Dear You.com team, I am reaching out to express my deep concerns about the privacy practices I’ve encountered while using your platform. As a paying customer, I appreciate the value your service provides, but the current data collection practices (particularly involving 'New Relic' tracking) leave me feeling coerced into sacrificing my privacy—a situation that is neither acceptable nor compliant with best practices or GDPR principles. I will try to develop my main concerns: Excessive Data Collection (New Relic) Using DuckDuckGo browser on a Google Pixel 7 Pro with CalyxOS, I detected thousands of tracking attempts from New Relic in a single session. This tracker collected extensive details, including: Unique device identifiers (persistent tracking enabled) Device model and brand Network operator details OS version, screen resolution, and connection type Geolocation (country) and device language App version and specific metrics Such an aggressive level of tracking raises serious concerns about: Data minimization and purpose limitation** (GDPR Art. 5(1)(b) & (c)), User profiling risks through unique identifiers, and transparency: Users are not clearly informed about this level of data collection or its specific purposes (maybe this is written somewhere but i didn't found that information) Coerced Consent for Paying Users As a paying customer, I feel forced to accept invasive tracking practices. While I understand that some data collection may be necessary for service functionality, the lack of transparency and opt-out mechanisms leaves me no real choice. This situation violates the spirit of GDPR’s consent requirements, which state that consent must be freely given, informed, and unambiguous (Art. 7). GDPR Compliance and Technical Implementation. I question whether the current implementation with New Relic respects GDPR principles, particularly: Transparency (Art. 5(1)(a)): Users are not adequately informed about the extent of tracking or the third-party tools used, Data minimization (Art. 5(1)(c)): The volume of data collected appears disproportionate to the functional needs of the service, and purpose limitation (Art. 5(1)(b)): It is unclear how this data is used or why such granular tracking is necessary. Additionally, alternative privacy-preserving monitoring tools exist, which could reduce reliance on third-party trackers like New Relic and to address these concerns and rebuild trust with your users, I strongly recommend the following actions: Privacy-First Options for Paying Users: Granular Data Control (Allow Pro users to opt out of non-essential trackers (e.g., New Relic) without compromising access to the service) and Privacy Mode ( Implement a dedicated privacy-first mode with no third-party tracking). Alternatives to New Relic You could evaluate privacy-friendly server-side monitoring tools that do not rely on invasive client-side tracking and limit client-side data collection to essential metrics directly related to functionality or performance. Transparency & Trust Building by transparency Reports: Publish regular reports detailing the purpose and scope of data collection, including third-party tools like New Relic, implement a privacy Dashboard (a user-facing dashboard where customers can view and manage what data is being collected) and eventually independent Audits (commit to regular third-party audits of your data collection practices to ensure compliance with GDPR and user privacy expectations). As a loyal, paying subscriber, I value the service you provide and want to continue using it. However, the current data collection practices force me into a position where I must compromise my privacy to access the service I’ve paid for. This undermines trust and creates a negative experience for customers like me who prioritize privacy. By adopting the solutions outlined above, You.com has the opportunity to differentiate itself as a privacy-first search engine and assistant who build stronger trust with its user base by ensuring compliance with GDPR regulations (and then avoid potential legal risks). I can't imagine that you.com won't take these concerns seriously with prior to privacy and trust of users.
