From 898be65327030d75a3f5b7ebd18a4f7d76a66a85 Mon Sep 17 00:00:00 2001
From: Noah Petherbridge
Date: Tue, 24 Oct 2023 23:35:44 -0700
Subject: [PATCH] Update privacy policy for more transparency
---
web/templates/account/user_notes.html | 6 +-
web/templates/privacy.html | 526 ++++++++++++++++++++++++--
2 files changed, 508 insertions(+), 24 deletions(-)
diff --git a/web/templates/account/user_notes.html b/web/templates/account/user_notes.html
index c4d60f7..361c7fd 100644
--- a/web/templates/account/user_notes.html
+++ b/web/templates/account/user_notes.html
@@ -77,8 +77,10 @@
- Your notes will not be visible to {{.User.Username}} but will be visible
- to website administrators.
+ Your notes will not normally be visible to {{.User.Username}} but will be visible
+ to website administrators. Please be mindful of what you write in
+ case of the unlikely event that your notes could be legally required to be disclosed to
+ {{.User.Username}} sometime in the future.
diff --git a/web/templates/privacy.html b/web/templates/privacy.html
index 7a592d4..d1487ae 100644
--- a/web/templates/privacy.html
+++ b/web/templates/privacy.html
@@ -25,7 +25,7 @@
- This page was last updated on July 27, 2023.
+ This page was last updated on October 24, 2023.
@@ -149,12 +149,511 @@
administrator to verify the report and take action as needed.
- Direct Messages
+ Third Parties
- NEW: July 27 2023 - Clarification added
+ Added: Oct 24 2023
+
+ {{PrettyTitle}} does not share data with ANY third party company.
+ The website and chat room (both custom applications built specifically for {{PrettyTitle}}) run on
+ a single web server. There are NO third-party analytics, advertisements, or any
+ data sharing agreement with any third-party company -- all user data is stored in-house on the
+ {{PrettyTitle}} web server.
+
+
+
+ The features on {{PrettyTitle}} are designed in a privacy-first manner in order to avoid relying
+ on any third-party services. For example:
+
+
+
+ -
+ Collecting coarse location data by IP address is done via the Maxmind GeoIP database -- using
+ a local copy of the database that sits on the {{PrettyTitle}} server, so that
+ these location lookups can happen "offline" and your IP address is not sent to any third party.
+
+ -
+ On the "Who's Nearby" settings page you have the option to drop a pin on a map as a way to set your
+ location for other members to search for you. The map widget provides tiles loaded anonymously
+ from the Open Streetmap public API.
+
+
+
+ Data Collection and Use
+
+
+ Added: Oct 24 2023
+
+
+
+ This section will enumerate all of the kinds of data that {{PrettyTitle}} collects and stores
+ about user accounts and how it is used.
+
+
+ Required Account Information
+
+
+ The following information is the bare minimum required for all {{PrettyTitle}} user accounts,
+ why we require it and how it is used.
+
+
+
+ -
+ E-mail Address
+
+ -
+ Why it's required:
+ We need a way to get in touch with you if needed. You can log in to your account using
+ your e-mail address, and if you forget your password, you may send a password reset request
+ via e-mail to your inbox to allow you to regain access to your account.
+
+ -
+ What it's used for:
+ We will rarely send transactional e-mail notifications to the address on file: on account
+ signup, to verify you control the e-mail address; when your certification photo is approved
+ or rejected; or when you request a reset for your forgotten password.
+
+ -
+ Who we share it with:
+ Nobody. The author of this website is philosophically opposed to the sharing of e-mail addresses
+ with third party companies. Your e-mail address will NOT be shared or used for marketing e-mails,
+ but used only for the aforementioned minimally required website functionality.
+
+ -
+ See also: the Email Addresses
+ section of this page, below, for more in-depth information.
+
+
+
+ -
+ Username
+
+ -
+ Why it's required:
+ Your username is your unique handle on the website and makes for a better identifier than an ID number.
+
+ -
+ What it's used for:
+ Your username will appear in the URL address bar when visiting your profile page or gallery, and is displayed
+ on most pages where your account is mentioned, such as in comment threads, the Member Directory, or on the
+ chat room.
