Initial commit #14

Closed
muppeth wants to merge 1 commit from 4._Per_service_detailed_privacy_notices into 1.2

View file

@ -16,6 +16,91 @@ fontcolor: '#FFF'
- How do we store your data?
3. Where the data is stored?
4. Per service detailed privacy notices
4.1 - **Email Service**
- All emails, unless encrypted by user (with gpg for example) are stored on our servers in unencrypted.
- IP addresses of currently logged in users via IMAP/POP3 protocol are stored as long as the device is logged in to the server. *(per each device logged in)*
- Server logs which store information such as but not limited to: your username and your IP Address, *from* and *to* email addresses, IP addresses of servers the emails come in or go out to, are stored for period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- Given the email is **federated** protocol when interacting with email addresses hosted on third party servers, data is send to other independently operated and owned servers in the network we have no control
- Service requires login with Disroot credentials
4.2 - **Disroot Cloud** (https://cloud.disroot.org)
- All files send to the cloud are encrypted with a keypair created based on the user password, to create extra level of security. Note however that the keys are stored on the server which compromises the level of security to some degree (once attacker knows your password and obtained the encryption key-pair can decrypt the data). However **no** "Master Key" does exist on our setup which means admins cannot decrypt any files stored on the cloud without knowing user's password prior.
- Everything else except for files (calendars, contacts, news, tasks, bookmarks etc) is stored unencrypted in a database, unless an app provides external encryption (non so far). This is the unfortunate restriction of the software we are utilizing for this service (nextcloud).
- Server Logs which store information such as but not limited to: Your IP address, your username, an app currently used, Error messages and User Agent, are stored for period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- Service requires login with Disroot credentials
4.3 - **Disroot XMPP Chat**
- Chat history if specified by user on per chatroom basis is stored on the server for period of 6 months.
- Roster (your XMPP contact list) is stored on the server's database
- Chat history is stored on the server in the same form as on the chat itself, meaning unencrypted chat is stored in plain-text and encrypted chat is stored encrypted
- Server logs which store information such as but not limited to: your IP address and your username are stored for period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- Given the XMPP is **federated** chat protocol when interacting with users or chat-rooms hosted on third party servers, data is send to other independently operated and owned servers in the network we have no control
- Files uploaded to the server as stored as is for period of 6 months.
- Service requires login with Disroot credentials
4.4 - **Disroot SearX** (https://search.disroot.org)
- **No Log data** (IP address, session cookie etc) is stored on the server.
- The only situation where logs can be enabled is in case of troubleshooting. Logs are then enabled only for duration of the problem fixing time and are purged immediately
- No search queries are saved on the server nor any personal information of our users is leaked to the other search engine.
- Service does not require login or providing any personal data
4.5 - **Disroot Upload** (upload.disroot.org)
- **No Log data** (IP address, session cookie etc) is stored on the server.
- The only situation where logs can be enabled is in case of troubleshooting. Logs are then enabled only for duration of the problem fixing time and are purged immediately
- All files uploaded to the server are **end-to-end encrypted** which means no one with access to the server can decrypt/read the data
- Files uploaded to the server are wiped based on the retention period set by user upon upload
- Service does not require login or providing any personal data
4.6 - **Disroot Pads** (https://pad.disroot.org and https://calc.disroot.org)
- **No Log data** (IP address, session cookie etc) is stored on the server.
- We do not collect any other personal data that can be linked to the pads.
- Pad content is stored on the server in the database as is (plain-text).
- Untouched pads expire after 6 months and are then removed from the server.
- Service does not require login or providing any personal data
4.7 - **Disroot Polls** (https://poll.disroot.org)
- **No Log data** (IP address, session cookie etc) is stored on the server.
- The only situation where logs can be enabled is in case of troubleshooting. Logs are then enabled only for duration of the problem fixing time and are purged immediately
- Poll data is stored on the server in the database as is (plain-text)
- Expired polls (depending on user setting during poll creation) are removed from the database
- Service does not require login or providing any personal data
4.8 - **Disroot bin** (https://bin.disroot.org)
- **No Log data** (IP address, session cookie etc) is stored on the server.
- The only situation where logs can be enabled is in case of troubleshooting. Logs are then enabled only for duration of the problem fixing time and are purged immediately
- All files uploaded to the server are **end-to-end encrypted** which means noone with access to the server can decrypt/read the data
- Files uploaded to the server are wiped based on the retention period set by user upon upload
- Comments and discussions under pastes are end-to-end encrypted
- Service does not require login or providing any personal data
4.9 - **Disroot Forum** (https://forum.disroot.org)
- **No Log data** (IP address, session cookie etc) is stored on the server.
- Service does store your last used IP address in the database
- All forum data (groups, threads, posts, usernames, email addresses) is stored on the server in the database as is (plain-text).
- Service requires you to create separate forum only account or use disroot credentials to interact with discussions
4.9 - **Disroot Project Board** (https://board.disroot.org)
- Server Logs which store information such as but not limited to: Your IP address, your username, Error messages and User Agent, are stored for period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- All board data (usernames, project data, email addresses) is stored on the server in the database as is (plain-text).
- Service requires login with Disroot credentials
4.10 - **Disroot Conference calls** (https://calls.disroot.org)
- **No Log data** (IP address, session cookie etc) is stored on the server.
- No user data is permanently stored on the server
4.11 - **Disroot diaspora pod** (https://pod.disroot.org)
- Server Logs which store information such as but not limited to: Your IP address, your username, Error messages and User Agent, are stored for period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- Due to the Federated nature of the service. Your public posts are shared/transfered to other independently operated servers in the network we have no control over.
- Private posts/messages are only send to users on other servers if you intentionally interact with them
- All pod data (usernames, email addresses, posts and messages,polls, contacts, photos and images) is stored on the server in the database as is (plain-text).
4.12 - **Disroot GIT** (https://git.disroot.org)
- Server Logs which store information such as but not limited to: Your IP address, your username, Error messages and User Agent, are stored for period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
- All git data such as but not limited to usernames, email addresses, messages, code, files, versions, pull request data is stored on the server in the database as is (plain-text).
- Service requires you to create separate git only account to interact with the others
5. Your rights
- Access to your information
6. Changes on this Privacy Policy