Privacy policy

Version: July 7, 2018, 12:47 p.m.

DG Comunity Privacy Notice

Please read this document carefully before accessing or using this service!

Introduction

English, Not Legalese

Most Terms of Use and Privacy Policy documents are unreadable. They are written by lawyers and for lawyers, and in our opinion are not very effective.

Data privacy is important, and we want you to understand the issues involved. For that reason we decided to use plain English instead as much as possible, to make our terms as clear as possible. Some sections still have room for improvement - we plan to tackle these over time.

When you read ‘dobergroup.org.ua’ or ‘the Service’ below, it refers to the services made available at dobergroup.org.ua which store your account and created content, provide services, and communicate via the federation protocols with the rest of the federated social web (which consists of hundreds of other servers).

Where you read DG Comunity or we or us below, it refers to the maintainers of dobergroup.org.ua. This agreement does not apply to Socialhome servers run by anyone else - the federated social web is an open network like the Web and this agreement only applies to the server (dobergroup.org.ua) provided by DG Comunity.

If this agreement is not acceptable, please use a Socialhome server provided by someone else!

DG Comunity is the Data Controller for the Service. We can be contacted as per the details below:

Email: info@dobergroup.org.ua

Should you have other questions or concerns about this document, please send us an email.

Using The Service Means Accepting These Terms

By accessing or using the Service in any way, whether you have created a Socialhome account on the dobergroup.org.ua server, or whether you are accessing content federated from the dobergroup.org.ua server to another Socialhome or other federated social web server, or are just browsing content as an unauthenticated guest, you agree to and are bound by the terms and conditions written in this document.

If you do not agree to all of the terms and conditions contained in this document, please use a Socialhome server provided by someone else and refrain from accessing content federated from this server.

This Is a Living Document

This is a living document. With your help, we want to make it the best in the industry.

If you read something that rubs you the wrong way, or if you think of something that should be added, please get in touch! We’re all ears! Email info@dobergroup.org.ua and we’ll chat.

We don’t amend this document for any specific users or use case, but if your proposed changes apply to all of our users, we’ll be happy to update it for everyone.

We will likely improve this document over time. By continuing to use the Service, you will implicitly accept the changes we make.

Your access and use of the Service is always subject to the most current version of this document.

Access to Your Data / Privacy Policy

What is the legal basis for processing my data and how does this affect my rights under GDPR (General Data Protection Regulation)?

Legal Basis for Processing

DG Comunity processes your data under Legitimate Interest. This means that we process your data only as necessary to deliver the Service, and in a manner that you understand and expect.

The Legitimate Interest of our Service is the provision of decentralised and openly-federated communication services. The processing of user data we undertake is necessary to provide the Service. The nature of the Service and its implementation results in some caveats concerning this processing, particularly in terms of GDPR Article 17 Right to Erasure (Right to be Forgotten). We believe these caveats (discussed in the section below in detail) are in line with the broader societal interests served by providing the Service.

In situations where the interests of the individual appear to be in conflict with the broader societal interests, we will seek to reconcile those differences guided by our policy.

Right to Erasure

You can request that we forget your copy of content and files by instructing us to delete your account from account settings. What happens next depends on who else had access to the content and files you had shared.

Any content or files that were only accessible by your account will be deleted from our servers within 30 days.

Where you shared content or files with another user on another server, that user could still have access to their copy of the content or files. We will send out a revocation message for the content and files you have requested to be deleted to all other servers in the federated social web that we have reason to believe have received your content or files. It is impossible for us however to guarantee that the servers will receive this delete request or that they will honour it and delete your content or files they have stored on their server. Under no situation is DG Comunity responsible if content or files deleted on our server remain available on another server.

Data Portability

Under GDPR you have a right to request a copy of your data in a commonly-accepted format. You can export your data, including your profile, created content and uploaded files from the account settings page. The export is available in JSON format.

Your Rights as Data Subject

You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. Some of these rights are explored in more detail elsewhere in this document. For completeness, your rights under GDPR are:

What Information Do You Collect About Me and Why?