+
+
+
+ -
+ Account Password
+
+ -
+ Why it's required:
+ To protect your account from an unauthorized login by somebody else.
+
+ -
+ Security details:
+ Passwords are hashed using the Bcrypt secure hashing
+ algorithm with a cost factor tuned to take several milliseconds to compute the hash. Each user password
+ has a distinct salt, which is randomized on each password reset. Bcrypt is designed to slow down efforts
+ to brute force guess passwords in the event that a hacker obtained a list of Bcrypt password.
+
+
+
+ -
+ Date of Birth
+
+ -
+ Why it's required:
+ We want to know that all of our members are legal adults 18 years or older. You birthdate can derive your
+ age and help to remove ambiguity especially for younger members (into their 20's) in case of any uncertainty.
+
+ -
+ How you can protect it:
+ From the first time the website asks you for your birthdate, there is a checkbox to NOT display your computed
+ age on your profile page. Checking this box will remove the ability for other members to search for your profile
+ by age or see how old you are, or by extension, guess when your birthdate may be if they happened to see your
+ age update on the site.
+
+
+
+
+
+ Optional Profile Information
+
+
+ The following information is all optional for members to fill in, and may be displayed on your
+ profile page or allow members to search for you by these fields (for example, the Member Directory allows to browse
+ members by gender, relationship status, age range, or sexual orientation).
+
+
+
+ -
+ Display Name:
+
+ -
+ What it is:
+ Your display name is a free-form text box where you can write anything you want to go by, other than your
+ username. You can use your first name, nickname, or write your username in the capitalization and style
+ you prefer. If you don't fill out a Display Name, your username is shown in its place.
+
+ -
+ How it's used:
+ On the chat room, your display name can appear next to your username. Your display name also appears
+ on your profile page and the Member Directory.
+
+
+
+ -
+ Gender:
+
+ -
+ How it's used:
+ It is displayed on your profile page; members may find you in search when filtering by gender;
+ when you enter the chat room your profile button may display in a color-coded blue, pink or purple
+ color based on your category of chosen gender (male-presenting, female-presenting, or non-binary).
+
+
+
+ -
+ Pronouns:
+
+ -
+ How it's used:
+ It is displayed on your profile page and search result card on the Member Directory.
+
+
+
+ -
+ City:
+
+ -
+ What this is:
+ The "City" field is a free-form text box and you can write as little or as much as you want.
+ It is not tied or validated to be location data and is not used to derive your location at all.
+
+ -
+ How it's used:
+ It is displayed on your profile page and search result card on the Member Directory.
+
+
+
+ -
+ Job:
+
+ -
+ How it's used:
+ It is displayed on your profile page only.
+
+
+
+ -
+ (Sexual) Orientation:
+
+ -
+ How it's used:
+ It is displayed on your profile page and search result card on the Member Directory.
+ Members may find you in search when filtering by orientation.
+
+
+
+ -
+ Relationship Status:
+
+ -
+ How it's used:
+ It is displayed on your profile page and search result card on the Member Directory.
+ Members may find you in search when filtering by relationship status.
+
+
+
+ -
+ Relationship Type:
+
+ -
+ What this is:
+ This is an optional qualifying field that describes your type of relationship:
+ monogamous, open.
+
+ -
+ How it's used:
+ It is displayed on your profile page and search result card on the Member Directory.
+
+
+
+ -
+ About Me:
+
+ -
+ What this is:
+ This is a free-form essay-style field where you can write a few sentences or
+ paragraphs about yourself.
+
+ -
+ How it's used:
+ It is displayed on your profile page only.
+
+
+
+ -
+ Interests, Music/Movies:
+
+ -
+ What this is:
+ These are free-form essay-style fields where you can write a few sentences or
+ paragraphs about yourself.
+
+ -
+ How it's used:
+ It is displayed on your profile page only.
+
+
+
+
+
+ Other User Information
+
+
+ This section covers other information that the website may store in relation to your user account.
+
+
+
+ -
+ Messages (website)
+
+ -
+ If you send or receive Direct Messages with other members on the website, these
+ are stored in the database. See Direct Messages for
+ in-depth information.
