Discourse Meta Privacy


(Diego Barreiro) #1

Would be possible to get the Discourse Meta privacy template?
It fits the GDPR, and the 25th May will start in a few hours…


(Daniela) #2

Sure, here it is.

# Privacy Questions and Answers

This notice describes how [Civilized Discourse Construction Kit, Inc.](https://www.discourse.org/team), or CDCK for short, collects and uses data about you.

Jump to:

- [What is CDCK?](#heading--cdck)
- [How does CDCK collect data about me?](#heading--collection)
- [What data does CDCK collect about me, and why?](#heading--data)
- [How can I make choices about data collection?](#heading--choice)
- [Where does CDCK store data about me?](#heading--locality)
- [Does CDCK comply with the EU General Data Protection Regulation?](#heading--gdpr)
- [Where can I access data about me?](#heading--access)
- [How can I change or erase data about me?](#heading--change)
- [Does CDCK make automated decisions based on data about me?](#heading--automated-decisions)
- [Does CDCK share data about me with others?](#heading--sharing)
- [How can I contact CDCK about privacy?](#heading--contact)
- [What if this privacy notice changes?](#heading--changes)

<h2 id="heading--cdck">What is CDCK?</h2>

CDCK is the company home and primary developer of [Discourse](https://discourse.org), open source software for hosting Internet discussion forums.  As a company, CDCK hosts forums using Discourse for customers, as well as [meta.discourse.org](https://meta.discourse.org), a discussion forum about Discourse itself, and [rubytalk.org](https://rubytalk.org), a mirror of the `Ruby-Talk` mailing list for the Ruby programming language.

CDCK sets only its own privacy practices, not the privacy practices of CDCK customers or others who host Discourse forums for themselves or others.  You should ask all of those involved in administering and hosting Discourse forums that you use for information about their privacy practices.

<h2 id="heading--collection">How does CDCK collect data about me?</h2>

CDCK collects data about you:

- when you browse a forum that CDCK hosts

- when you create and use an account on a forum that CDCK hosts

- when you post, send private messages, and otherwise participate in a forum that CDCK hosts

CDCK collects data when you use forums that Discourse hosts, whether you use the forums using a web browser on your own computer, or use CDCK's Discourse apps for mobile devices.

CDCK does not buy or otherwise receive data about you from data brokers.

<h2 id="heading--data">What data does CDCK collect about me, and why?</h2>

<h3 id="heading--visit-data">CDCK collects data about visits to forums.</h3>

When you visit a forum that CDCK hosts, whether you have an account or not, the forum uses cookies, server logs, and other methods to collect data about what pages you visit and when.

CDCK uses data about how you use the website to:

- optimize the forum, so that it's quick and easy to use

- diagnose and debug technical errors

- defend the forum from abuse and technical attacks

- compile statistics on forum and topic popularity

- compile statistics on the kinds of software and computers visitors use

CDCK usually stores data about how you use the forum in identifiable form for just a few weeks.  In special circumstances, like extended investigations about technical attacks, CDCK may preserve log data longer, for analysis.  CDCK stores aggregate statistics about use of the forum for as long as CDCK hosts the forum, but those statistics don't include data identifiable to you personally.

<h3 id="heading--account-data">CDCK collects account data.</h3>

Many features of forums that CDCK hosts require a forum account.  For example, most forums that CDCK hosts require an account to post and reply to topics.

To sign up for a forum account, Discourse requires your name, a user name, and an e-mail address.

CDCK uses your account data to identify you on the forum, and to create pages specific to you, like your profile page.  If the forum is public, CDCK publishes your account data.  If the forum is access-restricted, CDCK makes your account data available to everyone who can access the forum, according to the forum administrator's configuration.

CDCK uses your e-mail address to:

- notify you about posts and other activity on the forum

- reset your password and help keep your account secure

- contact you in special circumstances related to your account

- contact you about legal requests, like DMCA takedown requests

You may provide additional data for your account, like a short biography, your location, or your birthday, on the profile settings page for your account.  CDCK makes that data available to others who can access the forum.  You don't have to provide this additional information, and you can erase it at any time.

