forked from vern/website
280 lines
11 KiB
HTML
280 lines
11 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width">
|
|
<meta name="description" content="Legalese privacy policy for ~vern">
|
|
<meta name="keywords" content="~vern, vern, free software, privacy, tilde, tildeverse, privacy policy, policy, legal, legalese">
|
|
<link rel="stylesheet" href="//gcdn.vern.cc/vernsite/style.css">
|
|
<title>Privacy Policy | ~vern</title>
|
|
</head>
|
|
<body>
|
|
<!--#include file="nav.php" -->
|
|
<h1>Privacy Policy</h1>
|
|
<p>Copyright © Vern.cc 2022, licensed under CC-BY-SA 4.0 or later.</p>
|
|
|
|
<p>This privacy policy describes how vern ("vern.cc", "we", "us",
|
|
"~vern") collects personal information and to what degree, it also
|
|
describes what rights you have regarding your privacy on vern
|
|
services.</p>
|
|
|
|
<p>~vern hosts a set of publicly accessible services available for
|
|
everyone to use, examples include the Invidious front-end, these will
|
|
be referred to as public services. These are in contrast to private or
|
|
member-only services which require registration, approval from
|
|
a vern administrator, or both, to use.</p>
|
|
|
|
<h1>What information do we collect on public services?</h1>
|
|
|
|
<p>Vern by default does not collect any personally-identifiable
|
|
information on publicly accessible services, IP addresses may or may
|
|
not appear on automatically-generated log files but these
|
|
automatically-generated log files are deleted every 48 hours.</p>
|
|
|
|
<p>Your browser or system may or may not send additional information
|
|
such as user-agents and these may or may not be present in
|
|
automatically-generated log files.</p>
|
|
|
|
<p>The following information is collected in log files, this is not a
|
|
complete or exhaustive list and additional information might be
|
|
collected:</p>
|
|
|
|
<ol>
|
|
<li>IP address</li>
|
|
<p>To connect to any website, an IP address is sent by your system to
|
|
establish a connection, sending your IP address is unavoidable though
|
|
you can use proxies or virtual private networks to mask your true IP
|
|
address.</p>
|
|
|
|
<li>User-agent</li>
|
|
<p>Your browser might send this string which contains, among other
|
|
things, your specific operating system, your specific browser and
|
|
specific details such as the kernel version or layout engine used.</p>
|
|
</ol>
|
|
|
|
<h1>What information do we collect on private or member-only services?
|
|
</h1>
|
|
|
|
<p>Vern only collects information that you directly provide. Most
|
|
services suggest you add information about yourself but this is not
|
|
required, and you can mostly leave these out.</p>
|
|
|
|
<p>When you register with vern, the following personal information is
|
|
recorded:</p>
|
|
<ol>
|
|
<li>Username</li>
|
|
<p>Your username is used to allow you to login to vern services.</p>
|
|
|
|
<li>Password</li>
|
|
<p>Your password is used to allow you to login to vern services.</p>
|
|
|
|
<li>Email</li>
|
|
<p>Your email is used to contact you about whether or not your account
|
|
has been approved and it is also used to register you for services
|
|
that do not use usernames. Your email is not shared with any
|
|
third-parties and we take security regarding user-data very seriously.
