Privacy Policy First complete draft #20
meaz
muppeth
antilopa
fede
Loading…
Reference in New Issue
No description provided.
Delete Branch "outline_PP"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This is an almost complete draft of the PP.
Great job @fede !
Here are some comments/suggestions:
SearX: we don't say NExtcloud, but cloud. So we should do the same for each service.
1. What data do we collect?
We also require an email on account creation... Even if it then deleted, I guess we should say it.
2.What we do not do with your data
We do not sell nor share your data to third party unless in case of federated services which requires certain data to operate (e.g. other email service provider needs to know your email address to be able to deliver emails). -> I would split than in two parts so that people don't think that some datas are sold in case of federated services. So something like this:
We do not sell your data to third party.
We do not share your data to third party unless in case of federated services which requires certain data to operate (e.g. other email service provider needs to know your email address to be able to deliver emails).
We do not require any additional information that is not crucial for the operation of the service (we do not ask for additional email addresses, phone numbers) -> I would remove "additional email addresse" as we do ask for one on account creation.
4.3
I'd talk about roster first, then chat history. Coz at the moment it is chat history, roster, then chat history again.
Files are stored for 6 months? That is long. @muppeth do we think it is necessary? 3 months is realy enought I think.
4.11
For consistency, I would title that "Disroot calls" instead of "Disroot Conference calls"
5.
Is there an email for the Dutch Data Protection Authority (Dutch DPA) ? That would be easier for people than a postal address.
I would either change "some of the data is shared" to "some of the data is shared or trasfered". Some of the data also lands on other servers (like the posts, messages etc).
I think we are missing a sentence here mentioning all additional information collected when using services, such us IP addresses etc. which is not optional but depending on the service is handled/stored in different ways.
We should still keep the other email address as well
data.protection.officer@disroot.org - Person repsponsible for Privacy Policy
Made few remarks inline on the pull request. Additionally @antilopa we still miss the entire administrative part which should be included in the PP.
@meaz I corrected some of the points you marked.
Dutch DPA has no public email except for press related stuff.
perfect @fede
Looking good @fede
@antilopa please reserve some time to work on the administrative bits today/tomorrow so we can finalize it and send it over to few people to look into it, and give their feedback before we merge
I will do it today!
" We do not read/look nor process your personal data, emails, files, etc., stored on our servers unless needed for troubleshooting purposes, or under suspicion of breaking Terms Of Services in which case we ask for prior permission from you or inform you afterwards of all actions taken against the account in the transparency report addressed to account holder"
fingers crossed, it never happens, but shouldn't be mentioned that this will be different in case of a lawful authority order?
"We utilise “end to end” and/or “server-side” encryption whenever it is possible in software used to provide maximum security for the users"
Me personal don't like vague statements. name it or leave it.
@avg_joe
What do you mean with "vague statements"? The "whenever it is possible..." part?
Yes
yeah perhaps we should add something about authorities. Should check what posteo says about it.
As for the other one, we should perhaps just leave "Full disk encryption on all the servers" and then make sure e2ee and server side is for sure mentioned in the per service breakdown
@ -0,0 +1,273 @@---title: Privacy PolicyPrivacy Statement
@ -0,0 +48,4 @@----<a name="coverage"></a># What this Privacy Policy covers?Linda wrote that we may have to skip the part about the protocols,
@ -0,0 +50,4 @@<a name="coverage"></a># What this Privacy Policy covers?This Privacy Policy applies to all services hosted on **Disroot.org** and its sub-domains. It does not extend to any websites or web services that can be accessed from our platform including, but not limited to, any federated services and social media websites outside **Disroot**. In the specific case of the so-called federated services, and because of the very nature of the protocols they use (which has the ability to send messages, likes, share files, chat, among others features) some of the data is necessarily shared with other entities or transferred to them, therefore these interactions are out of this Privacy Policy's scope.<br>In any case, is important to **note that sharing data with other services providers is a user's choice** and is configured by the users in their settings per service including the decision of with whom and what to share.In any case, is important to note that sharing data (see 1.What data do we collect?) with other services providers is a user's choice and is configured by the users in their settings per service including the decision of with whom and what to share.
