Update on Privacy Statement Draft

This commit is contained in:
Fede.- 2020-02-05 12:50:54 -03:00
parent 9fff29ad04
commit f4d6903f4b
1 changed files with 62 additions and 54 deletions

View File

@ -10,20 +10,21 @@ fontcolor: '#FFF'
<a name="top"></a>
# Table of Contents
#### [What is the scope of this Privacy Statement?](#coverage)
### [Definitions used on this Privacy Policy](#definitions)
#### [Definitions used on this Privacy Policy](#definitions)
### [The Data covered by this Privacy Statement](#coverage)
#### 1. [What data do we collect?](#data_we_collect)
### 1. [What data do we collect?](#data_we_collect)
- 1.1. [What do we do with your data?](#what_we_do)
- 1.2. [How do we store your data?](#how_we_store)
#### 2. [What we do not do with your data](#what_we_do_not)
### 2. [What we do not do with your data](#what_we_do_not)
#### 3. [Where the data is stored?](#where_store)
### 3. [Where the data is stored?](#where_store)
#### 4. [Detailed privacy notices per services](#per_service)
### 4. [Detailed privacy notices per services](#per_service)
- [4.1. Email](#email)
- [4.2. Cloud](#cloud)
- [4.3. XMPP Chat](#chat)
@ -39,38 +40,39 @@ fontcolor: '#FFF'
- [4.13. GIT](#git)
#### 5. [Your rights](#rights)
### 5. [Your rights](#rights)
- [5.1. Access to your information](#access_information)
#### 6. [Changes on this Privacy Policy](#changes)
### 6. [Changes on this Privacy Statement](#changes)
----
<a name="coverage"></a>
# What is the scope of this Privacy Statement?
This Privacy Policy applies to all services hosted on **Disroot.org** and its sub-domains. It does not extend to any websites or web services that can be accessed from our platform including, but not limited to, any federated services and social media websites outside **Disroot**. Federated services are those that interoperate with each other (exchanging information and services) regardless of the provider (e.g. mail or open social networks). These services use protocols that necessarily share or transfer data between different providers and therefore such interactions are outside the scope of this Privacy Statement.<br>
It is important to note that **sharing data with other services providers is a users choice** (see [What data do we collect?](#data_we_collect)) and is configured by the users in their service settings, including the decision what to share and with whom.
<a name="definitions"></a>
## Definitions used on this Privacy Statement
- **GDPR**: General Data Protection Regulation, [EU 2016/679](https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1580499932731&uri=CELEX:32016R0679)
- **Data**: According to the **GDPR**, data is any information that can be used to identify a person, either directly (real name, phone number, IP address, etc.) or indirectly (any combination of the aforementioned plus device fingerprints, cookies, etc.). In the specific context of the use of our platform, it is the minimum information required for the proper operation of the services provided by **Disroot.org** as well as the information the user optionally submit on any of them.
- **Data**: According to the **GDPR**, data is any information that can be used to identify a person, either directly (real name, phone number, IP address, etc.) or indirectly (any combination of the aforementioned plus device fingerprints, cookies, etc.). In the specific context of the use of our platform, it is the minimum information required for the proper operation of the services provided by **Disroot.org** as well as the information the user optionally submits on any of them.
- **Services**: the set of differents softwares, protocols and standards used to exchange data between web applications.
- **Services**: the set of different softwares, protocols and standards used to exchange data between web applications.
- **User** or **you**: any person or third party that access and uses the services provided by **Disroot.org**.
- **Disroot, Disroot.org, we** or **us**: Stichting Disroot.org
- **Platform**: is the set of services provided by **Disroot.org** and that are hosted on our servers.
- **Platform**: the set of services provided by **Disroot.org** and that are hosted on our servers.
- **Disroot credentials**: they are the username and password created and used by the user to log in to the services provided by us.
- **Federated services**: Services that operates on the basis of so-called **federation protocols** which enables users who signed up at different services providers to interact with each other. Examples of these services are **Nextcloud**, **Email**, **Diaspora\***, **Hubzilla** and **XMPP**.