|
|
</p>
|
|
|
|
<li>SSH keys</li>
|
|
<p>In addition, your SSH public key is also stored to give you access
|
|
to specific vern services such as the pubnix service and your SSH
|
|
public key might contain extra information in and of itself.</p>
|
|
</ol>
|
|
|
|
<p>The following information may or may not be recorded when you
|
|
access privacy or member-only vern services, this is not an
|
|
exhaustive list and is not intended to be interpreted as such:</p>
|
|
|
|
<li>Your full name</li>
|
|
<p>Some services might ask you to provide a full name, this is not
|
|
shared with third-parties.</p>
|
|
|
|
<li>Email addresses</li>
|
|
<p>Some services might ask you to provide an email address, this email
|
|
address might be shown publicly with an option to hide it but it is
|
|
not shared with any third-parties.</p>
|
|
|
|
<li>Date of birth</li>
|
|
<p>Some services might ask you to provide your date of birth, this in
|
|
turn might be used to process whether or not you will be able to
|
|
access adult content or it might be shown publicly with an option to
|
|
hide it. Your date of birth is not shared with any third-parties.</p>
|
|
|
|
<li>Basic account info</li>
|
|
<p>Some services might ask for a display name, biography, avatar,
|
|
profile picture or profile header. These might be shown publicly with
|
|
an option to hide some portions, this information is not shared with
|
|
any third-parties<p>
|
|
|
|
<li>Messages, posts and chats. (Non-federated services)</li>
|
|
<p>Some services allow you to communicate with other users, your chats
|
|
are stored but not shared with any third-parties, these chats might
|
|
also be public, it depends on the service.</p>
|
|
|
|
<li>Messages, posts and chats. (Federated services)</li>
|
|
<p>Some services allow you to communicate with other users on
|
|
different servers not controlled by vern, these servers may or may not
|
|
record your chats and may or may not share them with third-parties.
|
|
Regarding this, vern cannot guarantee that your messages will be
|
|
deleted when requested simply because vern does not control the
|
|
servers which your message will reach. Additionally, some of your
|
|
messages might be "bridged" to other platforms in which case, it is
|
|
even harder to get them removed, rectified or erased.</p>
|
|
|
|
<li>IPs and other metadata</li>
|
|
<p>Your system, browser or application may or may not send information
|
|
in the form of IP addresses and other forms such as user-agents, this
|
|
information thus in turn might be recorded on automatically-generated
|
|
log files, but as mentioned above, these log files are deleted every
|
|
48 hours, in addition to being private and not shared to any
|
|
third-parties.</p>
|
|
|
|
<h1>What do we use your personal information for?</h1>
|
|
|
|
<h2>Core service functionality</h2>
|
|
|
|
<p>Some services require personal information or the core
|
|
functionality will not work, in some cases, you can substitute the
|
|
personal information for pseudonymous or false information but this is
|
|
very rarely the case. Most services on vern require some amount of
|
|
personal information to provide core functionality.</p>
|
|
|
|
<h2>To aid in moderation, or to detect malicious activity</h2>
|
|
|
|
<p>Your personal information might be collected and processed to
|
|
create automatically-generated log files which might then be used to
|
|
detect malicious activity, or to aid in moderation of other users, or
|
|
to detect bots that are improperly programmed.</p>
|
|
|
|
<p>Automatically-generated log files are deleted every 48 hours,
|
|
though in some cases, the administrators can choose to keep some log
|
|
files, such as in the case of an outage or attack on vern
|
|
infrastructure.</p>
|
|
|
|
<h2>To be used in aggregated and anonymized statistics</h2>
|
|
|
|
<p>Some services might provide a set of anonymized statistics to the
|
|
public in which case your information might be used but anonymized
|
|
later.</p>
|
|
|
|
<h1>How do we protect your personal information?</h1>
|
|
|
|
<p>Vern employs a variety of security measures to protect personal
|
|
information from being breached by crackers or malicious actors. These
|
|
measures include hashing or encryption, containerization and other
|
|
industry-standard measures.</p>
|
|
|
|
<h1>What is our data retention policy?</h1>
|
|
|
|
<p>Automatically-generated log files or server logs are deleted every
|
|
48 hours but in some cases might be kept for longer to investigate
|
|
