website/web/templates/privacy.html
2024-04-25 22:37:22 -07:00

814 lines
41 KiB
HTML

{{define "title"}}Privacy Policy{{end}}
{{define "content"}}
<div class="block">
<section class="hero is-light is-bold">
<div class="hero-body">
<div class="container">
<h1 class="title">Privacy Policy</h1>
</div>
</div>
</section>
</div>
<div class="block p-4">
<div class="content">
<p>
This page describes the treatment of your data and privacy-related aspects of this website.
</p>
<p>
We reserve the right to update this page in the future. Here at {{PrettyTitle}} we are
committed to respecting user privacy and are morally opposed to all of the shady tracking
and selling of user data that goes on with other websites. We will not sell your information
(including your e-mail address) and any kind of analytics software that may be added in the
future will be "self-hosted" with your data never leaving our servers.
</p>
<p>
This page was last updated on <strong>April 25, 2024.</strong>
</p>
<p>
<em>
Any use of the word "we" on this page refers to the royal we; as this website is
actually run by just one very passionate software engineer.
</em>
</p>
<h1>Website Privacy Features</h1>
<p>
Members of this website have the following features available in their settings to control
their privacy from other members of the site:
</p>
<ul>
<li>
By default, your profile page on {{PrettyTitle}} may <strong>only</strong> be seen
by logged-in members of the website.
</li>
<li>
You may mark your entire profile as "Private" which limits some of the contact you
may receive:
<ul>
<li>
Only users you have approved as a friend can see your profile and your
photo gallery.
</li>
<li>
Your photos will <strong>never</strong> appear on the Site Gallery - not
even to your friends. They will only see your photos by visiting your
profile page directly.
</li>
</ul>
</li>
<li>
Optionally, you may mark your Public profile to allow a limited "logged out" view which
shows only your square profile picture and display name. This may be useful to link to
your profile from external sites (like Twitter) so the visitor isn't just redirected to a
"login required" page.
</li>
<li>
Profile photos have visibility settings including Public, Friends-only or Private:
<ul>
<li>
<strong>Public</strong> photos will appear on your profile page to any logged-in
member of the website, except for members who you have blocked.
</li>
<li>
<strong>Friends-only</strong> photos will only appear to members who you have
accepted a friend request from, or members who have accepted a friend request
that was sent by you ("friends").
</li>
<li>
<strong>Private</strong> photos are visible only to yourself and any members
for whom you have unlocked your private photos. You may also revoke access to
your private photos after you had granted a member access.
</li>
</ul>
</li>
<li>
<strong>Notice:</strong> the square default profile picture that appears on your page
will always be visible to all logged-in users. The full size version on your Gallery
page may be restricted to friends or private, but the square cropped version that appears
next to your username on many parts of the website is always seen by logged-in users.
</li>
</ul>
<h3>Site-Wide Photo Gallery</h3>
<p>
One of the features of the website is the "Site Gallery" which features <strong>public</strong>
photos of all members who have opted those photos to appear in the <strong>Gallery</strong>.
</p>
<p>
When you are uploading or editing a photo, there is a checkbox labeled "Gallery" where you
can opt your photo in (or out) of the Site Gallery. Only your <strong>public</strong> photos
will appear on the Site Gallery by default; your <strong>friends-only</strong> photos may
appear there for people you approved as a friend, or your private photos to people for whom
you have granted access. You are also able to <em>exclude</em> a photo from the Site Gallery
by unchecking the "Gallery" box on that photo -- then it will only be viewable on your own
profile page, given its other permissions (friends/private).
</p>
<h3>Deletion of User Data</h3>
<p>
When you delete your data (including photos) from this website, it will <strong>really</strong>
be deleted. This website is currently run as a "passion project" on the owner's own budget and
web hosting costs can get expensive when a website grows popular! So your deleted photos are
<em>actually</em> removed from the server hard drive. You can verify this for yourself by
right-clicking and "Open image in a new tab" in your browser, delete it, and refresh the other
tab and see that the image URL no longer exists!
</p>
<p>
Members are free to <a href="/account/delete">delete their accounts</a> and your data will be
<em>scrubbed</em> from the server: your photos deleted and all database records about your
account (including your profile data, direct messages, forum posts, comments, and so on) are
removed. This is for full compliance with privacy regulations such as GDPR and CCPA.
