Back in March, we shared our plan to develop a privacy-preserving telemetry system that will help us build an even better 1Password. The goal was simple: to better understand how people are using 1Password, where they’re getting stuck, and which updates we should be focusing on first.
Since that announcement, we’ve been testing our telemetry system internally with 1Password employees before rolling it out to anyone else. We wanted to be certain that our system, which collects small amounts of in-app usage data, could deliver valuable insights while staying true to our privacy principles.
After months of development and refinement, we’re now confident we can deploy this system in a way that helps us build a better 1Password without compromising on our commitment to protect your privacy.
Later this summer, you’ll see the option to participate in our telemetry system and help improve 1Password. You don’t need to take any action right now, and we won’t collect any usage data without your awareness and consent first. Participation will be optional for Individual and Family plan customers. And at this time, our telemetry system won’t be rolled out to any team or business using 1Password.
Our privacy principles
We know that in the technology industry, “analytics” and “usage data” can be an excuse to invade your privacy. But that’s not what’s happening here. From the outset, we’ve used the following privacy principles to guide our telemetry work:
- All data saved in your vaults is end-to-end encrypted using secrets that only you know.
- We will only collect what is needed to provide our service and build you a better 1Password.
- We won’t collect usage data without your awareness and consent.
Why we’re doing this
Up until this point, we’ve used our own usage and your feedback to inform our decision-making. We’ve learned and improved a lot this way. But there’s always been a drawback to this approach: we don’t know what your 1Password experience is like unless you tell us.
In short, anyone who doesn’t share their opinions online, or in conversations with our team, is under-represented when we make product decisions. And that’s an awful lot of people. To build an even better 1Password, we need to understand our community’s usage at a much broader level and measure the effectiveness of our solutions with personally non-identifiable, aggregated data.
What our telemetry system looks like
We’ll be rolling out our privacy-preserving telemetry system to customer accounts gradually. You’ll see this message when you open 1Password on mobile and desktop when it’s time for you to choose whether you would like to participate:
If you haven’t seen this message yet, telemetry isn’t active on your 1Password account.
The choice to share your data is yours. We won’t collect anything unless you’ve confirmed you’re happy to share in-app usage data moving forward.
The selection you make will be applied to your entire account – you won’t have to repeat the process on all of your devices. If you want to change your selection, you can do so via your account settings at any time. The change will take effect the next time you unlock 1Password.
What telemetry data will be collected
We’ve designed our telemetry system to collect data on “events”. An event is essentially an action, like:
- Finishing our in-app onboarding.
- Unlocking 1Password.
- Creating a new item.
- Filling an item in a website or app.
We won’t be collecting your saved passwords, passkeys, usernames, and any URLs associated with your items. Your private information is just that – private.
All event data will be de-identified and processed in aggregate before it’s used for analysis. Taking this approach will give us valuable insights into how people are using 1Password while also allowing us to avoid associating telemetry data with any individuals or accounts.
We may collect a small amount of metadata alongside these events. For example, our system might note the type of device the action was performed on and the version of the 1Password app used. That way, we can contextualize the event and make informed decisions. Event data and metadata will follow the same processes of de-identification and aggregation before they’re used for any aggregate analysis.
How we decide what to collect
We’ve designed our telemetry system so it only collects what we truly need, and nothing else. But how do we decide what’s really needed? We’ve created a clear set of internal processes that ensure any data we collect has a clear business case and meets our privacy standards.
The process starts with some questions we need to answer, such as: ‘Are customers able to use a new feature we’ve launched?’ and ‘How might we improve our new feature for a future version of the app?’ Next, we’ll figure out the events that will help us answer them.
The telemetry request will then be reviewed by an internal group of privacy-focused engineers and legal experts. If the request passes, our telemetry system will be updated accordingly.
What happens next
Right now, there’s nothing you need to do. Our telemetry system isn’t live yet for customer accounts.
Starting this summer, we’ll gradually roll out our new telemetry system. When the rollout reaches your account, you’ll unlock 1Password and see an in-app message where you can select your sharing preferences. You can update your selection at any time via your account settings.
As always, thank you for your continued trust and support. We don’t take it for granted and wouldn’t be where we are today without you.
If you have any questions or thoughts about this, please reach out and let us know.