+
+ -
+ The chat room does not have any database storage at all and Direct
+ Messages on chat are not retained or stored.
+
+
+
+ -
+ Likes
+
+ -
+ As you click on "Like" buttons around the website, these are stored in the database
+ as sets of "user ID, table name, table ID" triplets (for example, to store an entry about
+ which photo ID or comment ID has been liked).
+
+
+
+ -
+ Comments you have posted on forum threads or photos.
+
+ -
+ Friends, Blocks, & Private Photo Grants
+
+ -
+ Friend lists, blocked users, and private photo grants are stored in relationship tables
+ that associate a "source user ID" and "target user ID" to link the connection between
+ accounts with an implied direction (e.g.: private photos are granted to somebody, or shared
+ by somebody).
+
+
+
+ -
+ Notifications & Subscriptions
+
+ -
+ Notifications are generated by user activity on the website, for example clicking the "Like"
+ button on a photo will notify the owner of that photo about the like. Each user account has
+ their own feed of notifications, shown only to themselves.
+
+ -
+ Subscriptions are comment threads that will notify other parties (other than the owner of the
+ thing being commented on) when further comments are added. Commenting on a photo or forum thread
+ will subscribe you to be notified about future comments (by other people) on that same thread. You
+ can opt-out of subscriptions using a link at the top of each comment thread, and the opt-out will
+ be remembered. Alternatively, you may also opt-in to comment threads that you did not comment on by
+ using the same link at the top of the thread.
+
+
+
+ -
+ Forum Threads
+
+ -
+ If you start a topic in the Forum, a Thread is created that holds some basic metadata
+ about your topic (such as its title or 'explicit' setting). Threads have an associated
+ "first comment" which is the message you wrote to start the thread.
+
+
+
+ -
+ Polls & Poll Votes
+
+ -
+ Forum threads may support an attached poll. If you vote on a poll, your vote is recorded
+ in terms of your user ID to the poll ID and the choice you picked. Information about votes
+ is not displayed on the website front-end, and is only used to tally up the count of votes
+ for each of the presented options.
+
+
+
+ -
+ User Notes
+
+ -
+ Users may write private notes to themselves about one another, for example to
+ remember a topic that was discussed on the chat room. This data may be revealed to
+ the subject of the note as part of a Data Access Request.
+
+
+
+ -
+ Feedback & Reports
+
+ -
+ {{PrettyTitle}} provides a feedback and reporting system so users may notify the site admin
+ about objectionable content or behavior they witness on the site. Feedback items often record
+ the user ID who posted the feedback, and a pointer to a user ID, photo ID, comment ID, or so on
+ depending on what the subject of the report was about. Feedback generated by or about a user will
+ be made available to that user as part of a Data Access Request.
+
+
+
+ -
+ User Location
+
+ -
+ {{PrettyTitle}} has one database table that stores up to a single geolocation for user
+ accounts. It is for the "Who's Nearby?" feature, which is opt-in and users
+ are given a choice of how they want to share their location: automatically based on your IP
+ address, via the Web Location API, or by dropping a pin on a map yourself to set your location
+ to anywhere you want.
+
+ -
+ The user location table stores up to one latitude/longitude coordinate for a user
+ account, with the precision truncated to 2 (two) decimal places to defend against triangulation attacks.
+
+ -
+ User locations are NOT revealed to other members on the site, only the rough distance away (to a resolution
+ of miles and kilometers).
+
+ -
+ No historical location data is collected: if a user refreshes their location, we update the
+ stored latitude/longitude to the new values.
+
+ -
+ Users may turn off the "Who's Nearby?" feature at any time, and their stored location data
+ is immediately erased from the database.
+
+ -
+ See more location-related details under "Device Information," below.
+
+
+
+ -
+ Two Factor Authentication
+
+ -
+ What it is:
+ Two-Factor Authentication (2FA) is an opt-in feature to help better protect user accounts,
+ by requiring an authentication device as part of the sign-in process in addition to your
+ account password. It uses the industry standard Time-based One-Time Password (TOTP) algorithm.
+
+ -
+ How it's secured:
+ The TOTP secret key (encoded in the QR code when you set up two-factor auth) is stored
+ encrypted at rest in the database to protect the secret in case of a database compromise.
