Privacy Policy First complete draft #20

Closed
fede wants to merge 0 commits from outline_PP into master
fede commented 2 years ago
Owner

This is an almost complete draft of the PP.

This is an almost complete draft of the PP.
fede added this to the 1.2 milestone 2 years ago
meaz was assigned by fede 2 years ago
muppeth was assigned by fede 2 years ago
antilopa was assigned by fede 2 years ago
maryjane was assigned by fede 2 years ago
fede self-assigned this 2 years ago
Owner

Great job @fede !

Here are some comments/suggestions:

SearX: we don't say NExtcloud, but cloud. So we should do the same for each service.

1. What data do we collect?
We also require an email on account creation... Even if it then deleted, I guess we should say it.

2.What we do not do with your data
We do not sell nor share your data to third party unless in case of federated services which requires certain data to operate (e.g. other email service provider needs to know your email address to be able to deliver emails). -> I would split than in two parts so that people don't think that some datas are sold in case of federated services. So something like this:

  • We do not sell your data to third party.

  • We do not share your data to third party unless in case of federated services which requires certain data to operate (e.g. other email service provider needs to know your email address to be able to deliver emails).

We do not require any additional information that is not crucial for the operation of the service (we do not ask for additional email addresses, phone numbers) -> I would remove "additional email addresse" as we do ask for one on account creation.

4.3
I'd talk about roster first, then chat history. Coz at the moment it is chat history, roster, then chat history again.

Files are stored for 6 months? That is long. @muppeth do we think it is necessary? 3 months is realy enought I think.

4.11
For consistency, I would title that "Disroot calls" instead of "Disroot Conference calls"

5.
Is there an email for the Dutch Data Protection Authority (Dutch DPA) ? That would be easier for people than a postal address.

Great job @fede ! Here are some comments/suggestions: SearX: we don't say NExtcloud, but cloud. So we should do the same for each service. **1. What data do we collect?** We also require an email on account creation... Even if it then deleted, I guess we should say it. **2.What we do not do with your data** We do not sell nor share your data to third party unless in case of federated services which requires certain data to operate (e.g. other email service provider needs to know your email address to be able to deliver emails). -> I would split than in two parts so that people don't think that some datas are sold in case of federated services. So something like this: - We do not sell your data to third party. - We do not share your data to third party unless in case of federated services which requires certain data to operate (e.g. other email service provider needs to know your email address to be able to deliver emails). We do not require any additional information that is not crucial for the operation of the service (we do not ask for additional email addresses, phone numbers) -> I would remove "additional email addresse" as we do ask for one on account creation. **4.3** I'd talk about roster first, then chat history. Coz at the moment it is chat history, roster, then chat history again. Files are stored for 6 months? That is long. @muppeth do we think it is necessary? 3 months is realy enought I think. **4.11** For consistency, I would title that "Disroot calls" instead of "Disroot Conference calls" **5.** Is there an email for the Dutch Data Protection Authority (Dutch DPA) ? That would be easier for people than a postal address.
muppeth reviewed 2 years ago
pp_draft.md Outdated
Poster
Owner

I would either change "some of the data is shared" to "some of the data is shared or trasfered". Some of the data also lands on other servers (like the posts, messages etc).

I would either change "some of the data is shared" to "some of the data is shared or trasfered". Some of the data also lands on other servers (like the posts, messages etc).
muppeth reviewed 2 years ago
pp_draft.md Outdated
Poster
Owner

I think we are missing a sentence here mentioning all additional information collected when using services, such us IP addresses etc. which is not optional but depending on the service is handled/stored in different ways.

I think we are missing a sentence here mentioning all additional information collected when using services, such us IP addresses etc. which is not optional but depending on the service is handled/stored in different ways.
muppeth reviewed 2 years ago
Poster
Owner

We should still keep the other email address as well
data.protection.officer@disroot.org - Person repsponsible for Privacy Policy

We should still keep the other email address as well data.protection.officer@disroot.org - Person repsponsible for Privacy Policy
Owner

Made few remarks inline on the pull request. Additionally @antilopa we still miss the entire administrative part which should be included in the PP.

Made few remarks inline on the pull request. Additionally @antilopa we still miss the entire administrative part which should be included in the PP.
Poster
Owner

@meaz I corrected some of the points you marked.
Dutch DPA has no public email except for press related stuff.