- **Federated services**: services that operate on the basis of so-called **federation protocols** which enable users who signed up at different services providers to interact with each other. Examples of these services are **Nextcloud**, **Email**, **Diaspora\***, **Hubzilla** and **XMPP**.
- **Brute-force attack**: is a cryptographic attack that consists of submitting many passwords or passphrases, hoping to eventually find the right ones.
<a name="coverage"></a>
## The Data covered by this Privacy Statement
This **Privacy Statement** applies to all services hosted on **Disroot.org** and its sub-domains. It does not extend to any websites or web services that can be accessed from our platform including, but not limited to, any federated services and social media websites outside **Disroot**. Federated services are those that interoperate with each other (exchanging information and services) regardless of the provider (e.g. mail or open social networks). These services use protocols that necessarily share or transfer data between different providers and therefore such interactions are outside the scope of this Privacy Statement.<br>
It is important to note that **sharing data with other services providers is a users choice** (see [1. What data do we collect?](#data_we_collect)) and is configured by the users in their services settings, including the decision what to share and with whom.
[Back to top](#top)
@ -79,15 +81,15 @@ It is important to note that **sharing data with other services providers is a u
# 1. What data do we collect?
If a user chooses to use any of the services provided by us, the following data will be required and therefore collected by **Disroot.org**:
- A valid email address: required for account creation that is deleted from our database after the account has been approved/denied.
- A valid email address: required for account creation. This email address is deleted from our database after the account has been approved/denied, unless the user chooses during the registration process, to keep it for password reset process.
- An username and a password: required to identify the account holder and provide the services offered by **Disroot.org**.
- Necessary information related to the operation and functioning of the services which may include, for example, IP address, User Agent, etc. *More detailed information about this and how we handle it can be found in the [Privacy notices per service](#per_services).*
- Necessary information related to the operation and functioning of the services which may include, for example, IP address, User Agent, etc.<br> *More detailed information about this and how we handle it can be found in the [Privacy notices per service](#per_services).*
- When a user make an online donation to **Disroot.org**, we collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The purpose for which we use this data is merely administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the "[How do we store your data?](#how_we_store)" section. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
- When a user makes an online donation to **Disroot.org**, we collect personal data such as, but not limited to, username (if any), country (in case of extra storage request for tax purposes), transaction IDs or bank account/reference. The purpose for which we use this data is merely administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the "[How do we store your data?](#how_we_store)" section. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
- Any other additional and **optional** information that the user chooses to provide in any of the services.
- Any additional information that the user chooses to supply while using the services provided by us (whether it is chats, posts, emails, etc.). This additional information is optional and with the user's consent.
(For more detailed information, please refer to the [Detailed privacy notices per service](#per_services) section below)
@ -97,19 +99,20 @@ If a user chooses to use any of the services provided by us, the following data
- Our processing of your information is limited to providing the service.
- We store logs of your activity for a period no longer than 24hs (unless specified otherwise per service). This data is used to help diagnose software issues, maintain security of the system against intrusion, and monitor the health of the platform.
- We store logs of your activity for a period no longer than 24hs (unless specified otherwise per service). This data is used to help diagnose software issues, maintain security of the system against intrusion and monitor the health of the platform.
(Detailed information on [Privacy notices per service](#per_services) section)
<a name="how_we_store"></a>
## 1.2. How do we store your data?
To protect your data we use the following security measures:
* a. We use disk encryption on all data to prevent data leak in case the servers are stolen, confiscated, or in any way physically tampered with.
* a. We use disk encryption on all servers to prevent data leak in case the servers are stolen, confiscated or in any way physically tampered with.
* b. We provide and require SSL/TLS encryption on all provided services.
* b. We provide and require SSL/TLS encryption on all "user-to-server" and "server-to-server" communications on all provided services.
* c. We utilize “end to end” and/or “server-side” encryption whenever it is possible in software used to provide maximum security for the users.