malicious behavior as outlined above.</p>
|
|
|
|
<p>Information that you provide to vern might be stored indefinitely
|
|
or as long as vern survives, unless you personally delete it yourself
|
|
or request vern to delete it.</p>
|
|
|
|
<h1>Do we use cookies and other technologies?</h1>
|
|
|
|
<p>Yes. Some services on vern use cookies to store your preferences or
|
|
to see if you are logged in, these cookies do not store any
|
|
personally-identifiable information in most cases.</p>
|
|
|
|
<h1>Is information shared to other third-parties?</h1>
|
|
|
|
<p>Some vern services are federated, meaning that any messages, chats,
|
|
account data and the like are shared with any similar servers,
|
|
examples include the Matrix chatting service and Mastodon
|
|
social-networking service, these services can share your messages,
|
|
chats and other data to third-party servers which vern does not
|
|
control. However, in most cases, this information is not personal.</p>
|
|
|
|
<p>Other vern services do not share your information with
|
|
third-parties. It's important that we distinguish between personal
|
|
information and regular information. No vern service will ever share
|
|
your personal information with any third-parties.</p>
|
|
|
|
<p>We care about your privacy!</p>
|
|
|
|
<h1>What are my rights?</h1>
|
|
|
|
<h2>Your rights under the GDPR</h2>
|
|
|
|
<p>If your area has enacted the General Data Protection Regulation or
|
|
similar law or regulation then you have the following rights:</p>
|
|
|
|
<ul>
|
|
<li>The right of access</li>
|
|
<p>The right of access ensures you are allowed to know what personal
|
|
information vern has collected, stored or recorded about you.</p>
|
|
|
|
<li>The right to rectification</li>
|
|
<p>The right to rectification means that you are allowed to change any
|
|
personal information about you on vern services that you see as
|
|
invalid, false or misleading</p>
|
|
|
|
<li>The right to erasure</li>
|
|
<p>The right to erasure means that any personally-identifiable
|
|
information that vern has collected, stored or recorded about you
|
|
will be deleted in up to 96 hours after the initial request. Note that
|
|
you will have to provide us with some personal information that we can
|
|
go search for and delete.</p>
|
|
</ul>
|
|
|
|
<p>There are other rights but these cannot be exercised or used on
|
|
vern services for various reasons including that vern does not
|
|
discriminate based on personal information or use automated
|
|
processing.</p>
|
|
|
|
<p>To exercise your GDPR rights, send an email to legal@vern.cc</p>
|
|
|
|
<h2>Your rights under the CCPA</h2>
|
|
|
|
<p>You have the following rights as a Californian citizen under the
|
|
California Consumer privacy act:</p>
|
|
|
|
<ul>
|
|
<li>The Right to Know</li>
|
|
<p>The right to know ensures you are allowed to know what personal
|
|
information vern has collected, stored or recorded about you.</p>
|
|
|
|
<li>The Right to Delete</li>
|
|
<p>The right to delete means that any personally-identifiable
|
|
information that vern has collected, stored or recorded about you will
|
|
be deleted in up to 96 hours after the initial request. Note that you
|
|
will have to provide us with some personal information that we can go
|
|
search for and delete.</p>
|
|
</ul>
|
|
|
|
<p>There are other rights but these cannot be exercised or used on
|
|
vern services for various reasons including that vern does not
|
|
discriminate based on personal information or use automated
|
|
processing.</p>
|
|
|
|
<p>To exercise your CCPA rights, send an email to legal@vern.cc</p>
|
|
|
|
<h2>Your rights everywhere else</h2>
|
|
|
|
<p>Vern believes that every individual deserves these three universal
|
|
rights regarding data protection, we do not believe that certain areas
|
|
deserve more priority or that certain areas get to have privacy rights
|
|
and others do not.</p>
|
|
|
|
<p>Here are your rights regarding privacy on vern services:</p>
|
|
|
|
<ul>
|
|
<li>The Right to be forgotten</li>
|
|
<p>The right to be forgotten means that any personally-identifiable
|
|
information that vern has collected, stored or recorded about you will
|
|
be deleted in up to 96 hours after the initial request. Note that you
|
|
will have to provide us with some personal information that we can go
|
|
search for and delete.</p>
|
|
</ul>
|
|
|
|
<p>To exercise these rights, send an email to deletion@vern.cc</p>
|
|
|
|
|
|
<!--#include file="footer.cgi" -->
|
|
</body>
|
|
</html>
|