p.d-legal/content/docs/privacy-policy.md

72 lines
7.5 KiB
Markdown

# Privacy Policy
This privacy policy describes how Programming.Dev ("programming.dev", "we", "us", "our") collects, protects and uses information provided to us when you use our services including:
- Our websites such as programming.dev or bytes.programming.dev.
- APIs for our websites.
- Any other place we collect information from you and link this Privacy Policy.
By joining and contributing to our services, you acknowledge that it is running on early release software. Although we take reasonable precautions to maintain the security of personal data provided to us we cannot guarantee that the software is free from defect that will expose any or all of that personal data.
If you do not agree with all of our policies and practices, do not use our services. If you have any questions or concerns, contact us at info@programming.dev.
## Site Usage by Children:
All of our services are directed towards people who are at least 16 years old. We do not knowingly collect personal information from people under the age of 16. If you are under the age of 16, please do not use our services. If we learn that personal information from people who are less than 16 years old has been collected, we will deactivate the account and take reasonable measures to delete the data from our records.
## What do we use Your Information for?
Any information we collect from you may be used in the following ways:
- To provide the core functionality of our services such as being able to comment on other people's posts or subscribing to communities when you are logged in.
- To aid in moderation of our services, for example to detect vote manipulation.
- To send you information, notifications about other people interacting with your content or sending you messages, or notifications for new posts created, if you opt in to any of these options in the settings. We may also use it to respond to you about inquiries, and/or other requests or questions.
## What Information do we Collect?
**Account/Profile Information:**
- When creating an account on one of our services you may be asked to enter in a username and password. You may also enter additional information into optional fields such as: email, display name, profile picture, banner image, matrix ID, location, birthday, language, and biography.
- Currently (as of February 10, 2024), all of the optional fields are always listed publicly; your password and email is kept private.
**Service Provided User Actions:**
- On any of our services, when performing an action the date and time (during when the action is taken) is recorded in addition to saving the content and any media attachments (pictures and/or videos) alongside the performed action. All of this information is publicly available due to the nature of federation which uses the [ActivityPub protocol](https://en.wikipedia.org/wiki/ActivityPub). The actions made by users of our services is sent to other instances using the ActivityPub protocol and then stored on their servers so that they can display the actions correctly on their instances.
- Actions in the context of our provided services and Privacy Policy may include (not exhaustive):
1. Creating/editing a post or comment.
2. Voting/reacting on a post or comment.
3. Subscribing to a community or magazine.
**Direct Messages:**
- All direct messages sent are unencrypted and may be delivered to other servers if the user you are sending a message to is on a service other than one provided by us. We make a good faith effort to limit the access to direct messages to only authorized persons but other servers may fail to do so, so it is important to review who and what service you are sending messages to. Please keep in mind that operators of our services and any receiving services may view direct messages and that recipients may screenshot, copy, or otherwise re-share them so it is recommended to not share any sensitive information.
**IPs and Other Metadata:**
- When you log in, we may record the IP address you logged in from, the time and date you logged in at, as well as the name of your browser application. We also have server logs which include the IP address of every request to our server.
- Image embedded metadata [(Exif data)](https://en.wikipedia.org/wiki/Exif), on images hosted on our services are scrubbed/erased.
- Your IP address and email remains private to our services. However, due to the nature of federated services, all of your engagement (profile, posts, comments, messages, votes, etc.) on our services should be considered public and you are responsible for taking appropriate precautions in how you interact with our services. It is highly recommended that you do not share any publicly identifying information on our sites, products, or services.
## How do we Protect Your Information?
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. Among other things, your browser session, as well as the traffic between your applications and the API, are secured with SSL, and your password is hashed using a strong one-way algorithm. You may also enable two factor authentication to further protect your account.
## What is our Data Retention Policy?
We will make a good faith effort to:
- Retain server logs containing the IP address of all requests to this server, in so far as such logs are kept, no more than 1 day.
- Retain the IP addresses and name of your browser application associated with logins for no more than 1 day.
You may irreversibly delete your account at any time. However, this does not guarantee all instances will be notified or respect the deletion of your public data.
## Do we use Cookies?
We use cookies for specific functionalities, which includes Cloudflare clearance and JWT (JSON Web Token) authentication purposes.
- Cloudflare clearance: Cookies provided by Cloudflare to store the proof of passing a Cloudflare challenge.
- JWT: A token to allow you to access and interact with our services after logging in.
These cookies do not store personally identifiable information and are necessary for the proper functioning of our services. By continuing to use our services, you consent to the use of these essential cookies.
Please note that you can manage or disable cookies through your browser settings. However, disabling these essential cookies may impact the functionality and security of services.
## Do we Disclose Any Information to Outside Parties?
We do not sell, trade, or transfer your personal information to outside parties. This does not include trusted third parties who assist us in operating our services, so long as those parties agree to keep this information confidential.
Your public content may be downloaded by other servers using the [ActivityPub protocol](https://en.wikipedia.org/wiki/ActivityPub), as well as direct messages to the servers of the recipients.
When you log in to your account on a service not provided by us, it may access your public information as well as password when logging in.
## Do we Make Updates to This Privacy Policy?
We may update this privacy policy from time to time. When we do, we will change the "Last Updated" date and author at the top of the page to indicate the date and author of the most recent changes. If we make changes we may notify you by posting a notice of such changes or by sending you a notification. We encourage you to review this Privacy Policy periodically for any modifications.
## Contact Us
If you have questions or concerns about this Privacy Policy you should contact us at info@programming.dev.