implement floss4good's suggestion

This commit is contained in:
meaz 2024-02-20 21:24:45 +01:00
parent e5645cf5f5
commit 5990f9deb2
Signed by: meaz
GPG key ID: CD7A47B2F1ED43B4

View file

@ -23,7 +23,7 @@ Any translation of this **Privacy Statement** is a community effort to make the
- **GDPR**: General Data Protection Regulation, [EU 2016/679](https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1580499932731&uri=CELEX:32016R0679)
- **Data**: According to the **GDPR**, data is any information that can be used to identify a person, either directly (real name, phone number, IP address, etc.) or indirectly (any combination of the aforementioned plus device fingerprints, cookies, etc.). In the specific context of the use of our platform, it is the minimum information required for the proper operation of the services provided by **Disroot.org** as well as the information the user optionally submits on any of them.
- **Services**: the set of different softwares, protocols and standards used to exchange data between web applications.
- **Services**: the set of different software, protocols and standards used to exchange data between web applications.
- **User** or **you**: any person or third party that access and uses the services provided by **Disroot.org**.
- **Disroot, Disroot.org, we** or **us**: Stichting Disroot.org
- **Platform**: the set of services provided by **Disroot.org** and that are hosted on our servers.
@ -37,7 +37,7 @@ Any translation of this **Privacy Statement** is a community effort to make the
<br>
## The Data covered by this Privacy Statement
This **Privacy Statement** applies to all services hosted on **Disroot.org** and its sub-domains. It does not extend to any websites or web services that can be accessed from our platform including, but not limited to, any federated services and social media websites outside **Disroot**. Federated services are those that interoperate with each other (exchanging information and services) regardless of the provider (e.g. mail or open social networks). These services use protocols that necessarily share or transfer data between different providers and therefore such interactions are outside the scope of this Privacy Statement.<br>
This **Privacy Statement** applies to all services hosted on **Disroot.org** and its sub-domains. It does not extend to any websites or web services that can be accessed from our platform including, but not limited to, any federated services and social media websites outside **Disroot**. Federated services are those that interoperate with each other (exchanging information and services) regardless of the provider (e.g. email or open social networks). These services use protocols that necessarily share or transfer data between different providers and therefore such interactions are outside the scope of this Privacy Statement.<br>
It is important to note that **sharing data with other services providers is a users choice** (see [1. What data do we collect?](#data_we_collect)) and is configured by the users in their services settings, including the decision what to share and with whom.
<br>
@ -79,7 +79,7 @@ To protect your data we use the following security measures:
<br>
## 1.3. How do we backup your data?
In order to allow attempt at recovery from dataloss disaster situations, we create backups on remote server owned by Stichting Disroot.org. We backup data on daily basis and store them for period of 4 days.
In order to allow attempt at recovery from data loss disaster situations, we create backups on remote server owned by Stichting Disroot.org. We backup data on daily basis and store them for period of 4 days.
<a name="what_we_do_not"></a>
<br>
@ -110,7 +110,7 @@ We store all data in **our own servers**, located in a data center in the **Neth
- All emails, unless encrypted by the user (with GnuPG/PGP, for example) are stored unencrypted on our servers.
- IP addresses of currently logged in users via IMAP/POP3 protocols are stored as long as the device is logged in the server *(per each device logged in)*.
- Server logs, which store information such as, but not limited to, your username and your IP address, *from* and *to* email addresses, IP addresses of servers the emails come in or go out to, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.
- Given that email works on a **federated** protocol, when interacting with email addresses hosted on third party servers (eg. Gmail.com, Posteo.org), data is sent to other independently operated and owned servers in the network over which we have no control.
- Given that email works on a **federated** protocol, when interacting with email addresses hosted on third party servers (e.g. Gmail.com, Posteo.org), data is sent to other independently operated and owned servers in the network over which we have no control.
<a name="cloud"></a>
<br>
@ -222,7 +222,7 @@ We store all data in **our own servers**, located in a data center in the **Neth
## 4.13. - **Disroot CryptPad** (https://cryptpad.disroot.org)
- This service does not require login or providing any personal data. However, an account can be created in order to save files.
- **No log data** (Ip address, session cookie, etc) is stored on the server.
- **No log data** (IP address, session cookie, etc.) is stored on the server.
- All documents created or uploaded to the server are **end-to-end encrypted** which means no one with access to the server can decrypt/read the data.
- Documents expire after three months and are then removed from the server, except if an account was created, in which case documents uploaded to the server are wiped based on the retention period set by the user upon upload/creation.
@ -232,7 +232,7 @@ We store all data in **our own servers**, located in a data center in the **Neth
- This service requires login with **Disroot** credentials.
- Server logs, which store information such as, but not limited to, your IP address and your username are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.
- All akkoma data such as, but not limited to, messages, files, etc., are stored on the server in the database as is (plain-text).
- All Akkoma data such as, but not limited to, messages, files, etc., are stored on the server in the database as is (plain-text).
- Given that ActivityPub is a **federated** protocol, when interacting with users hosted on third party servers, data is sent to other independently operated and owned servers in the network over which we have no control.
<a name="rights"></a>
@ -241,7 +241,7 @@ We store all data in **our own servers**, located in a data center in the **Neth
Under the **GDPR** you have a number of rights with regard to your personal data:
- **Right to access** - The right to request (I) copies of your personal Data or (II) access to the information you submited and we hold at any time.
- **Right to access** - The right to request (I) copies of your personal Data or (II) access to the information you submitted and we hold at any time.
- **Right to correct** - The right to have your Data rectified if it is inaccurate or incomplete.*
- **Right to erase** - The right to request delete or remove your Data from our servers.
- **Right to restrict the use of your Data** - The right to restrict processing or limit the way we use your Data.
@ -251,7 +251,7 @@ Under the **GDPR** you have a number of rights with regard to your personal data
> *Your* **Disroot username** *and* **Disroot email address** *are integral part of your user account and cannot be modified.*
> *Usernames remain in the database, even after erasure request, to prevent old usernames being re-used by new users, compromising the privacy of both and enabling possible identity theft. For that reason, usernames of accounts that have been deleted remain in the database to avoid being reused. However, all the linked personal information is deleted permanently.*
You have the right to lodge a complain, make enquires, excercise any of the rights described above or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), by contacting us via email to:
You have the right to lodge a complain, make inquiries, exercise any of the rights described above or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), by contacting us via email to:
- **data.protection.officer@disroot.org** - Person responsible for this Privacy Statement
- **info@disroot.org** - General information contact