditions will remain on pre-existing documents, but not in future. I am particularly concerned that future public documents can now be used by others for commercial purposes. AFAIK this has nothing to do with GDPR.

owen_sparks

john_mceleney said:

owen_sparks  at al: Thank you for raising these key questions/issues and your continued support. I think that you have found an area where our lawyers may have pushed the leagalese a bit too far. So, not being a lawyer, let me be absolutely clear (in plain english):

1. The ONLY person that can make a private document public is the owner. ALL private documents will ALWAYS stay private unless the owner changes the status.

2. You are correct, you pay use to keep your data safe. Our whole existence depends upon this and every day we are working 24/7 to earn and protect this trust.

3. One of our founding principles is that you should always have access to your data. Should you stop your commercial relationship with Onshape, you will always be able to access your data to download it in any number of industry standard formats.

John McEleney
Co-Founder and Board Member, Onshape

@john_mceleney

Many thanks for taking the time to jump in and clarify things, it means a great deal that you have.

I would however respectfully request that you amend the TOS to match your words.  The TOS is a legally binding document, where as your forum post although reassuring isn't what would be referenced if push comes to shove.

Kind regards,

Owen S.

3dcad

At first I was terrified with the terms and lack of oblications against client. But then again, if Onshape is down and bankrupt it doesn't really matter what is written in TOS.

And as long as they are up and running, only way to survive is to make customer happy - which means working everyday 24/7 to earn and protect our trust.

For this: Customer is encouraged to practice effective and secure content retention practices.

Onshape should provide better tools than exporting single model/assembly as step/parasolid or so.. Maybe step ap242 will sort this if Onshape provides bulk export for selected documents - that creates files that are usable without recreation in other modelers.