Update privacy policy for more transparency
This commit is contained in:
parent
0143fd752f
commit
898be65327
|
@ -77,8 +77,10 @@
|
|||
</p>
|
||||
|
||||
<p>
|
||||
Your notes will not be visible to <strong>{{.User.Username}}</strong> but <em>will</em> be visible
|
||||
to website administrators.
|
||||
Your notes will not normally be visible to <strong>{{.User.Username}}</strong> but <em>will</em> be visible
|
||||
to website administrators. <strong class="has-text-danger">Please be mindful of what you write</strong> in
|
||||
case of the unlikely event that your notes could be legally required to be disclosed to
|
||||
<strong>{{.User.Username}}</strong> sometime in the future.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
</p>
|
||||
|
||||
<p>
|
||||
This page was last updated on <strong>July 27, 2023.</strong>
|
||||
This page was last updated on <strong>October 24, 2023.</strong>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
@ -149,12 +149,511 @@
|
|||
administrator to verify the report and take action as needed.
|
||||
</p>
|
||||
|
||||
<h1 id="direct-messages">Direct Messages</h1>
|
||||
<h1 id="third-parties">Third Parties</h1>
|
||||
|
||||
<p>
|
||||
<span class="tag is-success">NEW: July 27 2023 - Clarification added</span>
|
||||
<span class="tag is-success">Added: Oct 24 2023</span>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
{{PrettyTitle}} does not share data with <strong>ANY</strong> third party company.
|
||||
The website and chat room (both custom applications built specifically for {{PrettyTitle}}) run on
|
||||
a single web server. There are <strong>NO</strong> third-party analytics, advertisements, or any
|
||||
data sharing agreement with any third-party company -- all user data is stored in-house on the
|
||||
{{PrettyTitle}} web server.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The features on {{PrettyTitle}} are designed in a privacy-first manner in order to avoid relying
|
||||
on any third-party services. For example:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
Collecting coarse location data by IP address is done via the Maxmind GeoIP database -- using
|
||||
a <strong>local copy</strong> of the database that sits on the {{PrettyTitle}} server, so that
|
||||
these location lookups can happen "offline" and your IP address is not sent to any third party.
|
||||
</li>
|
||||
<li>
|
||||
On the "Who's Nearby" settings page you have the option to drop a pin on a map as a way to set your
|
||||
location for other members to search for you. The map widget provides tiles loaded anonymously
|
||||
from the <a href="https://www.openstreetmap.org">Open Streetmap</a> public API.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h1 id="data">Data Collection and Use</h1>
|
||||
|
||||
<p>
|
||||
<span class="tag is-success">Added: Oct 24 2023</span>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
This section will enumerate all of the kinds of data that {{PrettyTitle}} collects and stores
|
||||
about user accounts and how it is used.
|
||||
</p>
|
||||
|
||||
<h3>Required Account Information</h3>
|
||||
|
||||
<p>
|
||||
The following information is the bare minimum required for all {{PrettyTitle}} user accounts,
|
||||
why we require it and how it is used.
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<strong>E-mail Address</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>Why it's required:</strong>
|
||||
We need a way to get in touch with you if needed. You can log in to your account using
|
||||
your e-mail address, and if you forget your password, you may send a password reset request
|
||||
via e-mail to your inbox to allow you to regain access to your account.
|
||||
</li>
|
||||
<li>
|
||||
<strong>What it's used for:</strong>
|
||||
We will rarely send transactional e-mail notifications to the address on file: on account
|
||||
signup, to verify you control the e-mail address; when your certification photo is approved
|
||||
or rejected; or when you request a reset for your forgotten password.
|
||||
</li>
|
||||
<li>
|
||||
<strong>Who we share it with:</strong>
|
||||
Nobody. The author of this website is philosophically opposed to the sharing of e-mail addresses
|
||||
with third party companies. Your e-mail address will NOT be shared or used for marketing e-mails,
|
||||
but used only for the aforementioned minimally required website functionality.
|
||||
</li>
|
||||
<li>
|
||||
<strong>See also:</strong> the <a href="#email-addresses">Email Addresses</a>
|
||||
section of this page, below, for more in-depth information.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Username</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>Why it's required:</strong>
|
||||
Your username is your unique handle on the website and makes for a better identifier than an ID number.
|
||||
</li>
|
||||
<li>
|
||||
<strong>What it's used for:</strong>
|
||||
Your username will appear in the URL address bar when visiting your profile page or gallery, and is displayed
|
||||
on most pages where your account is mentioned, such as in comment threads, the Member Directory, or on the
|
||||
chat room.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Account Password</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>Why it's required:</strong>
|
||||
To protect your account from an unauthorized login by somebody else.