</p>
<h3 id="moderators">Moderators</h3>
<p>
To help enforce community standards, website administrators are able to access ANY user photo.
Specifically, this will include the following photos:
</p>
<ul>
<li>All photos uploaded to your Profile Page, including private and friends-only photos.</li>
<li>Any photo uploaded onto the Forums.</li>
</ul>
<p>
The contents of your Direct Messages are NOT regularly reviewed by site administrators. Your
privacy is respected in one-on-one chats with others. However, if a user reports your message
for violating the <a href="/tos">Terms of Use</a> the messages may be reviewed by an
administrator to verify the report and take action as needed.
</p>
<h1 id="third-parties">Third Parties</h1>
<p>
<span class="tag is-success">Added: Oct 24 2023</span>
</p>
<p>
{{PrettyTitle}} does not share data with <strong>ANY</strong> third party company.
The website and chat room (both custom applications built specifically for {{PrettyTitle}}) run on
a single web server. There are <strong>NO</strong> third-party analytics, advertisements, or any
data sharing agreement with any third-party company -- all user data is stored in-house on the
{{PrettyTitle}} web server.
</p>
<p>
The features on {{PrettyTitle}} are designed in a privacy-first manner in order to avoid relying
on any third-party services. For example:
</p>
<ul>
<li>
Collecting coarse location data by IP address is done via the Maxmind GeoIP database -- using
a <strong>local copy</strong> of the database that sits on the {{PrettyTitle}} server, so that
these location lookups can happen "offline" and your IP address is not sent to any third party.
</li>
<li>
On the "Who's Nearby" settings page you have the option to drop a pin on a map as a way to set your
location for other members to search for you. The map widget provides tiles loaded anonymously
from the <a href="https://www.openstreetmap.org">Open Streetmap</a> public API.
</li>
</ul>
<h1 id="data">Data Collection and Use</h1>
<p>
<span class="tag is-success">Added: Oct 24 2023</span>
</p>
<p>
This section will enumerate all of the kinds of data that {{PrettyTitle}} collects and stores
about user accounts and how it is used.
</p>
<h3>Required Account Information</h3>
<p>
The following information is the bare minimum required for all {{PrettyTitle}} user accounts,
why we require it and how it is used.
</p>
<ul>
<li>
<strong>E-mail Address</strong>
<ul>
<li>
<strong>Why it's required:</strong>
We need a way to get in touch with you if needed. You can log in to your account using
your e-mail address, and if you forget your password, you may send a password reset request
via e-mail to your inbox to allow you to regain access to your account.
</li>
<li>
<strong>What it's used for:</strong>
We will rarely send transactional e-mail notifications to the address on file: on account
signup, to verify you control the e-mail address; when your certification photo is approved
or rejected; or when you request a reset for your forgotten password.
</li>
<li>
<strong>Who we share it with:</strong>
Nobody. The author of this website is philosophically opposed to the sharing of e-mail addresses
with third party companies. Your e-mail address will NOT be shared or used for marketing e-mails,
but used only for the aforementioned minimally required website functionality.
</li>
<li>
<strong>See also:</strong> the <a href="#email-addresses">Email Addresses</a>
section of this page, below, for more in-depth information.
</li>
</ul>
</li>
<li>
<strong>Username</strong>
<ul>
<li>
<strong>Why it's required:</strong>
Your username is your unique handle on the website and makes for a better identifier than an ID number.
</li>
<li>
<strong>What it's used for:</strong>
Your username will appear in the URL address bar when visiting your profile page or gallery, and is displayed
on most pages where your account is mentioned, such as in comment threads, the Member Directory, or on the
chat room.
</li>
</ul>
</li>
<li>
<strong>Account Password</strong>
<ul>
<li>
<strong>Why it's required:</strong>
To protect your account from an unauthorized login by somebody else.
</li>
<li>
<strong>Security details:</strong>
Passwords are hashed using the <a href="https://en.wikipedia.org/wiki/Bcrypt">Bcrypt</a> secure hashing
algorithm with a cost factor tuned to take several milliseconds to compute the hash. Each user password
has a distinct salt, which is randomized on each password reset. Bcrypt is designed to slow down efforts
to brute force guess passwords in the event that a hacker obtained a list of Bcrypt password.
</li>
</ul>
</li>
<li>
<strong>Date of Birth</strong>
<ul>
<li>
<strong>Why it's required:</strong>
We want to know that all of our members are legal adults 18 years or older. You birthdate can derive your
age and help to remove ambiguity especially for younger members (into their 20's) in case of any uncertainty.