@ -0,0 +54,4 @@<a name="definitions"></a>## Definitions used on this Privacy Policy- **Data**: According to the **GDPR**, data is any information that can be used to identify a person, either directly (real name, phone number, IP address, etc.) or indirectly (any combination of the aforementioned plus device fingerprints, cookies, etc). In the specific context of the use of our platform, it is the minimum information required for the proper operation of the services provided by **Disroot.org** as well as the information the user optionally submit on any of them.We should add a very short explaination of what is the GDPR + a link to the law with its number
@ -0,0 +69,4 @@# 1. What data do we collect?- Account creation requires a valid email address which is deleted from our database after the account has been approved/denied.- We require a username and password to identify the account holder and provide the services offered by **Disroot.org**.- Necessary information related to the operation and functioning of the services, which may include, for example, IP address, User Agent, etc. *More detailed information about this and how we handle it can be found in the [Per service privacy notices](#per_services).*We should precise that we get this information only when an user starts using a service. If he doesn't use a service, then we need only username, password for email, right?
@ -0,0 +70,4 @@- Account creation requires a valid email address which is deleted from our database after the account has been approved/denied.- We require a username and password to identify the account holder and provide the services offered by **Disroot.org**.- Necessary information related to the operation and functioning of the services, which may include, for example, IP address, User Agent, etc. *More detailed information about this and how we handle it can be found in the [Per service privacy notices](#per_services).*- When you make an online donation to **Disroot.org**, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the "How do we store your data?" section. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.Linda says we should remove every occurence of "only"
@ -0,0 +71,4 @@- We require a username and password to identify the account holder and provide the services offered by **Disroot.org**.- Necessary information related to the operation and functioning of the services, which may include, for example, IP address, User Agent, etc. *More detailed information about this and how we handle it can be found in the [Per service privacy notices](#per_services).*- When you make an online donation to **Disroot.org**, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the "How do we store your data?" section. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.- All additional information you supply on any of the services provided by us is **optional**.you consent instead of you supply
@ -0,0 +78,4 @@<a name="what_we_do"></a>## 1.1. What do we do with your data?- Our processing of your information is limited to storing it for you to use.is limited to provide the service...
@ -0,0 +79,4 @@## 1.1. What do we do with your data?- Our processing of your information is limited to storing it for you to use.- We store logs of your activity for a period no longer than 24hs (unless specified otherwise per service). This data is used to help diagnose software issues, maintain security of the system against intrusion, and monitor the health of the platform.are logs anonymized or identifiable?
@ -0,0 +108,4 @@- We do not require any additional information that is not crucial for the operation of the service (we do not ask for phone numbers, private personal data, home address).- We do not read/look nor process your personal data, emails, files, etc., stored on our servers unless needed for troubleshooting purposes, or under suspicion of breaking **Terms Of Services** in which case we ask for prior permission from you or inform you afterwards of all actions taken against the account in the transparency report addressed to account holder.we process the data to provide the services
@ -0,0 +134,4 @@## 4.2 - **Disroot Cloud** (https://cloud.disroot.org)- All files sent to the cloud are encrypted with a key-pair created based on the user password, to add an extra level of security. Note however that the keys are stored on the server, which compromises the level of security to some degree (e.g.: once an attacker knows your password and obtained the encryption key-pair, can decrypt the data). However **no** "Master Key" does exist on our setup, which means the Admins cannot decrypt any files stored on the cloud without knowing user's password prior.- Everything else except for files (calendars, contacts, news, tasks, bookmarks, etc) is stored unencrypted in a database, unless an app provides external encryption (none so far). This is a disadvantaged restriction of the software we are utilizing for this service (Nextcloud).- Server logs, which store information such as, but not limited to, your IP address, your username, an app currently used, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.the part about brute force may be a bit technical
@ -0,0 +230,4 @@* e. **Right to Data portability** - The right to move, copy or transfer your Data.* f. **Right to object** - The right to object to our use of your Data.\* *This not applies to* **username** *and* **email address** *as they are integral part of your user account and cannot be modified*."This doesn't apply."
Linda says it always applies...
email address and/or usernames are under legitimate interets to remain in the database, even after erasure request.
@ -0,0 +239,4 @@For the purposes of the **GDPR**, **Disroot.org** is the "data controller". This means that **Disroot** determines the purposes for which and the manner which your data is processed.If you are not satisfied with the way a compliant you make regarding to how your Data is handled by us, you have the right to send a complaint to the **Information Commissioners’ Office**.if you feel like the processing of your data is not appropriate
Pull request closed