chir.rs/api
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Wiki Activity

feat: Add privacy policy and TOS

Browse source 
this fixes #3
This commit is contained in:
Charlotte 🦝 Delenk 2022-03-17 11:42:27 +01:00
parent ae5b2fefda
commit f8854167d8
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
3 changed files with 133 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
api/requestBodies/AuthMessage2FABare.yaml
View file

@ -1,4 +1,4 @@
decription: Bare Ed25519 2FA step
description: Bare Ed25519 2FA step
content:
application/json: &body
schema:

97
docs/privacy-policy.md Normal file
View file

@ -0,0 +1,97 @@
# PRIVACY POLICY
Last updated 2022-03-17
This privacy policy describes our privacy policy, which goes into effect on 2022-03-17 and was last updated on 2022-03-17.
This document describes what, how, and why we collect, store, use and share (“process”) your information when you use our services.
## 1. What information do we collect?
### Personal information you disclose to us
We collect personal information that you voluntarily provide to us when you register on the Services, or contact us. In particular we collect the following information:
- email addresses
- usernames
- Your name, if you send us an email.
- Parameters of your multi-factor authentication devices, such as the protocol it uses or the public key.
We do not process sensitive information.
### Personal information other disclose to us
Other users may submit user-generated content to the Services. These are typically free-form data, such as comments, posts, and messages.
If you find that another user has posted personal information about you, you can report the infringing content to us.
## 2. How do we process your information?
We process your personal information for the following purposes:
- To allow you to register and log in to the Services.
- To respond to user inquiries
- To attest to connected services, that you have logged in
- To enable user-to-user communications
## 3. What legal basis does our processing rely on?
We process your data entirely on consent. As described below, you can withdraw your consent at any time.
## 4. when and with whom do we share your information?
We may need to share your personal information (username) in the following situations:
- We share your personal information to other users, if you publish public user-generated content, or user-generated content shared with other users.
- We publish your username in a protected form to the public, so that other users and approved third parties can verify your identity.
## 5. how long do we keep your information?
We keep your personal information for as long as you have an account with us.
The only exception is the aforementioned protected username, which is stored indefinitely, because it is stored in an append-only “transparency log”.
## 6. How do we protect your information?
We have implemented appropriate and reasonable technical security measures to protect the aforementioned personal information from unauthorized access, use, disclosure, modification, or destruction.
Private or shared data is encrypted on your device and sent to us over a secure connection. We are unable to access the contents of such data, and neither is an attacker.
## 7. What are your privacy rights?
### The right to access
A user can request a copy of all information we have about them.
### The right to rectification
A user can request change of personal information. Most of the time this is possible to do via the provided interface. Currently it is not possible to change the username.
### The right to erasure
A user can request erasure of personal information. This is possible to do via the provided interface.
### The right to restrict processing
This is currently only possible by deleting the personal information in question.
### The Right to Data Portability
This is currently only possible by requesting a copy of all information we have about you.
## 8. Controls for do-not-track features
We honor Do-Not-Track browser signals or operating system settings, by simply not performing tracking on anyone.
## 9. Non-EU Users
This privacy policy applies to all users, from every country.
If your legislation has a stricter privacy law, please contact us.
## 10. Updates to this privacy policy
We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on the Services.
If changes affect your privacy negatively, you will have to re-consent to the new policy.
## 11. Contact us
For privacy-related questions, please email lotte@chir.rs.

35
docs/tos.md Normal file
View file

@ -0,0 +1,35 @@
# Terms of Service
LAST UPDATED: 2022-03-17
Please read the following Terms of Service (“Terms”) carefully before using the [https://chir.rs/](chir.rs) website and associated services (“Services”).
Footnotes are provided to explain why each clause is included in the Terms and what it means for you as a customer.
Keep in mind that these are only provided for your convenience and that they are not part of the Terms.
## 1. Terms
1. These Terms are a legally binding agreement between you and [https://chir.rs/](chir.rs) (“Service”, “we”, “us”, or “our”).[^1] This agreement covers all of our Services.
2. The contract is defined in Section 1 (Terms), with footnotes excluded. Other parts of this are supplemental information, provided for your convenience only.[^2]
3. We may require agreement to these Terms of Service to access our Service, or parts thereof.[^3]
4. You agree to follow the laws of Germany when using our Service.[^4]
5. We may terminate this agreement at any time, for any reason, including no reason.[^5]
6. You can terminate this agreement at any time, for any reason, by deleting your account if applicable, and ceasing the use of this Service.[^6]
7. You acknowledge that our Service contains User-Generated Content (UGC) that is not created by us. You agree that legal infringements in such content is not supported by us, and that you report the infringing content to us first. [^7]
8. If a clause in this agreement is deemed invalid, the invalidity of the clause will not affect the validity of the remaining clauses.[^8]
9. You agree to be at least 16 years old, or have written consent from your legal guardian, to use our Service.[^9]
10. You are required to ensure confidentiality of your password. You are responsible for all actions done by your account, even in the event that this confidentiality is breached.
[^1]: This part requires a bit of backstory. In Germany, a court has ruled that Terms of Service are a legally binding contract. We however dont want either us nor you to be held legally liable for infringement of these terms.
[^2]: This limits the scope of the Terms to be as concise as legally possible.
[^3]: This is primarily for authenticated functionality.
[^4]: Our jurisdiction is in Germany. Germany has specific laws that limit sharing hate and misinformation. In particular:
1. You are not allowed to share symbols or propaganda materials of unconstitutional organizations, such as the NSDAP, KPD, ISIS, and YPG. (§86, §86a StGB)
2. You are not allowed to incite hatred against protected groups, or violate their human dignity (§130 (1) StGB).
3. You are not allowed to approve of, deny or downplay the crimes against humanity committed by the Nazis (§130 (3) StGB).
[^5]: This clause exists for two reasons.
1. It avoids putting the rules and moderation guidelines in a legally binding contract
2. It allows us to take action against trolls that post content that *almost* violates the terms.
[^6]: You can find out how to terminate your account in the privacy policy.
[^7]: This says that you should report any content that you believe violates the law, instead of suing us in court.
[^8]: In cases where a clause is not consistent with the law, only that clause will not apply.
[^9]: We are not allowed to collect personal data from under-16 year olds.