@meaz I corrected some of the points you marked. Dutch DPA has no public email except for press related stuff.
meaz approved these changes 2 years ago
Owner

perfect @fede

perfect @fede
Owner

Looking good @fede

@antilopa please reserve some time to work on the administrative bits today/tomorrow so we can finalize it and send it over to few people to look into it, and give their feedback before we merge

Looking good @fede @antilopa please reserve some time to work on the administrative bits today/tomorrow so we can finalize it and send it over to few people to look into it, and give their feedback before we merge
antilopa approved these changes 2 years ago
Owner

I will do it today!

I will do it today!
Owner

" We do not read/look nor process your personal data, emails, files, etc., stored on our servers unless needed for troubleshooting purposes, or under suspicion of breaking Terms Of Services in which case we ask for prior permission from you or inform you afterwards of all actions taken against the account in the transparency report addressed to account holder"

fingers crossed, it never happens, but shouldn't be mentioned that this will be different in case of a lawful authority order?

"We utilise “end to end” and/or “server-side” encryption whenever it is possible in software used to provide maximum security for the users"

Me personal don't like vague statements. name it or leave it.

" We do not read/look nor process your personal data, emails, files, etc., stored on our servers unless needed for troubleshooting purposes, or under suspicion of breaking **Terms Of Services** in which case we ask for prior permission from you or inform you afterwards of all actions taken against the account in the transparency report addressed to account holder" fingers crossed, it never happens, but shouldn't be mentioned that this will be different in case of a lawful authority order? "We utilise “end to end” and/or “server-side” encryption whenever it is possible in software used to provide maximum security for the users" Me personal don't like vague statements. name it or leave it.
Poster
Owner

@avg_joe
What do you mean with "vague statements"? The "whenever it is possible..." part?

@avg_joe What do you mean with "vague statements"? The "whenever it is possible..." part?
Owner

Yes

Yes
Owner

yeah perhaps we should add something about authorities. Should check what posteo says about it.

As for the other one, we should perhaps just leave "Full disk encryption on all the servers" and then make sure e2ee and server side is for sure mentioned in the per service breakdown

yeah perhaps we should add something about authorities. Should check what posteo says about it. As for the other one, we should perhaps just leave "Full disk encryption on all the servers" and then make sure e2ee and server side is for sure mentioned in the per service breakdown
muppeth reviewed 2 years ago
meaz reviewed 2 years ago
---
title: Privacy Policy
meaz commented 2 years ago
Poster
Owner

Privacy Statement

Privacy Statement
----
<a name="coverage"></a>
# What this Privacy Policy covers?
meaz commented 2 years ago
Poster
Owner

Linda wrote that we may have to skip the part about the protocols,

Linda wrote that we may have to skip the part about the protocols,
<a name="coverage"></a>
# What this Privacy Policy covers?
This Privacy Policy applies to all services hosted on **Disroot.org** and its sub-domains. It does not extend to any websites or web services that can be accessed from our platform including, but not limited to, any federated services and social media websites outside **Disroot**. In the specific case of the so-called federated services, and because of the very nature of the protocols they use (which has the ability to send messages, likes, share files, chat, among others features) some of the data is necessarily shared with other entities or transferred to them, therefore these interactions are out of this Privacy Policy's scope.<br>
In any case, is important to **note that sharing data with other services providers is a user's choice** and is configured by the users in their settings per service including the decision of with whom and what to share.
meaz commented 2 years ago
Poster
Owner

In any case, is important to note that sharing data (see 1.What data do we collect?) with other services providers is a user's choice and is configured by the users in their settings per service including the decision of with whom and what to share.

In any case, is important to **note that sharing data (see 1.What data do we collect?) with other services providers is a user's choice** and is configured by the users in their settings per service including the decision of with whom and what to share.
<a name="definitions"></a>
## Definitions used on this Privacy Policy
- **Data**: According to the **GDPR**, data is any information that can be used to identify a person, either directly (real name, phone number, IP address, etc.) or indirectly (any combination of the aforementioned plus device fingerprints, cookies, etc). In the specific context of the use of our platform, it is the minimum information required for the proper operation of the services provided by **Disroot.org** as well as the information the user optionally submit on any of them.
meaz commented 2 years ago
Poster
Owner

We should add a very short explaination of what is the GDPR + a link to the law with its number

We should add a very short explaination of what is the GDPR + a link to the law with its number
# 1. What data do we collect?
- Account creation requires a valid email address which is deleted from our database after the account has been approved/denied.
- We require a username and password to identify the account holder and provide the services offered by **Disroot.org**.
- Necessary information related to the operation and functioning of the services, which may include, for example, IP address, User Agent, etc. *More detailed information about this and how we handle it can be found in the [Per service privacy notices](#per_services).*
meaz commented 2 years ago
Poster
Owner

We should precise that we get this information only when an user starts using a service. If he doesn't use a service, then we need only username, password for email, right?