</li>
<li>
<strong>How you can protect it:</strong>
From the first time the website asks you for your birthdate, there is a checkbox to NOT display your computed
age on your profile page. Checking this box will remove the ability for other members to search for your profile
by age or see how old you are, or by extension, guess when your birthdate may be if they happened to see your
age update on the site.
</li>
</ul>
</li>
</ul>
<h3>Optional Profile Information</h3>
<p>
The following information is all <strong>optional</strong> for members to fill in, and may be displayed on your
profile page or allow members to search for you by these fields (for example, the Member Directory allows to browse
members by gender, relationship status, age range, or sexual orientation).
</p>
<ul>
<li>
<strong>Display Name:</strong>
<ul>
<li>
<strong>What it is:</strong>
Your display name is a free-form text box where you can write anything you want to go by, other than your
username. You can use your first name, nickname, or write your username in the capitalization and style
you prefer. If you don't fill out a Display Name, your username is shown in its place.
</li>
<li>
<strong>How it's used:</strong>
On the chat room, your display name can appear next to your username. Your display name also appears
on your profile page and the Member Directory.
</li>
</ul>
</li>
<li>
<strong>Gender:</strong>
<ul>
<li>
<strong>How it's used:</strong>
It is displayed on your profile page; members may find you in search when filtering by gender;
when you enter the chat room your profile button may display in a color-coded blue, pink or purple
color based on your category of chosen gender (male-presenting, female-presenting, or non-binary).
</li>
</ul>
</li>
<li>
<strong>Pronouns:</strong>
<ul>
<li>
<strong>How it's used:</strong>
It is displayed on your profile page and search result card on the Member Directory.
</li>
</ul>
</li>
<li>
<strong>City:</strong>
<ul>
<li>
<strong>What this is:</strong>
The "City" field is a free-form text box and you can write as little or as much as you want.
It is not tied or validated to be location data and is not used to derive your location at all.
</li>
<li>
<strong>How it's used:</strong>
It is displayed on your profile page and search result card on the Member Directory.
</li>
</ul>
</li>
<li>
<strong>Job:</strong>
<ul>
<li>
<strong>How it's used:</strong>
It is displayed on your profile page only.
</li>
</ul>
</li>
<li>
<strong>(Sexual) Orientation:</strong>
<ul>
<li>
<strong>How it's used:</strong>
It is displayed on your profile page and search result card on the Member Directory.
Members may find you in search when filtering by orientation.
</li>
</ul>
</li>
<li>
<strong>Relationship Status:</strong>
<ul>
<li>
<strong>How it's used:</strong>
It is displayed on your profile page and search result card on the Member Directory.
Members may find you in search when filtering by relationship status.
</li>
</ul>
</li>
<li>
<strong>Relationship Type:</strong>
<ul>
<li>
<strong>What this is:</strong>
This is an optional qualifying field that describes your type of relationship:
monogamous, open.
</li>
<li>
<strong>How it's used:</strong>
It is displayed on your profile page and search result card on the Member Directory.
</li>
</ul>
</li>
<li>
<strong>About Me:</strong>
<ul>
<li>
<strong>What this is:</strong>
This is a free-form essay-style field where you can write a few sentences or
paragraphs about yourself.
</li>
<li>
<strong>How it's used:</strong>
It is displayed on your profile page only.
</li>
</ul>
</li>
<li>
<strong>Interests, Music/Movies:</strong>
<ul>
<li>
<strong>What this is:</strong>
These are free-form essay-style fields where you can write a few sentences or
paragraphs about yourself.
</li>
<li>
<strong>How it's used:</strong>
It is displayed on your profile page only.
</li>
</ul>
</li>
</ul>
<h3>Other User Information</h3>
<p>
This section covers other information that the website may store in relation to your user account.
</p>
<ul>
<li>
<strong>Messages (website)</strong>
<ul>
<li>
If you send or receive Direct Messages with other members on the website, these
are stored in the database. See <a href="#direct-messages">Direct Messages</a> for
in-depth information.
</li>
<li>
The <strong>chat room</strong> does not have any database storage at all and Direct
Messages on chat are not retained or stored.
</li>
</ul>
</li>
<li>
<strong>Likes</strong>
<ul>
<li>
As you click on "Like" buttons around the website, these are stored in the database
as sets of "user ID, table name, table ID" triplets (for example, to store an entry about
which photo ID or comment ID has been liked).
