Fixes on PP coverage + What data do we collect + Services names + Chat information + PP Disroot email added
This commit is contained in:
parent
5c5babf9a1
commit
1c92c42012
29
pp_draft.md
29
pp_draft.md
|
|
@ -28,14 +28,14 @@ fontcolor: '#FFF'
|
|||
- [4.1. Email](#email)
|
||||
- [4.2. Cloud](#cloud)
|
||||
- [4.3. XMPP Chat](#chat)
|
||||
- [4.4. SearX](#searx)
|
||||
- [4.4. Search](#searx)
|
||||
- [4.5. Upload](#upload)
|
||||
- [4.6. Pads](#pads)
|
||||
- [4.7. Polls](#polls)
|
||||
- [4.8. Bin](#bin)
|
||||
- [4.9. Forum](#forum)
|
||||
- [4.10. Project Board](#project_board)
|
||||
- [4.11. Conference calls](#calls)
|
||||
- [4.11. Calls](#calls)
|
||||
- [4.12. Diaspora*](#diaspora)
|
||||
- [4.13. GIT](#git)
|
||||
|
||||
|
|
@ -49,7 +49,7 @@ fontcolor: '#FFF'
|
|||
----
|
||||
<a name="coverage"></a>
|
||||
# What this Privacy Policy covers?
|
||||
This Privacy Policy applies to all services hosted on **Disroot.org** and its sub-domains. It does not extend to any websites or web services that can be accessed from our platform including, but not limited to, any federated services and social media websites outside **Disroot**. In the specific case of the so-called federated services, and because of the very nature of the protocols they use (which has the ability to send messages, likes, share files, chat, among others features) some of the data is necessarily shared with other entities, therefore these interactions are out of this Privacy Policy's scope.<br>
|
||||
This Privacy Policy applies to all services hosted on **Disroot.org** and its sub-domains. It does not extend to any websites or web services that can be accessed from our platform including, but not limited to, any federated services and social media websites outside **Disroot**. In the specific case of the so-called federated services, and because of the very nature of the protocols they use (which has the ability to send messages, likes, share files, chat, among others features) some of the data is necessarily shared with other entities or transferred to them, therefore these interactions are out of this Privacy Policy's scope.<br>
|
||||
In any case, is important to **note that sharing data with other services providers is a user's choice** and is configured by the users in their settings per service including the decision of with whom and what to share.
|
||||
|
||||
<a name="definitions"></a>
|
||||
|
|
@ -67,7 +67,10 @@ In any case, is important to **note that sharing data with other services provid
|
|||
---
|
||||
<a name="data_we_collect"></a>
|
||||
# 1. What data do we collect?
|
||||
We require a username and password to identify the account holder and provide the services offered by **Disroot.org**. All additional information you supply on any of the services provided by us is **optional**.<br>
|
||||
- Account creation requires a valid email address which is deleted from our database after the account has been approved/denied.
|
||||
- We require a username and password to identify the account holder and provide the services offered by **Disroot.org**.
|
||||
- Necessary information related to the operation and functioning of the services, which may include, for example, IP address, User Agent, etc. *More detailed information about this and how we handle it can be found in the [Per service privacy notices](#per_services).*
|
||||
- All additional information you supply on any of the services provided by us is **optional**.
|
||||
|
||||
(For more detailed information, please refer to the [Per service privacy notices](#per_services) section below)
|
||||
|
||||
|
|
@ -75,8 +78,8 @@ We require a username and password to identify the account holder and provide th
|
|||
## 1.1. What do we do with your data?
|
||||
|
||||
- Our processing of your information is limited to storing it for you to use.
|
||||
- We store logs of your activity for a period no longer than 24hs (unless specified otherwise per service). This data is used to help diagnose software issues, maintain security of the system against intrusion, and monitor the health of the platform.
|
||||
|
||||
- We store logs of your activity for a period no longer than 24hs (unless specified otherwise per service). This data is used to help diagnose software issues, maintain security of the system against intrusion, and monitor the health of the platform.<br>
|
||||
(Detailed information on [Per service privacy notices](#per_services) section)
|
||||
|
||||
<a name="how_we_store"></a>
|
||||
|
|
@ -98,9 +101,11 @@ To protect your data we use the following security measures:
|
|||
|
||||
- We do not in any way process, analyze your behavior or personal characteristics (profiling). We have no advertisements or business relationships with advertisers.