|
||||
</li>
|
||||
<li>
|
||||
<strong>Security details:</strong>
|
||||
Passwords are hashed using the <a href="https://en.wikipedia.org/wiki/Bcrypt">Bcrypt</a> secure hashing
|
||||
algorithm with a cost factor tuned to take several milliseconds to compute the hash. Each user password
|
||||
has a distinct salt, which is randomized on each password reset. Bcrypt is designed to slow down efforts
|
||||
to brute force guess passwords in the event that a hacker obtained a list of Bcrypt password.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Date of Birth</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>Why it's required:</strong>
|
||||
We want to know that all of our members are legal adults 18 years or older. You birthdate can derive your
|
||||
age and help to remove ambiguity especially for younger members (into their 20's) in case of any uncertainty.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How you can protect it:</strong>
|
||||
From the first time the website asks you for your birthdate, there is a checkbox to NOT display your computed
|
||||
age on your profile page. Checking this box will remove the ability for other members to search for your profile
|
||||
by age or see how old you are, or by extension, guess when your birthdate may be if they happened to see your
|
||||
age update on the site.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3>Optional Profile Information</h3>
|
||||
|
||||
<p>
|
||||
The following information is all <strong>optional</strong> for members to fill in, and may be displayed on your
|
||||
profile page or allow members to search for you by these fields (for example, the Member Directory allows to browse
|
||||
members by gender, relationship status, age range, or sexual orientation).
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<strong>Display Name:</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>What it is:</strong>
|
||||
Your display name is a free-form text box where you can write anything you want to go by, other than your
|
||||
username. You can use your first name, nickname, or write your username in the capitalization and style
|
||||
you prefer. If you don't fill out a Display Name, your username is shown in its place.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How it's used:</strong>
|
||||
On the chat room, your display name can appear next to your username. Your display name also appears
|
||||
on your profile page and the Member Directory.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Gender:</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>How it's used:</strong>
|
||||
It is displayed on your profile page; members may find you in search when filtering by gender;
|
||||
when you enter the chat room your profile button may display in a color-coded blue, pink or purple
|
||||
color based on your category of chosen gender (male-presenting, female-presenting, or non-binary).
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Pronouns:</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>How it's used:</strong>
|
||||
It is displayed on your profile page and search result card on the Member Directory.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>City:</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>What this is:</strong>
|
||||
The "City" field is a free-form text box and you can write as little or as much as you want.
|
||||
It is not tied or validated to be location data and is not used to derive your location at all.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How it's used:</strong>
|
||||
It is displayed on your profile page and search result card on the Member Directory.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Job:</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>How it's used:</strong>
|
||||
It is displayed on your profile page only.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>(Sexual) Orientation:</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>How it's used:</strong>
|
||||
It is displayed on your profile page and search result card on the Member Directory.
|
||||
Members may find you in search when filtering by orientation.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Relationship Status:</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>How it's used:</strong>
|
||||
It is displayed on your profile page and search result card on the Member Directory.
|
||||
Members may find you in search when filtering by relationship status.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Relationship Type:</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>What this is:</strong>
|
||||
This is an optional qualifying field that describes your type of relationship:
|
||||
monogamous, open.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How it's used:</strong>
|
||||
It is displayed on your profile page and search result card on the Member Directory.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>About Me:</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>What this is:</strong>
|
||||
This is a free-form essay-style field where you can write a few sentences or
|
||||
paragraphs about yourself.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How it's used:</strong>
|
||||
It is displayed on your profile page only.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Interests, Music/Movies:</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>What this is:</strong>
|
||||
These are free-form essay-style fields where you can write a few sentences or
|
||||
paragraphs about yourself.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How it's used:</strong>
|
||||
It is displayed on your profile page only.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3>Other User Information</h3>
|
||||
|
||||
<p>
|
||||
This section covers other information that the website may store in relation to your user account.
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<strong>Messages (website)</strong>
|
||||
<ul>
|
||||
<li>
|
||||
If you send or receive Direct Messages with other members on the website, these
|
||||
are stored in the database. See <a href="#direct-messages">Direct Messages</a> for
|
||||
in-depth information.
|
||||
</li>
|
||||
<li>
|
||||
The <strong>chat room</strong> does not have any database storage at all and Direct
|
||||
Messages on chat are not retained or stored.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Likes</strong>
|
||||
<ul>
|
||||
<li>
|
||||
As you click on "Like" buttons around the website, these are stored in the database
|
||||
as sets of "user ID, table name, table ID" triplets (for example, to store an entry about
|
||||
which photo ID or comment ID has been liked).
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Comments</strong> you have posted on forum threads or photos.
|
||||
</li>
|
||||
<li>
|
||||
<strong>Friends, Blocks, & Private Photo Grants</strong>
|
||||
<ul>
|
||||
<li>
|
||||
Friend lists, blocked users, and private photo grants are stored in relationship tables
|
||||
that associate a "source user ID" and "target user ID" to link the connection between
|
||||
accounts with an implied direction (e.g.: private photos are granted to somebody, or shared
|
||||
by somebody).