We should precise that we get this information only when an user starts using a service. If he doesn't use a service, then we need only username, password for email, right?
- Account creation requires a valid email address which is deleted from our database after the account has been approved/denied.
- We require a username and password to identify the account holder and provide the services offered by **Disroot.org**.
- Necessary information related to the operation and functioning of the services, which may include, for example, IP address, User Agent, etc. *More detailed information about this and how we handle it can be found in the [Per service privacy notices](#per_services).*
- When you make an online donation to **Disroot.org**, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the "How do we store your data?" section. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
meaz commented 2 years ago
Poster
Owner

Linda says we should remove every occurence of "only"

Linda says we should remove every occurence of "only"
- We require a username and password to identify the account holder and provide the services offered by **Disroot.org**.
- Necessary information related to the operation and functioning of the services, which may include, for example, IP address, User Agent, etc. *More detailed information about this and how we handle it can be found in the [Per service privacy notices](#per_services).*
- When you make an online donation to **Disroot.org**, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the "How do we store your data?" section. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
- All additional information you supply on any of the services provided by us is **optional**.
meaz commented 2 years ago
Poster
Owner

you consent instead of you supply

you consent instead of you supply
<a name="what_we_do"></a>
## 1.1. What do we do with your data?
- Our processing of your information is limited to storing it for you to use.
meaz commented 2 years ago
Poster
Owner

is limited to provide the service...

is limited to provide the service...
## 1.1. What do we do with your data?
- Our processing of your information is limited to storing it for you to use.
- We store logs of your activity for a period no longer than 24hs (unless specified otherwise per service). This data is used to help diagnose software issues, maintain security of the system against intrusion, and monitor the health of the platform.
meaz commented 2 years ago
Poster
Owner

are logs anonymized or identifiable?

are logs anonymized or identifiable?
- We do not require any additional information that is not crucial for the operation of the service (we do not ask for phone numbers, private personal data, home address).
- We do not read/look nor process your personal data, emails, files, etc., stored on our servers unless needed for troubleshooting purposes, or under suspicion of breaking **Terms Of Services** in which case we ask for prior permission from you or inform you afterwards of all actions taken against the account in the transparency report addressed to account holder.
meaz commented 2 years ago
Poster
Owner

we process the data to provide the services

we process the data to provide the services
## 4.2 - **Disroot Cloud** (https://cloud.disroot.org)
- All files sent to the cloud are encrypted with a key-pair created based on the user password, to add an extra level of security. Note however that the keys are stored on the server, which compromises the level of security to some degree (e.g.: once an attacker knows your password and obtained the encryption key-pair, can decrypt the data). However **no** "Master Key" does exist on our setup, which means the Admins cannot decrypt any files stored on the cloud without knowing user's password prior.
- Everything else except for files (calendars, contacts, news, tasks, bookmarks, etc) is stored unencrypted in a database, unless an app provides external encryption (none so far). This is a disadvantaged restriction of the software we are utilizing for this service (Nextcloud).
- Server logs, which store information such as, but not limited to, your IP address, your username, an app currently used, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of logfiles are created. Logs are kept mainly to prevent brute-force attacks on accounts as well as provide quick insight when debugging issues.
meaz commented 2 years ago
Poster
Owner

the part about brute force may be a bit technical

the part about brute force may be a bit technical
* e. **Right to Data portability** - The right to move, copy or transfer your Data.
* f. **Right to object** - The right to object to our use of your Data.
\* *This not applies to* **username** *and* **email address** *as they are integral part of your user account and cannot be modified*.
meaz commented 2 years ago
Poster
Owner

"This doesn't apply."

Linda says it always applies...

email address and/or usernames are under legitimate interets to remain in the database, even after erasure request.

"This doesn't apply." Linda says it always applies... email address and/or usernames are under legitimate interets to remain in the database, even after erasure request.
For the purposes of the **GDPR**, **Disroot.org** is the "data controller". This means that **Disroot** determines the purposes for which and the manner which your data is processed.
If you are not satisfied with the way a compliant you make regarding to how your Data is handled by us, you have the right to send a complaint to the **Information Commissioners’ Office**.
meaz commented 2 years ago
Poster
Owner

if you feel like the processing of your data is not appropriate

if you feel like the processing of your data is not appropriate
fede closed this pull request 2 years ago
This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
No reviewers
No Milestone
5 Participants
Notifications
Due Date

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Loading…
There is no content yet.