The information we collect is purely for the purpose of providing your communication service via Socialhome. We do not profile users or their data on the Service.

Be aware that while we do not profile users on the Service, Socialhome clients or other servers in the federated web may gather usage data.

Information you provide to us:

We collect information about you when you input it into the Service or otherwise provide it directly to us.

Account and Profile Information

We collect information about you when you register for an account. This information is kept to a minimum on purpose, and is restricted to:

Your username and password is used to authenticate your access to the Service and to uniquely identify you within the Service.

We will use your email address to let you reset your password if you forget it, and to send you notifications from the Service. We may also send you infrequent messages about platform updates. We will not use your email for marketing purposes.

Content you provide through using the Service

We store and distribute the content and files you share using the Service (and across the wider federated social web) as described by the Diaspora and ActivityPub protocols, and according to the access rules configured within the system. Storing and sharing this content is the reason the Service exists.

This content includes any information about yourself that you choose to share.

Information we collect automatically as you use the service:

Device and Connection Information

When you access the Service, we may record details about your device (like operating system, browser and versions), the IP address it used to connect, user agent, and the time at which the access happened.

This information is gathered for debugging purposes only in webserver logs. Our logs are kept for not longer than 180 days.

What Information is Shared With Third Parties and Why?

Sharing Data with Connected Services

The dobergroup.org.ua server is a decentralised and open service. This means that, to support communication between users on different servers or different platforms, your username, display name and content and files are sometimes shared with other services that are connected with the dobergroup.org.ua server.

Federation

Socialhome servers share user data with the wider ecosystem over federation.

Visibility levels:

Federated servers which respect the federation protocols are asked to honour these controls and redaction/erasure requests, but other federated servers are outside of the span of control of DG Comunity, and we cannot guarantee how this data will be processed. Federated servers can also be located in any territory, and will be subject to the local regulations of that territory. If the way in which data is shared is not acceptable to you, please use a different server or service.

Sharing Data in Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights

In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to

(a) comply with any applicable law, regulation, legal process or governmental request,

(b) protect the security or integrity of our products and services (e.g. for a security audit),

(c) protect DG Comunity and our users from harm or illegal activities, or

(d) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the serious bodily harm of any person.

How Do You Handle Passwords?

We never store password data in plain text; instead they are stored hashed.

It is your sole responsibility to keep your user name, password and other sensitive information confidential. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including service termination, civil and criminal penalties.

If you become aware of any unauthorized use of your account or any other breach of security, you must notify DG Comunity immediately by sending an email to info@dobergroup.org.ua.

If you forget your password you can use the password reset facility to reset it.

We will never change a password for you.

Our Commitment to Children’s Privacy

We never knowingly collect or maintain information in the Service from those we know are under 16, and no part of the Service is structured to attract anyone under 16. If you are under 16, please do not use the Service.

How Can I Access or Correct My Information?

You can access and modify all your personally identifiable information that we collect from the profile and account pages in the Service. You can also download a copy of all your data as per section 2.1.3.

Who Can See My Messages and Files?

Users connecting to the dobergroup.org.ua server (directly or over federation) will be able to see content and files according to the visibility setting of the particular content. This data is stored in the format it was received on our servers, and can be viewed by DG Comunity engineers (employees and contractors) under the conditions outlined below.

We use HTTPS to transfer all data.

What Are the Guidelines DG Comunity Follows When Accessing My Data?

What Should I Do If I Find a Security Vulnerability in the Service?

If you have discovered a security concern, please email us at info@dobergroup.org.ua. We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concern.

Please act in good faith towards our users’ privacy and data during your disclosure. White hat security researchers are always appreciated.

Making a Complaint

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at info@dobergroup.org.ua if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

Document Notes

A note on source: this document was copied from Matrix.org’s plain English privacy policy document. We were impressed by their championing of plain English, and wanted to have the same in our own legal documentation. Feel free to draw similar inspiration from this document, though be sure to get any documents you produce checked over by a lawyer. Good luck!