* c. We utilize "end-to-end" and/or "server-side" encryption technologies whenever it is made available by services that allow it to provide maximum security for the users.
[Back to top](#top)
@ -118,11 +121,11 @@ To protect your data we use the following security measures:
- We do not collect any other data than what is needed to provide you the service.
- We do not, in any way, process, analyze your behavior or personal characteristics (profiling). We have no advertisements or business relationships with advertisers.
- We do not, in any way, process, analyze your behavior or personal characteristics to create profiles about you or your usage of the services. We have no advertisements or business relationships with advertisers.
- We do not sell your data to any third party.
- We do not share your data to any third party unless in case of federated services which requires certain data to operate (e.g. other email service provider needs to know your email address to be able to deliver emails).
- We do not share your data to any third party unless in case of federated services which requires certain data to be shared in order to operate (e.g. other email service provider needs to know your email address to be able to deliver emails).
- We do not require any additional information that is not crucial for the operation of the service (we do not ask for phone numbers, private personal data, home address).
@ -134,7 +137,7 @@ To protect your data we use the following security measures:
<a name="where_store"></a>
# 3. Where the data is stored?
We store all data in our own servers, located in the Netherlands.
We store all data in **our own servers**, located in a data center in the **Netherlands**.
[Back to top](#top)
@ -146,13 +149,14 @@ We store all data in our own servers, located in the Netherlands.
## 4.1 - **Disroot Email** (https://mail.disroot.org)
- This service requires login with **Disroot** credentials.
- All emails, unless encrypted by the user (with GPG, for example) are stored unencrypted on our servers.
- All emails, unless encrypted by the user (with GnuPG/PGP, for example) are stored unencrypted on our servers.
- IP addresses of currently logged in users via IMAP/POP3 protocols are stored as long as the device is logged in the server *(per each device logged in)*.
- Server logs, which store information such as, but not limited to, your username and your IP address, *from* and *to* email addresses, IP addresses of servers the emails come in or go out to, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files are created. Logs are kept mainly to prevent *brute-force attacks* (a cryptographic attack that consists of submitting many passwords or passphrases, hoping to eventually finding the right ones) on accounts as well as provide quick insight when debugging issues.
- Server logs, which store information such as, but not limited to, your username and your IP address, *from* and *to* email addresses, IP addresses of servers the emails come in or go out to, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent *brute-force attacks* on accounts and to provide quick insight when debugging issues.
- Given that email works on a **federated** protocol, when interacting with email addresses hosted on third party servers, data is sent to other independently operated and owned servers in the network over which we have no control.
- Given that email works on a **federated** protocol, when interacting with email addresses hosted on third party servers (eg. Gmail.com, Posteo.org), data is sent to other independently operated and owned servers in the network over which we have no control.
<a name="cloud"></a>
@ -160,11 +164,11 @@ We store all data in our own servers, located in the Netherlands.
- This service requires login with **Disroot** credentials.
- All files sent to the cloud are encrypted with a key-pair created based on the user password to add an extra level of security. Note, however, that the keys are stored on the server, which compromises the level of security to some degree (e.g.: if an attacker knows your password and obtain the encryption key-pair, can decrypt the data). However **no** "Master Key" does exist on our setup, which means the Admins cannot decrypt any file stored on the cloud without knowing user's password prior.
- All files sent to the cloud are encrypted with a key-pair created based on the user password to add an extra level of security. Note, however, that the keys are stored on the server, which compromises the level of security to some degree (e.g.: if an attacker knows your password and obtain the encryption key-pair, can decrypt the data). However, **no** "Master Key" does exist on our setup, which means the Admins cannot decrypt any file stored on the cloud without knowing user's password prior.
- Except the files, everything else (calendars, contacts, news, tasks, bookmarks, etc.) is stored unencrypted in a database, unless an application provides external encryption (none so far). This is a limitation of the software we are utilizing for this service (Nextcloud).
- Excluding the files, everything else (calendars, contacts, news, tasks, bookmarks, etc.) is stored unencrypted in a database, unless an application provides external encryption (none so far). This is a limitation of the software we are utilizing for this service (Nextcloud).
