contentdb/app/flatpages/privacy_policy.md

94 lines
3.7 KiB
Markdown
Raw Normal View History

2020-12-05 19:47:26 +01:00
title: Privacy Policy
## What Information is Collected
**All users:**
* HTTP requests are logged, with the following information:
* Time
* IP address
* Page URL
* Response status code
**With an account:**
* Email address
* Passwords (hashed and salted using BCrypt)
* Profile information, such as website URLs and donation URLs
* Comments and threads
2020-12-22 14:14:49 +01:00
* Audit log actions (such as edits and logins) and their time stamps
2020-12-05 19:47:26 +01:00
ContentDB collects usernames of content creators from the forums,
as this is required to index forum topics.
Packages, including releases, screenshots, and any meta information,
are not considered personal information.
Please avoid giving other personal information as we do not want it.
## How this information is used
* Logged HTTP requests may be used for debugging ContentDB.
* Email addresses are used to:
* Provide essential system messages, such as password resets.
* Send notifications - the user may configure this to their needs, including opting out.
* Passwords are used to authenticate the user.
2020-12-22 14:14:49 +01:00
* The audit log is used to record actions that may be harmful
2020-12-05 19:47:26 +01:00
* Other information is displayed as part of ContentDB's service.
## Who has access
* Only the admin has access to the HTTP requests.
The logs may be shared with others to aid in debugging, but care will be taken to remove any personal information.
2020-12-22 14:14:49 +01:00
* Encrypted backups may be shared with selected Minetest staff members (moderators + core devs).
The keys and the backups themselves are given to different people,
requiring at least two staff members to read a backup.
2020-12-05 19:47:26 +01:00
* Emails are visible to moderators and the admin.
They have access to assist users, and they are not permitted to share email addresses.
2020-12-22 14:14:49 +01:00
* Hashing protects passwords from being read whilst stored in the database or in backups.
2020-12-05 19:47:26 +01:00
* Profile information is public, including URLs and linked accounts.
* The visibility of comments depends on the visibility of threads.
They are either public, or visible only to the package author and editors.
2020-12-22 14:14:49 +01:00
* The complete audit log is visible to moderators.
Users may see their own audit log actions on their account settings page.
Owners, maintainers, and editors may be able to see the actions on a package in the future.
2020-12-05 19:47:26 +01:00
* We may be required to share information with law enforcement.
2020-12-22 14:14:49 +01:00
## Location
The ContentDB production server is currently located in Canada.
Backups are stored in the UK.
Encrypted backups may be stored in other countries, such as the US or EU.
By using this service, you give permission for the data to be moved as needed.
2020-12-05 19:47:26 +01:00
## Period of Retention
The server uses log rotation, meaning that any logged HTTP requests will be
forgotten within a few weeks.
Usernames may be kept indefinitely, but other user information will be deleted if
requested. See below.
## Removal Requests
2022-01-21 00:30:56 +01:00
Please [raise a report](https://content.minetest.net/report/?anon=0) if you
2020-12-05 19:47:26 +01:00
wish to remove your personal information.
ContentDB keeps a record of each username and forum topic on the forums,
for use in indexing mod/game topics. ContentDB also requires the use of a username
to uniquely identify a package. Therefore, an author cannot be removed completely
from ContentDB if they have any packages or mod/game topics on the forum.
If we are unable to remove your account for one of the above reasons, your user
account will instead be wiped and deactivated, ending up exactly like an author
who has not yet joined ContentDB. All personal information will be removed from the profile,
and any comments or threads will be deleted.
## Future Changes to Privacy Policy
We will alert any future changes to the privacy policy via email and
via notices on the ContentDB website.
By continuing to use this service, you agree to the privacy policy.