</li>
</ul>
</li>
<li>
<strong>Comments</strong> you have posted on forum threads or photos.
</li>
<li>
<strong>Friends, Blocks, &amp; Private Photo Grants</strong>
<ul>
<li>
Friend lists, blocked users, and private photo grants are stored in relationship tables
that associate a "source user ID" and "target user ID" to link the connection between
accounts with an implied direction (e.g.: private photos are granted to somebody, or shared
by somebody).
</li>
</ul>
</li>
<li>
<strong>Notifications &amp; Subscriptions</strong>
<ul>
<li>
Notifications are generated by user activity on the website, for example clicking the "Like"
button on a photo will notify the owner of that photo about the like. Each user account has
their own feed of notifications, shown only to themselves.
</li>
<li>
Subscriptions are comment threads that will notify other parties (other than the owner of the
thing being commented on) when further comments are added. Commenting on a photo or forum thread
will subscribe you to be notified about future comments (by other people) on that same thread. You
can opt-out of subscriptions using a link at the top of each comment thread, and the opt-out will
be remembered. Alternatively, you may also opt-in to comment threads that you did not comment on by
using the same link at the top of the thread.
</li>
</ul>
</li>
<li>
<strong>Forum Threads</strong>
<ul>
<li>
If you start a topic in the Forum, a Thread is created that holds some basic metadata
about your topic (such as its title or 'explicit' setting). Threads have an associated
"first comment" which is the message you wrote to start the thread.
</li>
</ul>
</li>
<li>
<strong>Polls &amp; Poll Votes</strong>
<ul>
<li>
Forum threads may support an attached poll. If you vote on a poll, your vote is recorded
in terms of your user ID to the poll ID and the choice you picked. Information about votes
is not displayed on the website front-end, and is only used to tally up the count of votes
for each of the presented options.
</li>
</ul>
</li>
<li>
<strong>User Notes</strong>
<ul>
<li>
Users may write private notes to themselves about one another, for example to
remember a topic that was discussed on the chat room. This data may be revealed to
the subject of the note as part of a Data Access Request.
</li>
</ul>
</li>
<li>
<strong>Feedback &amp; Reports</strong>
<ul>
<li>
{{PrettyTitle}} provides a feedback and reporting system so users may notify the site admin
about objectionable content or behavior they witness on the site. Feedback items often record
the user ID who posted the feedback, and a pointer to a user ID, photo ID, comment ID, or so on
depending on what the subject of the report was about. Feedback generated by or about a user will
be made available to that user as part of a Data Access Request.
</li>
</ul>
</li>
<li>
<strong>User Location</strong>
<ul>
<li>
{{PrettyTitle}} has one database table that stores up to a single geolocation for user
accounts. It is for the "Who's Nearby?" feature, which is <strong>opt-in</strong> and users
are given a choice of how they want to share their location: automatically based on your IP
address, via the Web Location API, or by dropping a pin on a map yourself to set your location
to anywhere you want.
</li>
<li>
The user location table stores up to <strong>one</strong> latitude/longitude coordinate for a user
account, with the precision truncated to 2 (two) decimal places to defend against triangulation attacks.
</li>
<li>
User locations are NOT revealed to other members on the site, only the rough distance away (to a resolution
of miles and kilometers).
</li>
<li>
No historical location data is collected: if a user refreshes their location, we update the
stored latitude/longitude to the new values.
</li>
<li>
Users may turn off the "Who's Nearby?" feature at any time, and their stored location data
is immediately erased from the database.
</li>
<li>
See more location-related details under "Device Information," below.
</li>
</ul>
</li>
<li>
<strong>Two Factor Authentication</strong>
<ul>
<li>
<strong>What it is:</strong>
Two-Factor Authentication (2FA) is an opt-in feature to help better protect user accounts,
by requiring an authentication device as part of the sign-in process in addition to your
account password. It uses the industry standard Time-based One-Time Password (TOTP) algorithm.
</li>
<li>
<strong>How it's secured:</strong>
The TOTP secret key (encoded in the QR code when you set up two-factor auth) is stored
<strong>encrypted at rest</strong> in the database to protect the secret in case of a database compromise.
Your one-time backup recovery codes are also stored, encrypted at rest in the database.