- Server logs, which store information such as, but not limited to, your IP address, your username, an app currently used, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- Server logs, which store information such as, but not limited to, your IP address, your username, an app currently used, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.
<a name="chat"></a>
@ -174,9 +178,9 @@ We store all data in our own servers, located in the Netherlands.
- The roster (your XMPP contact list) is stored on the server's database.
- Chat history is stored on the server in the same form as on the chat itself, meaning unencrypted chat is stored in plain-text and encrypted chat is stored encrypted. Additionally, the chat history, if specified by user on per chatroom basis, is stored on the server for a period of 6 months.
- Chat history is stored on the server in the same form as on the chat itself, meaning unencrypted chat is stored in plain-text and encrypted chat is stored encrypted. Additionally, the chat history, if specified by user on per chatroom basis, is stored on the server for a period of 6 months. You can decide to not have any history stored on the server per chat.
- Server logs, which store information such as, but not limited to, your IP address and your username are stored for a period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- Server logs, which store information such as, but not limited to, your IP address and your username are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.
- Given that XMPP is a **federated** protocol, when interacting with users or chat-rooms hosted on third party servers, data is sent to other independently operated and owned servers in the network over which we have no control.
@ -190,9 +194,9 @@ We store all data in our own servers, located in the Netherlands.
- **No log data** (IP address, session cookie, etc.) is stored on the server.
- The only situation where logs can be enabled is in case of troubleshooting. Logs are then enabled for duration of the problem fixing time and are purged immediately after.
- Logs may be enabled occasionally in case of troubleshooting. Logs are then enabled for the duration of problem assessment and are purged immediately after.
- No search queries are saved on the server nor any personal information of our users is leaked to the other search engine.
- Personal information of our users is never leaked to the other search engines.
<a name="upload"></a>
@ -202,7 +206,7 @@ We store all data in our own servers, located in the Netherlands.
- **No log data** (IP address, session cookie, etc.) is stored on the server.
- The only situation where logs can be enabled is in case of troubleshooting. Logs are then enabled for duration of the problem fixing time and are purged immediately after.
- Logs may be enabled occasionally in case of troubleshooting. Logs are then enabled for the duration of problem assessment and are purged immediately after.
- All files uploaded to the server are **end-to-end encrypted** which means no one with access to the server can decrypt/read the data.
@ -230,7 +234,7 @@ We store all data in our own servers, located in the Netherlands.
- **No log data** (IP address, session cookie, etc.) is stored on the server.
- The only situation where logs can be enabled is in case of troubleshooting. Logs are then enabled for duration of the problem fixing time and are purged immediately after.
- Logs may be enabled occasionally in case of troubleshooting. Logs are then enabled for the duration of problem assessment and are purged immediately after.
- Poll data is stored on the server in the database as is (plain-text).
@ -244,7 +248,7 @@ We store all data in our own servers, located in the Netherlands.
- **No log data** (IP address, session cookie, etc.) is stored on the server.
- The only situation where logs can be enabled is in case of troubleshooting. Logs are then enabled for duration of the problem fixing time and are purged immediately after.
- Logs may be enabled occasionally in case of troubleshooting. Logs are then enabled for the duration of problem assessment and are purged immediately after.
- All files uploaded to the server are **end-to-end encrypted** which means no one with access to the server can decrypt/read the data.
@ -260,9 +264,9 @@ We store all data in our own servers, located in the Netherlands.
- **No log data** (IP address, session cookie, etc.) is stored on the server.
- Service does store your last used IP address in the database.
- The forum software stores your last used IP address in the database.
- All forum data (groups, threads, posts, usernames, email addresses) is stored on the server in the database as is (plain-text).
- All forum data (groups, threads, posts, usernames, email addresses) are stored on the server in the database as is (plain-text).
<a name="project_board"></a>
@ -270,7 +274,7 @@ We store all data in our own servers, located in the Netherlands.
