Consent—not acting on another without their permission—is one of Gratipay's core values. In our context, the action in question is usually the public sharing of personal information. We have to be especially mindful of this because our company operates almost entirely on the public Internet.
Seeking consent is especially important in the medical profession, which has developed helpful best practices:
Seeking consent is part of a respectful relationship [...] and should usually be seen as a process, not a one-off event. When you are seeking a person's consent[,] you should make sure that they have the time and support they need to make their decision. People who have given consent [...] are entitled to change their minds and withdraw their consent at any point[.] Similarly, they can change their minds and consent to [something] which they have earlier refused. It is important to let the person know this, so that they feel able to tell you if they change their mind.
From Third Parties
When establishing relationships with third parties such as vendors, business partners, journalists, and the like, include language such as the following in your first private communications with them:
P.S. So you're aware, Gratipay makes decisions publicly on the Internet, so I'll need to at least summarize our conversation for the Gratipay community on this public ticket: [link].
After giving this notice it's okay to copy snippets from private email to GitHub, but take care not to leak personal information, such as names of salespeople, without explicit consent.
Be sure to do this for in-person conversations as well, not just email.