This repository has been archived on 2022-08-26. You can view files and clone it, but cannot push or open issues or pull requests.
gosocial/web/templates/privacy.html

214 lines
9.7 KiB
HTML

{{define "title"}}Privacy Policy{{end}}
{{define "content"}}
<div class="block">
<section class="hero is-light is-bold">
<div class="hero-body">
<div class="container">
<h1 class="title">Privacy Policy</h1>
</div>
</div>
</section>
</div>
<div class="block p-4">
<div class="content">
<p>
This page describes the treatment of your data and privacy-related aspects of this website.
</p>
<p>
We reserve the right to update this page in the future. Here at {{PrettyTitle}} we are
committed to respecting user privacy and are morally opposed to all of the shady tracking
and selling of user data that goes on with other websites. We will not sell your information
(including your e-mail address) and any kind of analytics software that may be added in the
future will be "self-hosted" with your data never leaving our servers.
</p>
<p>
This page was last updated on <strong>August 15, 2022.</strong>
</p>
<p>
<em>
Any use of the word "we" on this page refers to the royal we; as this website is
actually run by just one very passionate software engineer.
</em>
</p>
<h1>Website Privacy Features</h1>
<p>
Members of this website have the following features available in their settings to control
their privacy from other members of the site:
</p>
<ul>
<li>
Profile photos have visibility settings including Public, Friends-only or Private:
<ul>
<li>
<strong>Public</strong> photos will appear on your profile page to any logged-in
member of the website, except for members who you have blocked.
</li>
<li>
<strong>Friends-only</strong> photos will only appear to members who you have
accepted a friend request from, or members who have accepted a friend request
that was sent by you ("friends").
</li>
<li>
<strong>Private</strong> photos are visible only to yourself and any members
for whom you have unlocked your private photos. You may also revoke access to
your private photos after you had granted a member access.
</li>
</ul>
</li>
</ul>
<h3>Site-Wide Photo Gallery</h3>
<p>
One of the features of the website is the "Site Gallery" which features <strong>public</strong>
photos of all members who have opted those photos to appear in the <strong>Gallery</strong>.
</p>
<p>
When you are uploading or editing a photo, there is a checkbox labeled "Gallery" where you
can opt your photo in (or out) of the Site Gallery. Only <strong>public</strong> photos will
ever appear on the Site Gallery (never private or friends-only photos). You are also able to
<em>exclude</em> a public photo from the Site Gallery by unchecking the "Gallery" box on that
photo.
</p>
<h3>Deletion of User Data</h3>
<p>
When you delete your data (including photos) from this website, it will <strong>really</strong>
be deleted. This website is currently run as a "passion project" on the owner's own budget and
web hosting costs can get expensive when a website grows popular! So your deleted photos are
<em>actually</em> removed from the server hard drive. You can verify this for yourself by
right-clicking and "Open image in a new tab" in your browser, delete it, and refresh the other
tab and see that the image URL no longer exists!
</p>
<p>
Members are free to <a href="/account/delete">delete their accounts</a> and your data will be
<em>scrubbed</em> from the server: your photos deleted and all database records about your
account (including your profile data, direct messages, forum posts, comments, and so on) are
removed. This is for full compliance with privacy regulations such as GDPR and CCPA.
</p>
<h3>Moderators</h3>
<p>
To help enforce community standards, website administrators are able to access ANY user photo.
Specifically, this will include the following photos:
</p>
<ul>
<li>All photos uploaded to your Profile Page, including private and friends-only photos.</li>
<li>Any photo uploaded onto the Forums.</li>
</ul>
<p>
The contents of your Direct Messages are NOT regularly reviewed by site administrators. Your
privacy is respected in one-on-one chats with others. However, if a user reports your message
for violating the <a href="/tos">Terms of Use</a> the messages may be reviewed by an
administrator to verify the report and take action as needed.
</p>
<h1>Email Addresses</h1>
<p>
All members begin signup by verifying control of an e-mail inbox. On this website, your e-mail
address is used for the following purposes:
</p>
<ul>
<li>For logging in to your account (as an alternative to logging in using your username).</li>
<li>To deliver e-mail notifications or to get in touch with you if necessary (see below).</li>
</ul>
<p>
We will <strong>NOT</strong> sell your e-mail address or send you any spam or junk mail
and will <strong>NEVER</strong> do so in the future.
</p>
<h3>What kinds of e-mail messages we send</h3>
<p>
Currently the website only sends <strong>transactional</strong> e-mails (not marketing emails!)
in response to important actions on the website, including (exhaustively):
</p>
<ul>
<li>
Upon first sign-up we send an e-mail to verify you control the email address you are
signing up with. This message contains a link to click to verify you control that
e-mail inbox and resume signing up an account on this website.
</li>
<li>
If you have forgotten your password and request a password reset via e-mail, we will
send you a message to your e-mail inbox with a link to click to set a new password
for your account.
</li>
<li>
If you change your e-mail address in your settings, a message will be sent to the
new e-mail address to verify you control the new address.
</li>
<li>
When your Certification Photo is either approved or rejected by a site administrator,
you will receive a notification message to your e-mail inbox.
</li>
</ul>
<p>
In the future, the website MAY gain a feature to deliver a "daily digest" e-mail if you
have any pending friend requests or unread Direct Messages on this site. There will be
controls on your Settings page to control such a feature.
</p>
<h1>Cookies</h1>
<p>
This website uses <strong>functional cookies only</strong> and does not run any advertisements
or third-party trackers. The exhaustive list of website cookies and their use cases are as
follows:
</p>
<ul>
<li>
A <strong>session ID</strong> cookie to remember your login status as you browse the
website. This cookie holds a randomly generated unique value that corresponds to
server-side storage about the details of your login status. The server-side details
include, exhaustively: your login status (true/false), your user ID number, any temporary
"flashed" success or error messages (which appear at the tops of pages in green or red
banners on your next page load), and a "last seen" time stamp.
</li>
<li>
A cookie to protect against a <strong>cross site request forgery</strong>
(<a href="https://owasp.org/www-community/attacks/csrf" target="_blank">CSRF</a>) type
of cyber attack. This cookie holds a randomly generated unique value that helps protect
you from a rogue third-party website attempting to perform actions on behalf of your
account on this website.
</li>
</ul>
<h3>Analytics Software</h3>
<p>
In the future we MAY deploy self-hosted analytics software to help understand how the
website is being used and identify any pain points that users may be running into. This
would probably be <a href="https://matomo.org/" target="_blank">Matomo analytics</a>,
a free and open source program that would run on the same web servers as this website,
so that analytics data does NOT leave this site and go to a third party such as Google
or Facebook.
</p>
<p>
The author of this website is a privacy &amp; security nut and he respects <em>your</em>
privacy as well. Matomo Analytics is GDPR compliant, automatically respects your web
browser's "Do Not Track" header and can be opted out of.
</p>
</div>
</div>
{{end}}