- This service requires login with **Disroot** credentials.
- Server logs, which store information such as, but not limited to, your IP address, your username, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- Server logs, which store information such as, but not limited to, your IP address, your username, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.
- All board data (usernames, project data, email addresses) is stored on the server in the database as is (plain-text).
@ -290,13 +294,13 @@ We store all data in our own servers, located in the Netherlands.
- This service requires to create a separate account.
- Server logs, which store information such as, but not limited to, your IP address, your username, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- Server logs, which store information such as, but not limited to, your IP address, your username, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.
- This service works on **federated protocols** which means your public posts are shared/transfered to other independently operated servers in the network over which we have no control.
- Private posts/messages are only sent to users on other servers if you intentionally interact with them.
- Private posts/messages are sent to users on other servers only if you intentionally choose to interact with them.
- All pod data (usernames, email addresses, posts and messages, polls, contacts, photos and images) is stored on the server in the database as is (plain-text).
- All pod data (usernames, email addresses, posts and messages, polls, contacts, photos and images) are stored on the server in the database as is (plain-text).
<a name="git"></a>
@ -304,9 +308,9 @@ We store all data in our own servers, located in the Netherlands.
- This service requires to create a separate git account to interact with others.
- Server logs, which store information such as, but not limited to, your IP address, your username, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- Server logs, which store information such as, but not limited to, your IP address, your username, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.
- All git data such as, but not limited to, usernames, email addresses, messages, code, files, versions, pull requests, etc., is stored on the server in the database as is (plain-text).
- All git data such as, but not limited to, usernames, email addresses, messages, code, files, versions, pull requests, etc., are stored on the server in the database as is (plain-text).
[Back to top](#top)
@ -329,7 +333,8 @@ Under the **GDPR** you have a number of rights with regard to your personal data
* f. **Right to object** - The right to object to our use of your Data.
\* *Your* **Disroot username** *and* **Disroot email address** *are integral part of your user account and cannot be modified*.
\* *Your* **Disroot username** *and* **Disroot email address** *are integral part of your user account and cannot be modified.<br>
Usernames remain in the database, even after erasure request, to prevent old usernames being re-used by new users, compromising the privacy of both and enabling possible identity theft. For that reason, usernames of accounts that have been deleted remain in the database to avoid being reused. However, all the linked personal information is deleted permanently.*
You have the right to lodge a complain, make enquires, excercise any of the rights described above or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), by contacting us via email to:
@ -339,6 +344,9 @@ You have the right to lodge a complain, make enquires, excercise any of the righ
For the purposes of the **GDPR**, **Disroot.org** is the "data controller". This means that **Disroot** determines the purposes for which and the manner which your data is processed.
**Stichting Disroot.org**:<br>
Dutch Chamber of Commerce (KVK) number: 69988099
If you are not satisfied with the way your Data is handled by us, or think its processing is not appropriate, you have the right to send a complaint to the **Information Commissioners Office**.
**Dutch Data Protection Authority (Dutch DPA)**
@ -355,7 +363,7 @@ PO Box 93374<br>
<a name="access_information"></a>
## 5.1. Access to your information
Access to your personal data, stored files and other information you provide to any of the services offered by **Disroot.org** is under your control. This means that all data stored on our services that are bound to personal information (services that require logging in) are available for you to download either for archival purposes or to transfer to another compatible website.
Access to your personal data, stored files and other information you provide to any of the services offered by **Disroot.org** is under your control. This means that all data stored on our services that are bound to personal information (services that require logging in) are available for you to download either for archival purposes or to transfer to another compatible service.
#### To learn how to access and self-export your personal data
@ -370,7 +378,7 @@ Access to your personal data, stored files and other information you provide to
<a name="changes"></a>
# 6. Changes on this Privacy Policy
# 6. Changes on this Privacy Statement
From time to time we may need to update this Privacy Statement. If we decide to do so, all changes will be publicly available and will be communicated to all users via the forum, our social networks and blog post. We recommend that you regularly check for any changes on this Statement.