Some of your Questions:
- How did you choose the words in each category?
- Could I create my own word lists?
- Why do we need your service? Don't you think Google or Facebook could easily replicate this?
- Why would a company use your service when they could easily replicate it internally?
- You mentioned that you do not collect personal information; is there any information that you do track?
- Aren't you concerned that someone using this service might experience significant emotional distress from the responses?
- Is this service appropriate for people of all ages?
- Do you collect, sell, or share user data?
- Are my donations tax deductable?
- Why did you form the company as a nonprofit?
- What is your corporate purpose?
- How do you secure the data?
- How is the site hosted?
- Are you concerned that a Requester might create two fake email accounts and then send a feedback request to one real Responder along with the two fake accounts and then use the fake accounts to provide two bogus answers and then they would know the exact responses from the one real Responder?
- What is the Response Period? How long is it?
- What is the Review Period? How long is it?
- How are you able to show usage statistics if you delete all data after the Review Period ends?
Q. How did you choose the words in each category?
It wasn't easy. The primary objective of this service is to benefit the requester. We wanted to find words that could potentially be helpful and also selecting words with meanings that didn't overlap too much. We also wanted to avoid generic words like "nice, intelligent, funny", because those words aren't very constructive.
Q. Could I create my own word lists?
Not today, but I might add that feature in the future.
Q. Why do we need your service? Don't you think Google or Facebook could easily replicate this?
They could certainly replicate the technology. But the reason that this site works is because users trust that we are not going to use or sell their personal information. I think Google and Facebook are great companies that provide tremendous value to the world, but their business model is based around harvesting and selling everyone's personal information. And for many things, I don't mind that, but for something as sensitive as providing feedback to someone that I care about, I don't trust Google or Facebook to keep my data private.
Q. Why would a company use your service when they could easily replicate it internally?
They could certain replicate the technology, but the reason why this site works is because users trust that we are only going to use the information entered for its intended purpose.
Q. You mentioned that you do not collect personal information; is there any information that you do track?
Yes, I do capture the IP address and browser version from visitors and we use Google Analytics to understand how the site is being used.
Q. Aren't you concerned that someone using this service might experience significant emotional distress from the responses?
We do understand that is a possibility and to anyone to which that happened, we apologize sincerely. But we thought about this question at the beginning of this project and we thought most likely no more than 10% of people would experience significant emotional distress from the responses. And we didn't think it was fair to the 90% of people who would benefit from this service to not develop it.
Q. Is this service appropriate for people of all ages?
Initially, the service will be available only to people who are 18 years or older. I'm a bit concerned that for younger users the responses might be considered bullying. Once we receive sufficient donations, we will begin working on a version specifically designed to students aged 13 through 17.
Q. Do you collect, sell, or share user data?
All data is deleted at the end of the Review Period, but we do keep an anonymized version of the data on which we perform statistical analysis and publish the findings in our monthly newsletter. We may make the anonymized version of our data available for educational, scientific, or research purposes.
Q. Are my donations tax deductable?
We began the process of forming the nonprofit in May of 2022. We are hoping our nonprofit status will be approved by the appropriate agencies by September of 2022. We cannot accept donations until it is approved.
Q. Why did you form the company as a nonprofit?
The only way the tool could be effective is if the Responders provide honest answers. If Responders thought there was even a slight chance that their answers could be seen by anyone other than the Requester, then they might not be comfortable being honest. Any for-profit company will have investors who could one day demand that the company increase profits by any means. As a nonprofit, we have no investors and we can never be acquired by a for-profit company.
Q. What is your corporate purpose?
On the application we filed with the New York Department of State, our corporate purpose is defined as: The corporation is formed for the charitable purpose of benefiting all people by providing free, Internet-based services.
Q. How do you secure the data?
The site employs current best practices with regards to preventing attacks such as SQL injection and cross-site scripting. All data inputs are validated with multiple checks. Requestors and responders are validated with an eight character random alphanumeric string (instead of requiring them to create user accounts). I have a vulnerability scanner checking the site regularly to notify me if any significant issues are found.
Q. How is the site hosted?
The site is running on an AWS EC2 running Linux with mySQL, Apache, and PHP. The pages were created using HTML, CSS, JavaScript, JQuery, and Bootstrap (with a few other minor plugins).
Q. Are you concerned that a Requester might create two fake email accounts and then send a feedback request to one real Responder along with the two fake accounts and then use the fake accounts to provide two bogus answers and then they would know the exact responses from the one real Responder?
Yes, that is a possibility. In the Individual Edition, we plan to add a feature where the Requester can optionally include the list of all Responder names and emails to each Responder. That way the Responders can be sure who the other Responders are.
Q. What is the Response Period? How long is it?
It is the period of time during which the Responders may complete the feedback response form. It begins as soon as the Requester clicks the verify link in their email. By default, it lasts five days, but it will automatically end early once all Responders have submitted the response form.
Q. What is the Review Period? How long is it?
It is the period of time during which the Requester may view the feedback summary. It will always be a minimum of seven days and a maximum of twelve days. It begins when the Response Period ends (as long as three or more responders completed the response form) or once all Responders have completed the form (whichever happens first). It ends twelve days after the Requester clicked the verify link in their email.
Q. How are you able to show usage statistics if you delete all data after the Review Period ends?
Each request and response are simultaneously written to two different databases - one with live data and one which stores a tokenized (anonymized) identifier for the Requesters and Responders. The live data is deleted at the end of the Review Period. The anonymized data is kept for statistical analysis.