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Notifications & Subscriptions</strong>
|
||||
<ul>
|
||||
<li>
|
||||
Notifications are generated by user activity on the website, for example clicking the "Like"
|
||||
button on a photo will notify the owner of that photo about the like. Each user account has
|
||||
their own feed of notifications, shown only to themselves.
|
||||
</li>
|
||||
<li>
|
||||
Subscriptions are comment threads that will notify other parties (other than the owner of the
|
||||
thing being commented on) when further comments are added. Commenting on a photo or forum thread
|
||||
will subscribe you to be notified about future comments (by other people) on that same thread. You
|
||||
can opt-out of subscriptions using a link at the top of each comment thread, and the opt-out will
|
||||
be remembered. Alternatively, you may also opt-in to comment threads that you did not comment on by
|
||||
using the same link at the top of the thread.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Forum Threads</strong>
|
||||
<ul>
|
||||
<li>
|
||||
If you start a topic in the Forum, a Thread is created that holds some basic metadata
|
||||
about your topic (such as its title or 'explicit' setting). Threads have an associated
|
||||
"first comment" which is the message you wrote to start the thread.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Polls & Poll Votes</strong>
|
||||
<ul>
|
||||
<li>
|
||||
Forum threads may support an attached poll. If you vote on a poll, your vote is recorded
|
||||
in terms of your user ID to the poll ID and the choice you picked. Information about votes
|
||||
is not displayed on the website front-end, and is only used to tally up the count of votes
|
||||
for each of the presented options.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>User Notes</strong>
|
||||
<ul>
|
||||
<li>
|
||||
Users may write private notes to themselves about one another, for example to
|
||||
remember a topic that was discussed on the chat room. This data may be revealed to
|
||||
the subject of the note as part of a Data Access Request.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Feedback & Reports</strong>
|
||||
<ul>
|
||||
<li>
|
||||
{{PrettyTitle}} provides a feedback and reporting system so users may notify the site admin
|
||||
about objectionable content or behavior they witness on the site. Feedback items often record
|
||||
the user ID who posted the feedback, and a pointer to a user ID, photo ID, comment ID, or so on
|
||||
depending on what the subject of the report was about. Feedback generated by or about a user will
|
||||
be made available to that user as part of a Data Access Request.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>User Location</strong>
|
||||
<ul>
|
||||
<li>
|
||||
{{PrettyTitle}} has one database table that stores up to a single geolocation for user
|
||||
accounts. It is for the "Who's Nearby?" feature, which is <strong>opt-in</strong> and users
|
||||
are given a choice of how they want to share their location: automatically based on your IP
|
||||
address, via the Web Location API, or by dropping a pin on a map yourself to set your location
|
||||
to anywhere you want.
|
||||
</li>
|
||||
<li>
|
||||
The user location table stores up to <strong>one</strong> latitude/longitude coordinate for a user
|
||||
account, with the precision truncated to 2 (two) decimal places to defend against triangulation attacks.
|
||||
</li>
|
||||
<li>
|
||||
User locations are NOT revealed to other members on the site, only the rough distance away (to a resolution
|
||||
of miles and kilometers).
|
||||
</li>
|
||||
<li>
|
||||
No historical location data is collected: if a user refreshes their location, we update the
|
||||
stored latitude/longitude to the new values.
|
||||
</li>
|
||||
<li>
|
||||
Users may turn off the "Who's Nearby?" feature at any time, and their stored location data
|
||||
is immediately erased from the database.
|
||||
</li>
|
||||
<li>
|
||||
See more location-related details under "Device Information," below.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Two Factor Authentication</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>What it is:</strong>
|
||||
Two-Factor Authentication (2FA) is an opt-in feature to help better protect user accounts,
|
||||
by requiring an authentication device as part of the sign-in process in addition to your
|
||||
account password. It uses the industry standard Time-based One-Time Password (TOTP) algorithm.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How it's secured:</strong>
|
||||
The TOTP secret key (encoded in the QR code when you set up two-factor auth) is stored
|
||||
<strong>encrypted at rest</strong> in the database to protect the secret in case of a database compromise.
|
||||
Your one-time backup recovery codes are also stored, encrypted at rest in the database.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3>Device Information</h3>
|
||||
|
||||
<p>
|
||||
This section covers how we use information about your device, such as your IP address.