CDCK stores your account data as long as your account remains open.

<h3 id="heading--forum-data">CDCK collects data about posts and other activity on the forum.</h3>

CDCK collects the content of your posts, plus data about bookmarks, likes, and links you follow in order to share that data with others, through the forum.  If the forum is public, CDCK publishes your activity.  If the forum is access-restricted, or access restrictions apply to the specific post, CDCK makes your activity available only to users permitted to see it.

CDCK also collects data about private messages that you send through the forum.  CDCK makes private messages available to senders and their recipients, and also to forum administrators.

CDCK stores your posts and other activity as long as your account remains open.

<h2 id="heading--choice">How can I make choices about data collection?</h2>

You can make choices about how data about is used on the settings page for your account.  When a forum uses access restrictions that vary by category, you can choose who will see your post by choosing the appropriate category.

CDCK does not respond to the [Do Not Track HTTP header](https://en.wikipedia.org/wiki/Do_Not_Track).

<h2 id="heading--locality">Where does CDCK store data about me?</h2>

Most forums that CDCK hosts store all data in CDCK's data center in San Jose, California, USA.  Some forums that CDCK hosts store data in data centers in multiple jurisdictions, such as the United States and the European Union.

<h2 id="heading--gdpr">Does CDCK comply with the EU General Data Protection Regulation?</h2>

CDCK respects privacy rights under [Regulation (EU) 2016/679](http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG), the European Union's General Data Protection Regulation (GDPR).  Information that GDPR requires CDCK to give can be found throughout this privacy notice.  So can information about specific rights, like [access](#heading--access), [rectification](#heading--change), [erasure](#heading--change), [data portability](#heading--access), and [objection to automated decision-making](#heading--automated-decisions).

<h2 id="heading--access">Where can I access data about me?</h2>

You can see your account data at any time by visiting your account page on the forum.  Your account page also lists your posts and other activity on the forum.

Your account activity page also includes a link to download all of your activity in standard [comma-separated values](https://en.wikipedia.org/wiki/Comma-separated_values) format.

<h2 id="heading--change">How can I change or erase data about me?</h2>

You can change your account data at any time by visiting the profile settings page for your account.  The settings for a particular forum may also allow you to close your account, on the settings page for your account.  Closing your account starts a process of erasing or anonymizing CDCK's records of data you provided for your account.  Forum administrators can also erase and anonymize accounts.

Depending on the settings for your particular forum, you may also be able to edit, anonymize, or erase your posts.  When you edit posts, CDCK will keep all versions of your posts.  Forum administrators can view old versions of posts, and optionally make them visible to other forum visitors.

<h2 id="heading--automated-decisions">Does CDCK make automated decisions based on data about me?</h2>

<h3 id="heading--spam">CDCK classifies posts as spam automatically.</h3>

CDCK uses data about your posts and other activity on many forums to make automated decisions about whether your posts to [meta.discourse.org](https://meta.discourse.org) and most forums that CDCK hosts are spam.  When [Akismet](#heading--sharing) decides that a post is likely spam, the forum refuses to accept the post.

If you think a post has been wrongly blocked or removed, contact an administrator of your forum.  They can override the decision that a post was spam.

<h3 id="heading--trust-levels">CDCK uses data about posts and activity to set trust levels automatically.</h3>

Depending on how administrators of your forum configure the forum, the forum may use data about your posts and activity to award you badges and calculate a trust level for your account.  Your trust level may affect how you can participate in the forum, such as whether you can upload images, as well as give you access to moderation and management powers in the forum.  Your trust level therefore reflects forum administrators' confidence in you, and their willingness to delegate community management functions, like moderation.

If you think your trust level has been set incorrectly, contact an administrator of your forum.  They can manually adjust the trust level of your account.

<h2 id="heading--sharing">Does CDCK share data about me with others?</h2>

CDCK shares account data with others as [mentioned in the section about account data](#heading--account-data).

CDCK shares data about your posts and other forum activity with others as [mentioned in the section about account data](#heading--forum-data).

