327 lines
16 KiB
HTML
327 lines
16 KiB
HTML
{{define "title"}}Privacy Policy{{end}}
|
|
{{define "content"}}
|
|
<div class="block">
|
|
<section class="hero is-light is-bold">
|
|
<div class="hero-body">
|
|
<div class="container">
|
|
<h1 class="title">Privacy Policy</h1>
|
|
</div>
|
|
</div>
|
|
</section>
|
|
</div>
|
|
|
|
<div class="block p-4">
|
|
<div class="content">
|
|
<p>
|
|
This page describes the treatment of your data and privacy-related aspects of this website.
|
|
</p>
|
|
|
|
<p>
|
|
We reserve the right to update this page in the future. Here at {{PrettyTitle}} we are
|
|
committed to respecting user privacy and are morally opposed to all of the shady tracking
|
|
and selling of user data that goes on with other websites. We will not sell your information
|
|
(including your e-mail address) and any kind of analytics software that may be added in the
|
|
future will be "self-hosted" with your data never leaving our servers.
|
|
</p>
|
|
|
|
<p>
|
|
This page was last updated on <strong>July 27, 2023.</strong>
|
|
</p>
|
|
|
|
<p>
|
|
<em>
|
|
Any use of the word "we" on this page refers to the royal we; as this website is
|
|
actually run by just one very passionate software engineer.
|
|
</em>
|
|
</p>
|
|
|
|
<h1>Website Privacy Features</h1>
|
|
|
|
<p>
|
|
Members of this website have the following features available in their settings to control
|
|
their privacy from other members of the site:
|
|
</p>
|
|
|
|
<ul>
|
|
<li>
|
|
By default, your profile page on {{PrettyTitle}} may <strong>only</strong> be seen
|
|
by logged-in members of the website.
|
|
</li>
|
|
<li>
|
|
You may mark your entire profile as "Private" which limits some of the contact you
|
|
may receive:
|
|
<ul>
|
|
<li>
|
|
Only users you have approved as a friend can see your profile and your
|
|
photo gallery.
|
|
</li>
|
|
<li>
|
|
Your photos will <strong>never</strong> appear on the Site Gallery - not
|
|
even to your friends. They will only see your photos by visiting your
|
|
profile page directly.
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
Optionally, you may mark your Public profile to allow a limited "logged out" view which
|
|
shows only your square profile picture and display name. This may be useful to link to
|
|
your profile from external sites (like Twitter) so the visitor isn't just redirected to a
|
|
"login required" page.
|
|
</li>
|
|
<li>
|
|
Profile photos have visibility settings including Public, Friends-only or Private:
|
|
<ul>
|
|
<li>
|
|
<strong>Public</strong> photos will appear on your profile page to any logged-in
|
|
member of the website, except for members who you have blocked.
|
|
</li>
|
|
<li>
|
|
<strong>Friends-only</strong> photos will only appear to members who you have
|
|
accepted a friend request from, or members who have accepted a friend request
|
|
that was sent by you ("friends").
|
|
</li>
|
|
<li>
|
|
<strong>Private</strong> photos are visible only to yourself and any members
|
|
for whom you have unlocked your private photos. You may also revoke access to
|
|
your private photos after you had granted a member access.
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
<strong>Notice:</strong> the square default profile picture that appears on your page
|
|
will always be visible to all logged-in users. The full size version on your Gallery
|
|
page may be restricted to friends or private, but the square cropped version that appears
|
|
next to your username on many parts of the website is always seen by logged-in users.
|
|
</li>
|
|
</ul>
|
|
|
|
<h3>Site-Wide Photo Gallery</h3>
|
|
|
|
<p>
|
|
One of the features of the website is the "Site Gallery" which features <strong>public</strong>
|
|
photos of all members who have opted those photos to appear in the <strong>Gallery</strong>.
|
|
</p>
|
|
|
|
<p>
|
|
When you are uploading or editing a photo, there is a checkbox labeled "Gallery" where you
|
|
can opt your photo in (or out) of the Site Gallery. Only your <strong>public</strong> photos
|
|
will appear on the Site Gallery by default; your <strong>friends-only</strong> photos may
|
|
appear there for people you approved as a friend, or your private photos to people for whom
|
|
you have granted access. You are also able to <em>exclude</em> a photo from the Site Gallery
|
|
by unchecking the "Gallery" box on that photo -- then it will only be viewable on your own
|
|
profile page, given its other permissions (friends/private).