+ Your one-time backup recovery codes are also stored, encrypted at rest in the database.
+
+
+
+
+
+ Device Information
+
+
+ This section covers how we use information about your device, such as your IP address.
+
+
+
+ -
+ IP Address
+
+ -
+ How we collect it:
+ Your IP address may appear as part of standard web server logs as you access and browse the
+ website - for example in HTTP access logs captured by our NGINX
+ reverse proxy server. Your IP address in these logs is NOT associated with your
+ user account.
+
+ -
+ How we store it:
+ {{PrettyTitle}} does NOT deliberately store your IP address anywhere
+ in our application database -- we can see no reason for doing so.
+
+
+
+ -
+ IP Address-based Geolocation
+
+ -
+ What this is:
+ Some features of {{PrettyTitle}} will use your coarse (city-level) location that is obtained
+ via an offline copy of the Maxmind GeoIP database which
+ resides on the server. Maxmind publishes the GeoIP database that contains lookup information for
+ all ranges of IP addresses on the Internet. {{PrettyTitle}} has an offline copy of this database
+ so that location lookups can happen locally, without your IP address being shared with any third
+ party.
+
+ -
+ How it is used:
+ Within the context of certain specific web requests to the site, your IP address is used
+ to look up coarse location information by using an offline copy of the Maxmind GeoIP database
+ which resides on the web server:
+
+ -
+ When entering the chat room: the website will send you into the chat room with a
+ country flag emoji and your coarse location (to two levels of subdivision) to
+ display next to your username on chat. For example: "United States, Oregon" or
+ "Canada, British Columbia."
+
+ -
+ If you opt-in to share your location for the "Who's Nearby?"
+ feature to allow other members to search for you by distance, one of the available
+ options to provide your location is by using the GeoIP database which is based
+ on your IP address. Your location would then be updated when you visit the Member
+ Search Directory or your dashboard (home) page on the site.
+
+
+
+
+
+ -
+ Web Location API Geolocation
+
+ -
+ What this is:
+ If you opt-in to share your location for the "Who's Nearby?" feature, one of your
+ choices how to share your location is to use the Web Location API, where nonshy.com
+ will ask your web browser for permission to access its location. This will often be
+ backed by a GPS device or WiFi-based location source on your device.
+
+ -
+ How it is used:
+ If you opt-in and choose to use this location source, the {{PrettyTitle}} website will
+ ask for your location only on your Location Settings page, when you
+ want to update or refresh your location. It is used for the "Who's Nearby?" feature to
+ allow you to locate other members by distance to yourself.
+
+ -
+ How you can control it:
+ You can visit your Location Settings at any time and opt-out of the "Who's Nearby?"
+ feature, or change your location source (e.g. to GeoIP based or drop a pin on a map
+ yourself). If you turn off "Who's Nearby?" your stored location data is immediately
+ erased from the server.
+
+
+
+
+
+ Direct Messages
+
Please behave honorably in your use of Direct Messages, whether on the main website or inside
the chat room. The global website rules apply. {{PrettyTitle}} admins do NOT
@@ -228,7 +727,7 @@
the thread from your partner's view. This is communicated in a pop-up before you delete the DM thread.
- Email Addresses
+ Email Addresses
All members begin signup by verifying control of an e-mail inbox. On this website, your e-mail
@@ -279,7 +778,7 @@
controls on your Settings page to control such a feature.
- Cookies
+ Cookies
This website uses functional cookies only and does not run any advertisements
@@ -304,23 +803,6 @@
account on this website.
-
-
Analytics Software
-
-
- In the future we MAY deploy self-hosted analytics software to help understand how the
- website is being used and identify any pain points that users may be running into. This
- would probably be Matomo analytics,
- a free and open source program that would run on the same web servers as this website,
- so that analytics data does NOT leave this site and go to a third party such as Google
- or Facebook.
-
-
-
- The author of this website is a privacy & security nut and he respects your
- privacy as well. Matomo Analytics is GDPR compliant, automatically respects your web
- browser's "Do Not Track" header and can be opted out of.
-
{{end}}