</li>
</ul>
</li>
</ul>
<h3>Device Information</h3>
<p>
This section covers how we use information about your device, such as your IP address.
</p>
<ul>
<li>
<strong>IP Address</strong>
<ul>
<li>
Your IP address may appear as part of standard web server logs as you access and browse the
website - for example in HTTP access logs captured by our <a href="https://nginx.org">NGINX</a>
reverse proxy server. These logs are NOT associated with any specific user account, and
rotate on a regular basis.
</li>
<li>
Your IP address is logged to your account during certain crucial account lifecycle events, such
as when your account is first created and when you upload your certification photo, for the
purpose of detecting abuse and fraud prevention.
</li>
<li>
While logged in to your account, a list of the distinct IP addresses you have logged in from is
recorded (date/time of first and last visit, count of visits). This is expressly for record keeping
purposes in case it can assist with law enforcement, and is not displayed on the website (even to
admin users).
<span class="tag is-success">As of: Apr 25 2024</span>
</li>
</ul>
</li>
<li>
<strong>IP Address-based Geolocation</strong>
<ul>
<li>
<strong>What this is:</strong>
Some features of {{PrettyTitle}} will use your coarse (city-level) location that is obtained
via an offline copy of the <a href="https://www.maxmind.com/en/home">Maxmind</a> GeoIP database which
resides on the server. Maxmind publishes the GeoIP database that contains lookup information for
all ranges of IP addresses on the Internet. {{PrettyTitle}} has an offline copy of this database
so that location lookups can happen locally, without your IP address being shared with any third
party.
</li>
<li>
<strong>How it is used:</strong>
Within the context of certain specific web requests to the site, your IP address is used
to look up coarse location information by using an offline copy of the Maxmind GeoIP database
which resides on the web server:
<ul>
<li>
When entering the chat room: the website will send you into the chat room with a
country flag emoji and your coarse location (to two levels of subdivision) to
display next to your username on chat. For example: "United States, Oregon" or
"Canada, British Columbia."
</li>
<li>
If you <strong>opt-in</strong> to share your location for the "Who's Nearby?"
feature to allow other members to search for you by distance, one of the available
options to provide your location is by using the GeoIP database which is based
on your IP address. Your location would then be updated when you visit the Member
Search Directory or your dashboard (home) page on the site.
</li>
</ul>
</li>
</ul>
</li>
<li>
<strong>Web Location API Geolocation</strong>
<ul>
<li>
<strong>What this is:</strong>
If you opt-in to share your location for the "Who's Nearby?" feature, one of your
choices how to share your location is to use the Web Location API, where nonshy.com
will ask your web browser for permission to access its location. This will often be
backed by a GPS device or WiFi-based location source on your device.
</li>
<li>
<strong>How it is used:</strong>
If you opt-in and choose to use this location source, the {{PrettyTitle}} website will
ask for your location <strong>only</strong> on your Location Settings page, when you
want to update or refresh your location. It is used for the "Who's Nearby?" feature to
allow you to locate other members by distance to yourself.
</li>
<li>
<strong>How you can control it:</strong>
You can visit your Location Settings at any time and opt-out of the "Who's Nearby?"
feature, or change your location source (e.g. to GeoIP based or drop a pin on a map
yourself). If you turn off "Who's Nearby?" your stored location data is immediately
erased from the server.
</li>
</ul>
</li>
</ul>
<h1 id="direct-messages">Direct Messages</h1>
<p>
Please behave honorably in your use of Direct Messages, whether on the main website or inside
the chat room. The global <a href="/tos">website rules</a> apply. {{PrettyTitle}} admins do NOT
regularly review the contents of your Direct Messages (your right to privacy is respected), however
if your conversation partner reports your message to the moderators we MAY look
at your message history to verify the report and take action if needed.
</p>
<p>
<strong>Especially important:</strong> do not break the law as it pertains to the United States
or California, where the web server resides, with your conduct in direct messages. Please do not
put the entire website at risk. Your photo WILL be included in the report to law enforcement if
it comes down to that.
</p>
<p>
We deploy software algorithms on the main website and chat room which will
automatically scan the contents of Direct Messages and collect URL links to websites shared or
flag messages based on keywords to detect egregious violations of the website's <a href="/tos">Terms of Service</a>.