|
|
</p>
|
|
|
|
<h3>Deletion of User Data</h3>
|
|
|
|
<p>
|
|
When you delete your data (including photos) from this website, it will <strong>really</strong>
|
|
be deleted. This website is currently run as a "passion project" on the owner's own budget and
|
|
web hosting costs can get expensive when a website grows popular! So your deleted photos are
|
|
<em>actually</em> removed from the server hard drive. You can verify this for yourself by
|
|
right-clicking and "Open image in a new tab" in your browser, delete it, and refresh the other
|
|
tab and see that the image URL no longer exists!
|
|
</p>
|
|
|
|
<p>
|
|
Members are free to <a href="/account/delete">delete their accounts</a> and your data will be
|
|
<em>scrubbed</em> from the server: your photos deleted and all database records about your
|
|
account (including your profile data, direct messages, forum posts, comments, and so on) are
|
|
removed. This is for full compliance with privacy regulations such as GDPR and CCPA.
|
|
</p>
|
|
|
|
<h3 id="moderators">Moderators</h3>
|
|
|
|
<p>
|
|
To help enforce community standards, website administrators are able to access ANY user photo.
|
|
Specifically, this will include the following photos:
|
|
</p>
|
|
|
|
<ul>
|
|
<li>All photos uploaded to your Profile Page, including private and friends-only photos.</li>
|
|
<li>Any photo uploaded onto the Forums.</li>
|
|
</ul>
|
|
|
|
<p>
|
|
The contents of your Direct Messages are NOT regularly reviewed by site administrators. Your
|
|
privacy is respected in one-on-one chats with others. However, if a user reports your message
|
|
for violating the <a href="/tos">Terms of Use</a> the messages may be reviewed by an
|
|
administrator to verify the report and take action as needed.
|
|
</p>
|
|
|
|
<h1 id="direct-messages">Direct Messages</h1>
|
|
|
|
<p>
|
|
<span class="tag is-success">NEW: July 27 2023 - Clarification added</span>
|
|
</p>
|
|
|
|
<p>
|
|
Please behave honorably in your use of Direct Messages, whether on the main website or inside
|
|
the chat room. The global <a href="/tos">website rules</a> apply. {{PrettyTitle}} admins do NOT
|
|
regularly review the contents of your Direct Messages (your right to privacy is respected), however
|
|
if your conversation partner reports your message to the moderators we MAY look
|
|
at your message history to verify the report and take action if needed.
|
|
</p>
|
|
|
|
<p>
|
|
<strong>Especially important:</strong> do not break the law as it pertains to the United States
|
|
or California, where the web server resides, with your conduct in direct messages. Please do not
|
|
put the entire website at risk. Your photo WILL be included in the report to law enforcement if
|
|
it comes down to that.
|
|
</p>
|
|
|
|
<p>
|
|
We do not at this time, but reserve the right to implement in the future, software algorithms which MAY
|
|
automatically scan the contents of Direct Messages and collect URL links to websites shared or
|
|
flag messages based on keywords to detect egregious violations of the website's <a href="/tos">Terms of Service</a>.
|
|
For a good rule of thumb, behave as though this is already the case.
|
|
</p>
|
|
|
|
<h3>DMs on the Website</h3>
|
|
|
|
<p>
|
|
Direct Messages on the main website are stored, <strong>not encrypted</strong>, in the database and
|
|
it is within the technical capabilities of site admins to review them if needed. We have safeguards
|
|
in place to deter admins from snooping without being detected: it triggers an e-mail alert to other
|
|
admins and the access is logged. Do NOT expect any guarantee of security or privacy in your Direct Message
|
|
conversations.
|
|
</p>
|
|
|
|
<p>
|
|
Website DMs allow plain text messages only. Picture sharing is NOT supported in DMs for (what should be) very obvious
|
|
reasons. We do not want users to store images on our web server that would be out of view of site
|
|
admins' ability to moderate the website. See <a href="#moderators">Moderators</a> for a description of
|
|
what website admins can access in the aim of ensuring the integrity of the platform and help protect
|
|
the site from legal risks created by our members.
|
|
</p>
|
|
|
|
<p>
|
|
Do NOT share URL links to websites which harbor or facilitate illegal content or activity.
|
|
</p>
|
|
|
|
<h3>DMs on the Chat Room</h3>
|
|
|
|
<p>
|
|
Direct Messages on the chat room are NOT stored persistently on the server. They are sent directly
|
|
back out to the recipient(s) as they come in.
|
|
</p>
|
|
|
|
<p>
|
|
DMs are NOT monitored by admins on the chat room: the software is not programmed to reveal them on
|
|
the front-end web page to moderators. However, they MAY be logged as part of the chat server's operation,
|
|
especially if the server is running in debug mode which may sometimes happen while a new feature is being
|
|
developed or a bug is being researched and fixed. The log file is NOT regularly monitored except when
|
|
debugging an issue.
