From 19308b645b4775b1657307788a7ac499274922e2 Mon Sep 17 00:00:00 2001
From: rubenwardy
Date: Sat, 5 Dec 2020 18:47:26 +0000
Subject: [PATCH] Add privacy policy
---
app/flatpages/privacy_policy.md | 82 +++++++++++++++++++++++++++++++
app/templates/base.html | 1 +
app/templates/users/register.html | 4 ++
3 files changed, 87 insertions(+)
create mode 100644 app/flatpages/privacy_policy.md
diff --git a/app/flatpages/privacy_policy.md b/app/flatpages/privacy_policy.md
new file mode 100644
index 0000000..2cec127
--- /dev/null
+++ b/app/flatpages/privacy_policy.md
@@ -0,0 +1,82 @@
+title: Privacy Policy
+
+## What Information is Collected
+
+**All users:**
+
+* HTTP requests are logged, with the following information:
+ * Time
+ * IP address
+ * Page URL
+ * Response status code
+
+**With an account:**
+
+* Email address
+* Passwords (hashed and salted using BCrypt)
+* Profile information, such as website URLs and donation URLs
+* Comments and threads
+
+ContentDB collects usernames of content creators from the forums,
+as this is required to index forum topics.
+
+Packages, including releases, screenshots, and any meta information,
+are not considered personal information.
+
+Please avoid giving other personal information as we do not want it.
+
+## How this information is used
+
+* Logged HTTP requests may be used for debugging ContentDB.
+* Email addresses are used to:
+ * Provide essential system messages, such as password resets.
+ * Send notifications - the user may configure this to their needs, including opting out.
+* Passwords are used to authenticate the user.
+* Other information is displayed as part of ContentDB's service.
+
+## Who has access
+
+* Only the admin has access to the HTTP requests.
+ The logs may be shared with others to aid in debugging, but care will be taken to remove any personal information.
+* Emails are visible to moderators and the admin.
+ They have access to assist users, and they are not permitted to share email addresses.
+* Hashing protects passwords from being read whilst stored.
+ Only the admin has access to the ContentDB server.
+* Profile information is public, including URLs and linked accounts.
+* The visibility of comments depends on the visibility of threads.
+ They are either public, or visible only to the package author and editors.
+* We may be required to share information with law enforcement.
+
+## Period of Retention
+
+The server uses log rotation, meaning that any logged HTTP requests will be
+forgotten within a few weeks.
+
+Users may remove their packages, which makes them invisible to all users, but
+they will remain in the database until deleted by the admin.
+
+Usernames may be kept indefinitely, but other user information will be deleted if
+requested. See below.
+
+## Removal Requests
+
+Please [raise a report](https://content.minetest.net/help/reporting/) if you
+wish to remove your personal information.
+
+ContentDB keeps a record of each username and forum topic on the forums,
+for use in indexing mod/game topics. ContentDB also requires the use of a username
+to uniquely identify a package. Therefore, an author cannot be removed completely
+from ContentDB if they have any packages or mod/game topics on the forum.
+
+If we are unable to remove your account for one of the above reasons, your user
+account will instead be wiped and deactivated, ending up exactly like an author
+who has not yet joined ContentDB. All personal information will be removed from the profile,
+and any comments or threads will be deleted.
+
+
+## Future Changes to Privacy Policy
+
+We will alert any future changes to the privacy policy via email and
+via notices on the ContentDB website.
+
+By continuing to use this service, you agree to the privacy policy.
diff --git a/app/templates/base.html b/app/templates/base.html
index 2b7f408..aa919ae 100644
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -172,6 +172,7 @@
GitHub |
{{ _("Help") }} |
{{ _("Policy and Guidance") }} |
+ {{ _("Privacy Policy") }} |
{{ _("Report / DMCA") }} |
{{ _("User List") }}
diff --git a/app/templates/users/register.html b/app/templates/users/register.html
index cb158bf..854c65e 100644
--- a/app/templates/users/register.html
+++ b/app/templates/users/register.html
@@ -26,6 +26,10 @@ Register
{{ suggested_password }}
+
+ Please read the {{ _("Privacy Policy") }}.
+
+
{# Submit button #}
{{ render_submit_field(form.submit, tabindex=180) }}