|
||||
|
||||
- We do not sell nor share your data to third party unless in case of federated services which requires certain data to operate (e.g. other email service provider needs to know your email address to be able to deliver emails).
|
||||
- We do not sell your data to third party.
|
||||
|
||||
- We do not require any additional information that is not crucial for the operation of the service (we do not ask for additional email addresses, phone numbers)
|
||||
- We do not share your data to third party unless in case of federated services which requires certain data to operate (e.g. other email service provider needs to know your email address to be able to deliver emails).
|
||||
|
||||
- We do not require any additional information that is not crucial for the operation of the service (we do not ask for phone numbers, private personal data, home address).
|
||||
|
||||
- We do not read/look nor process your personal data, emails, files, etc., stored on our servers unless needed for troubleshooting purposes, or under suspicion of breaking **Terms Of Services** in which case we ask for prior permission from you or inform you afterwards of all actions taken against the account in the transparency report addressed to account holder.
|
||||
|
||||
|
|
@ -133,16 +138,15 @@ We store all data in our own servers located in the Netherlands.
|
|||
|
||||
<a name="chat"></a>
|
||||
## 4.3 - **Disroot XMPP Chat** (https://webchat.disroot.org)
|
||||
- Chat history, if specified by user on per chatroom basis, is stored on the server for a period of 6 months.
|
||||
- Roster (your XMPP contact list) is stored on the server's database.
|
||||
- Chat history is stored on the server in the same form as on the chat itself, meaning unencrypted chat is stored in plain-text and encrypted chat is stored encrypted.
|
||||
- Chat history is stored on the server in the same form as on the chat itself, meaning unencrypted chat is stored in plain-text and encrypted chat is stored encrypted. Additionaly, the chat history, if specified by user on per chatroom basis, is stored on the server for a period of 6 months.
|
||||
- Server logs, which store information such as, but not limited to, your IP address and your username are stored for a period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
|
||||
- Given the XMPP is a **federated** chat protocol, when interacting with users or chat-rooms hosted on third party servers, data is sent to other independently operated and owned servers in the network over which we have no control.
|
||||
- Files uploaded to the server are stored as is for a period of 6 months.
|
||||
- Service requires login with Disroot credentials.
|
||||
|
||||
<a name="searx"></a>
|
||||
## 4.4 - **Disroot SearX** (https://search.disroot.org)
|
||||
<a name="search"></a>
|
||||
## 4.4 - **Disroot Search** (https://search.disroot.org)
|
||||
- **No log data** (IP address, session cookie, etc) is stored on the server.
|
||||
- The only situation where logs can be enabled is in case of troubleshooting. Logs are then enabled only for duration of the problem fixing time and are purged immediately after.
|
||||
- No search queries are saved on the server nor any personal information of our users is leaked to the other search engine.
|
||||
|
|
@ -195,7 +199,7 @@ We store all data in our own servers located in the Netherlands.
|
|||
- Service requires login with Disroot credentials.
|
||||
|
||||
<a name="calls"></a>
|
||||
## 4.11 - **Disroot Conference calls** (https://calls.disroot.org)
|
||||
## 4.11 - **Disroot Calls** (https://calls.disroot.org)
|
||||
- **No log data** (IP address, session cookie, etc) is stored on the server.
|
||||
- No user data is permanently stored on the server.
|
||||
|
||||
|
|
@ -229,6 +233,7 @@ Under the **GDPR** you have a number of rights with regard to your personal data
|
|||
|
||||
To make enquires, excercise any of the rights described above or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), please contact us via email to:
|
||||
|
||||
- **data.protection.officer@disroot.org** - Person responsible for this Privacy Policy
|
||||
- **info@disroot.org** - General contact information
|
||||
|
||||
For the purposes of the **GDPR**, **Disroot.org** is the "data controller". This means that **Disroot** determines the purposes for which and the manner which your data is processed.
|
||||
|
|
|
|||
Loading…
Reference in New Issue