|
|
</p>
|
|
|
|
<p>
|
|
Messages in general on the chat server are NOT end-to-end encrypted -- they are protected only by
|
|
standard website (https) encryption but the chat server sees them, momentarily as it may be, in plain
|
|
text.
|
|
</p>
|
|
|
|
<p>
|
|
Messages sent to your chat partner may be cached on their web browser page until they close the window
|
|
or refresh the chat. You may "take back" individual messages by clicking on the red
|
|
<i class="fa fa-rotate-left has-text-danger"></i> icon which will remove it from everyone else's screen
|
|
who saw that message. Deleting your DM thread only removes the thread from your view, but does not remove
|
|
the thread from your partner's view. This is communicated in a pop-up before you delete the DM thread.
|
|
</p>
|
|
|
|
<h1>Email Addresses</h1>
|
|
|
|
<p>
|
|
All members begin signup by verifying control of an e-mail inbox. On this website, your e-mail
|
|
address is used for the following purposes:
|
|
</p>
|
|
|
|
<ul>
|
|
<li>For logging in to your account (as an alternative to logging in using your username).</li>
|
|
<li>To deliver e-mail notifications or to get in touch with you if necessary (see below).</li>
|
|
</ul>
|
|
|
|
<p>
|
|
We will <strong>NOT</strong> sell your e-mail address or send you any spam or junk mail
|
|
and will <strong>NEVER</strong> do so in the future.
|
|
</p>
|
|
|
|
<h3>What kinds of e-mail messages we send</h3>
|
|
|
|
<p>
|
|
Currently the website only sends <strong>transactional</strong> e-mails (not marketing emails!)
|
|
in response to important actions on the website, including (exhaustively):
|
|
</p>
|
|
|
|
<ul>
|
|
<li>
|
|
Upon first sign-up we send an e-mail to verify you control the email address you are
|
|
signing up with. This message contains a link to click to verify you control that
|
|
e-mail inbox and resume signing up an account on this website.
|
|
</li>
|
|
<li>
|
|
If you have forgotten your password and request a password reset via e-mail, we will
|
|
send you a message to your e-mail inbox with a link to click to set a new password
|
|
for your account.
|
|
</li>
|
|
<li>
|
|
If you change your e-mail address in your settings, a message will be sent to the
|
|
new e-mail address to verify you control the new address.
|
|
</li>
|
|
<li>
|
|
When your Certification Photo is either approved or rejected by a site administrator,
|
|
you will receive a notification message to your e-mail inbox.
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
In the future, the website MAY gain a feature to deliver a "daily digest" e-mail if you
|
|
have any pending friend requests or unread Direct Messages on this site. There will be
|
|
controls on your Settings page to control such a feature.
|
|
</p>
|
|
|
|
<h1>Cookies</h1>
|
|
|
|
<p>
|
|
This website uses <strong>functional cookies only</strong> and does not run any advertisements
|
|
or third-party trackers. The exhaustive list of website cookies and their use cases are as
|
|
follows:
|
|
</p>
|
|
|
|
<ul>
|
|
<li>
|
|
A <strong>session ID</strong> cookie to remember your login status as you browse the
|
|
website. This cookie holds a randomly generated unique value that corresponds to
|
|
server-side storage about the details of your login status. The server-side details
|
|
include, exhaustively: your login status (true/false), your user ID number, any temporary
|
|
"flashed" success or error messages (which appear at the tops of pages in green or red
|
|
banners on your next page load), and a "last seen" time stamp.
|
|
</li>
|
|
<li>
|
|
A cookie to protect against a <strong>cross site request forgery</strong>
|
|
(<a href="https://owasp.org/www-community/attacks/csrf" target="_blank">CSRF</a>) type
|
|
of cyber attack. This cookie holds a randomly generated unique value that helps protect
|
|
you from a rogue third-party website attempting to perform actions on behalf of your
|
|
account on this website.
|
|
</li>
|
|
</ul>
|
|
|
|
<h3>Analytics Software</h3>
|
|
|
|
<p>
|
|
In the future we MAY deploy self-hosted analytics software to help understand how the
|
|
website is being used and identify any pain points that users may be running into. This
|
|
would probably be <a href="https://matomo.org/" target="_blank">Matomo analytics</a>,
|
|
a free and open source program that would run on the same web servers as this website,
|
|
so that analytics data does NOT leave this site and go to a third party such as Google
|
|
or Facebook.
|
|
</p>
|
|
|
|
<p>
|
|
The author of this website is a privacy & security nut and he respects <em>your</em>
|
|
privacy as well. Matomo Analytics is GDPR compliant, automatically respects your web
|
|
browser's "Do Not Track" header and can be opted out of.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
{{end}}
|