</p>
<h3>DMs on the Website</h3>
<p>
Direct Messages on the main website are stored, <strong>not encrypted</strong>, in the database and
it is within the technical capabilities of site admins to review them if needed. We have safeguards
in place to deter admins from snooping without being detected: it triggers an e-mail alert to other
admins and the access is logged. Do NOT expect any guarantee of security or privacy in your Direct Message
conversations.
</p>
<p>
Website DMs allow plain text messages only. Picture sharing is NOT supported in DMs for (what should be) very obvious
reasons. We do not want users to store images on our web server that would be out of view of site
admins' ability to moderate the website. See <a href="#moderators">Moderators</a> for a description of
what website admins can access in the aim of ensuring the integrity of the platform and help protect
the site from legal risks created by our members.
</p>
<p>
Do NOT share URL links to websites which harbor or facilitate illegal content or activity.
</p>
<h3>DMs on the Chat Room</h3>
<p>
Direct Messages on the chat room are NOT stored persistently on the server. They are sent directly
back out to the recipient(s) as they come in.
</p>
<p>
DMs are NOT monitored by admins on the chat room: the software is not programmed to reveal them on
the front-end web page to moderators. However, they MAY be logged as part of the chat server's operation,
especially if the server is running in debug mode which may sometimes happen while a new feature is being
developed or a bug is being researched and fixed. The log file is NOT regularly monitored except when
debugging an issue.
</p>
<p>
Messages in general on the chat server are NOT end-to-end encrypted -- they are protected only by
standard website (https) encryption but the chat server sees them, momentarily as it may be, in plain
text.
</p>
<p>
Messages sent to your chat partner may be cached on their web browser page until they close the window
or refresh the chat. You may "take back" individual messages by clicking on the red
<i class="fa fa-rotate-left has-text-danger"></i> icon which will remove it from everyone else's screen
who saw that message. Deleting your DM thread only removes the thread from your view, but does not remove
the thread from your partner's view. This is communicated in a pop-up before you delete the DM thread.
</p>
<h1 id="email-addresses">Email Addresses</h1>
<p>
All members begin signup by verifying control of an e-mail inbox. On this website, your e-mail
address is used for the following purposes:
</p>
<ul>
<li>For logging in to your account (as an alternative to logging in using your username).</li>
<li>To deliver e-mail notifications or to get in touch with you if necessary (see below).</li>
</ul>
<p>
We will <strong>NOT</strong> sell your e-mail address or send you any spam or junk mail
and will <strong>NEVER</strong> do so in the future.
</p>
<h3>What kinds of e-mail messages we send</h3>
<p>
Currently the website only sends <strong>transactional</strong> e-mails (not marketing emails!)
in response to important actions on the website, including (exhaustively):
</p>
<ul>
<li>
Upon first sign-up we send an e-mail to verify you control the email address you are
signing up with. This message contains a link to click to verify you control that
e-mail inbox and resume signing up an account on this website.
</li>
<li>
If you have forgotten your password and request a password reset via e-mail, we will
send you a message to your e-mail inbox with a link to click to set a new password
for your account.
</li>
<li>
If you change your e-mail address in your settings, a message will be sent to the
new e-mail address to verify you control the new address.
</li>
<li>
When your Certification Photo is either approved or rejected by a site administrator,
you will receive a notification message to your e-mail inbox.
</li>
</ul>
<p>
In the future, the website MAY gain a feature to deliver a "daily digest" e-mail if you
have any pending friend requests or unread Direct Messages on this site. There will be
controls on your Settings page to control such a feature.
</p>
<h1 id="cookies">Cookies</h1>
<p>
This website uses <strong>functional cookies only</strong> and does not run any advertisements
or third-party trackers. The exhaustive list of website cookies and their use cases are as
follows:
</p>
<ul>
<li>
A <strong>session ID</strong> cookie to remember your login status as you browse the
website. This cookie holds a randomly generated unique value that corresponds to
server-side storage about the details of your login status. The server-side details
include, exhaustively: your login status (true/false), your user ID number, any temporary
"flashed" success or error messages (which appear at the tops of pages in green or red
banners on your next page load), and a "last seen" time stamp.
</li>
<li>
A cookie to protect against a <strong>cross site request forgery</strong>
(<a href="https://owasp.org/www-community/attacks/csrf" target="_blank">CSRF</a>) type
of cyber attack. This cookie holds a randomly generated unique value that helps protect
you from a rogue third-party website attempting to perform actions on behalf of your
account on this website.
</li>
</ul>
</div>
</div>
{{end}}