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<strong>IP Address</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>How we collect it:</strong>
|
||||
Your IP address may appear as part of standard web server logs as you access and browse the
|
||||
website - for example in HTTP access logs captured by our <a href="https://nginx.org">NGINX</a>
|
||||
reverse proxy server. Your IP address in these logs is <strong>NOT</strong> associated with your
|
||||
user account.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How we store it:</strong>
|
||||
{{PrettyTitle}} does <strong>NOT</strong> deliberately store your IP address anywhere
|
||||
in our application database -- we can see no reason for doing so.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>IP Address-based Geolocation</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>What this is:</strong>
|
||||
Some features of {{PrettyTitle}} will use your coarse (city-level) location that is obtained
|
||||
via an offline copy of the <a href="https://www.maxmind.com/en/home">Maxmind</a> GeoIP database which
|
||||
resides on the server. Maxmind publishes the GeoIP database that contains lookup information for
|
||||
all ranges of IP addresses on the Internet. {{PrettyTitle}} has an offline copy of this database
|
||||
so that location lookups can happen locally, without your IP address being shared with any third
|
||||
party.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How it is used:</strong>
|
||||
Within the context of certain specific web requests to the site, your IP address is used
|
||||
to look up coarse location information by using an offline copy of the Maxmind GeoIP database
|
||||
which resides on the web server:
|
||||
<ul>
|
||||
<li>
|
||||
When entering the chat room: the website will send you into the chat room with a
|
||||
country flag emoji and your coarse location (to two levels of subdivision) to
|
||||
display next to your username on chat. For example: "United States, Oregon" or
|
||||
"Canada, British Columbia."
|
||||
</li>
|
||||
<li>
|
||||
If you <strong>opt-in</strong> to share your location for the "Who's Nearby?"
|
||||
feature to allow other members to search for you by distance, one of the available
|
||||
options to provide your location is by using the GeoIP database which is based
|
||||
on your IP address. Your location would then be updated when you visit the Member
|
||||
Search Directory or your dashboard (home) page on the site.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<strong>Web Location API Geolocation</strong>
|
||||
<ul>
|
||||
<li>
|
||||
<strong>What this is:</strong>
|
||||
If you opt-in to share your location for the "Who's Nearby?" feature, one of your
|
||||
choices how to share your location is to use the Web Location API, where nonshy.com
|
||||
will ask your web browser for permission to access its location. This will often be
|
||||
backed by a GPS device or WiFi-based location source on your device.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How it is used:</strong>
|
||||
If you opt-in and choose to use this location source, the {{PrettyTitle}} website will
|
||||
ask for your location <strong>only</strong> on your Location Settings page, when you
|
||||
want to update or refresh your location. It is used for the "Who's Nearby?" feature to
|
||||
allow you to locate other members by distance to yourself.
|
||||
</li>
|
||||
<li>
|
||||
<strong>How you can control it:</strong>
|
||||
You can visit your Location Settings at any time and opt-out of the "Who's Nearby?"
|
||||
feature, or change your location source (e.g. to GeoIP based or drop a pin on a map
|
||||
yourself). If you turn off "Who's Nearby?" your stored location data is immediately
|
||||
erased from the server.
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h1 id="direct-messages">Direct Messages</h1>
|
||||
|
||||
<p>
|
||||
Please behave honorably in your use of Direct Messages, whether on the main website or inside
|
||||
the chat room. The global <a href="/tos">website rules</a> apply. {{PrettyTitle}} admins do NOT
|
||||
|
@ -228,7 +727,7 @@
|
|||
the thread from your partner's view. This is communicated in a pop-up before you delete the DM thread.
|
||||
</p>
|
||||
|
||||
<h1>Email Addresses</h1>
|
||||
<h1 id="email-addresses">Email Addresses</h1>
|
||||
|
||||
<p>
|
||||
All members begin signup by verifying control of an e-mail inbox. On this website, your e-mail
|
||||
|
@ -279,7 +778,7 @@
|
|||
controls on your Settings page to control such a feature.
|
||||
</p>
|
||||
|
||||
<h1>Cookies</h1>
|
||||
<h1 id="cookies">Cookies</h1>
|
||||
|
||||
<p>
|
||||
This website uses <strong>functional cookies only</strong> and does not run any advertisements
|
||||
|
@ -304,23 +803,6 @@
|
|||
account on this website.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<h3>Analytics Software</h3>
|
||||
|
||||
<p>
|
||||
In the future we MAY deploy self-hosted analytics software to help understand how the
|
||||
website is being used and identify any pain points that users may be running into. This
|
||||
would probably be <a href="https://matomo.org/" target="_blank">Matomo analytics</a>,
|
||||
a free and open source program that would run on the same web servers as this website,
|
||||
so that analytics data does NOT leave this site and go to a third party such as Google
|
||||
or Facebook.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The author of this website is a privacy & security nut and he respects <em>your</em>
|
||||
privacy as well. Matomo Analytics is GDPR compliant, automatically respects your web
|
||||
browser's "Do Not Track" header and can be opted out of.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
|
|
Loading…
Reference in New Issue
Block a user