Privacy Policy Changes

Summary of Changes

Hello –

We definitely hear and understand your concerns and really appreciate all the thoughtful feedback we’ve received over the last 24 hours. We’ve been working on this for weeks and many of us who use Plex every day have had to work through this carefully to get ourselves comfortable. That said, many of you have raised good points that (somehow!) we didn’t consider, so we are going to make some important changes to address those. First, it is worth addressing some of the major themes we’ve seen.

Did you try to sneak this by us?
No. We were just busting our asses to get this done by the end of the week (like so many other things we do!). The sentence most people are concerned about wasn’t buried on page seven of legalese, it was front and center on our summary page, which we created to be more transparent. We tried hard to make it obvious and understandable. We then emailed fifteen million people 30 days before the policy even takes effect, which is technically not required, but again we wanted to be as transparent as possible. There is never a time that we can send (even if we wanted to) emails to our customers “under the radar”. Those days are long gone :-). BTW, Friday and Saturday are our heaviest use days, so there was no intention of this “slipping by”.

Are you now going to sell our data?
No! God, no! Section F of the Use of Information section of the Privacy Policy does not allow us to sell your data. And we have absolutely zero desire to do so, ever. We’ve updated the summary to make this more clear, but I will state unequivocally here, we will NEVER sell any data, anonymous or otherwise, about your own personal library. To be clear, we will continue to license more and more content for our customers (e.g. our agreement with IVA for trailers and extras, Lyricfind for lyrics, and news publishers related the Watchup integration), and these arrangements call for varying degrees of data sharing with respect to consumption of THEIR content, but again we will never sell or share data related to YOUR content libraries.

Why did you remove the opt out in the first place?
Over the years, there have been more and more exceptions to the “opt out”. We’ve tried to enumerate these exceptions in the Privacy Policy as they arise and as we build or introduce new features, but there are now a lot of exceptions (and providing mere examples of these exceptions, like many privacy policies, has annoyed users in the past). There’s all sorts of information that is transmitted simply in order to deliver services, e.g.:

  • servers connect to the cloud to check for updates;
  • clients talk to the cloud to discover how to connect to remote servers;
  • services like Alexa and Sonos are designed (by Amazon and Sonos) such that metadata must be available to our cloud services;
  • we have to know you have a Plex Pass to enable mobile sync and other premium features;
  • we have to communicate through our cloud infrastructure to relay playback requests/commands/events in certain scenarios;
  • if you use our relay service when direct remote connections cannot be made, we have to have data to make the hand off between your server and the remote device;
  • we have to provide accurate reporting to licensors for things like trailers and extras, photo tagging, lyrics, licensed codecs and so on (this is only anonymized data).

As we worked through this revision, we came to the conclusion that providing an ‘opt out’ in the set-up gives a false sense of privacy and feels disingenuous on our part. That is, even if you opted out, there is still a bunch of data we are collecting that we tried to call out as exceptions. So rather than try to enumerate all of exceptions, we decided: (1) to make it even more clear that we don’t collect data that tells us what is in your library; (2) to remove the opt out provision primarily to be more clear up front (but also acknowledging that the data is clearly useful); and (3) to be very transparent about what we do, and don’t do, with the data (including Section F, which prohibits us from selling your data).

Can’t you still deduce what is in my library?
This was clearly a detail we missed, and many of you have raised it after the fact. While we think it would be hard for someone to figure out the identity of a file based on some media information (e.g. media duration), it is certainly more than just a theoretical possibility. And, again, we have ZERO interest in knowing or being able to know what is any of your libraries. So, for you and for us, we’re going to make some changes to the policy ASAP.

Oh yeah? Like what?
We’re going to do three main things:

  • Generalization. First, as has been recommended by a bunch of folks in the community (lots of great ideas!), we are going to “generalize” playback stats in order to make it impossible to create any sort of “fingerprint” that would allow anyone to identify a file in a library. For example, we will round playback duration and bit rate so as to avoid the possibility of identifying the media. This should provide users the comfort that nobody can identify what files are being played using these stats, while also giving us valuable insight into things like: how does the server perform at certain combinations of hardware, codecs, bit rate, and resolution?; what are the stall rates on different platforms for improving Automatic Bit Rate functionality?; is a given feature even being used?; and are users having a hard time finding a certain button? This helps make the product better for everyone without getting “all up in your kitchen”.
  • Opt out of Playback Data. Second, in addition to providing the ability to opt out of crash reporting and marketing communications, we will provide you the ability to opt out of playback statistics for personal content on your Plex Media Server, like duration, bit rate, and resolution in a new privacy setting. We will list exactly what these statistics are, and I promise the words “such as” will not appear on that screen :-). We think this gives folks who are concerned about this the ability to make a more informed decision of what they are opting out of and why, while at the same time not providing a false sense of security by essentially providing an “opt out” in the setup that necessarily doesn’t cover a lot of the data that we must collect to provide you our services.
  • Complete list of Usage Statistics. Finally, in the new privacy tab in the server settings we will provide a full list of all product events data that we collect. While we’ve always followed the Privacy Policy “norm” of enumerating types of data and then providing examples, as I’ve said, that has created challenges in the past, and we’ve definitely heard more folks express concern with this approach over the last 24 hours. Our intention here is to provide full transparency. Users will have one place where they can see what data is being collected and where they can opt out of playback data that they are not comfortable with (though we’ll do our best to get them comfortable!).

We hope this allays the concerns many of you have expressed. We’ll work on getting the Privacy Policy and summary page updated over the next few days. We’d do it today, but…lawyers. Again, thank you for all your thoughtful feedback and recommendations!

Keith Valory