Apart from making data available to the customer that pays CDCK to host a forum, CDCK does not sell or give information about you to other companies or services.  However, CDCK does use services from other companies on some forums that it hosts.  The companies behind those services may collect data about you on their own, for their own purposes.  Some of these services may be used to collect information about your online activities across different websites.  All of these services are based in the United States.

Service                           | Privacy Notice                                | Description 
----------------------------------|-----------------------------------------------|------------
[Akismet]     | <https://automattic.com/privacy/>             | [reduces spam posts](#heading--spam) on some forums
[Google Analytics]                | <https://www.google.com/analytics/terms/>     | Compiles visitor statistics on some forums, including [meta.discourse.org](https://meta.discourse.org). You can opt out of Google Analytics using a [browser extension](https://tools.google.com/dlpage/gaoptout).
[Amazon Web Services]             | <https://aws.amazon.com/privacy/>             | Provides cloud servers and services, in service regions across the world, to host and back up some forums.
[Digital Ocean]                   | <https://www.digitalocean.com/legal/privacy/> | Stores backups for many forums.
[Fastly]                          | <https://www.fastly.com/privacy>              | Provides a content delivery network of servers that host copies of content like images and website files, so that users around the world can download them quickly, from servers close to where they are.
[KeyCDN]                          | <https://www.keycdn.com/privacy>              | Provides a content delivery network.
[MaxCDN]                          | <https://www.maxcdn.com/legal/#pp>            | Provides a content delivery network.
[Apple Push Notification Service] | <https://www.apple.com/legal/privacy/>        | Sends push notifications to users of the Discourse iOS app.
[Google Cloud Messaging]          | <https://policies.google.com/privacy>         | Sends push notifications to users of the Discourse Android app.

[Akismet]: https://akismet.com/

[Google Analytics]: https://analytics.google.com/

[Amazon Web Services]: https://aws.amazon.com

[Digital Ocean]: https://www.digitalocean.com/

[Fastly]: https://cloud.google.com/

[KeyCDN]: https://www.keycdn.com/

[MaxCDN]: https://www.maxcdn.com/

[Apple Push Notification Service]: https://developer.apple.com/notifications/

[Google Cloud Messaging]: https://developers.google.com/cloud-messaging/

Other individuals and companies may also reuse data about you that CDCK publishes, such as your posts to public forums.

<h2 id="heading--contact">How can I contact CDCK about privacy?</h2>

You can send questions and complaints to:

Civilized Discourse Construction Kit, Inc
[team+privacy@discourse.org](mailto:team+privacy@discourse.org)

European Users with questions or complaints about GDPR compliance should also address CDCK's representative in the Union:

Mr Hanol Régis
Civilized Discourse Construction Kit, Inc.
[regis.hanol@discourse.org](mailto:regis.hanol@discourse.org)
105 Route des Pommiers
Centre UBIDOCA, 15232
St Martin Bellevue
74370 FILLIERE
FRANCE

For complaints under GDPR more generally, European Union users may lodge complaints with their local data protection supervisory authorities.

<h2 id="heading--changes">How can I find out about changes?</h2>

This version of CDCK's privacy questions and answers took effect May 1, 2018.

CDCK will post the next version at <https://meta.discourse.org/privacy>. CDCK may change how it announces changes in future versions.

In the meantime, CDCK may update [its contact information](#heading--contact) without announcing a change. Please refer to <https://meta.discourse.org/privacy> for the latest contact information at any time.

Modify it to adapt it to your site.


(Diego Barreiro) #3

Thanks! :+1:


We’ve made a “mix” between your privacy policy and the default one, and we now fit the GDPR

As I saw that your privacy is orientated to your company (product you “sell”) and not to the community only, I had to modify it a lot. And as I saw that some parts could be removed, I just joined the old one with the new GDPR sections


(Kane York) #4

Hello,

I was trying to read your privacy policy but I was blocked by some sort of “DMCA protection” thing. Could you try turning that off?


(Wolftune) #5

@barreeeiroo Can you share a markdown file with your combined version?


(Diego Barreiro) #6

Hi
Can you DM me with a screenshot of what do you see? The DMCA protection is only on our website and builder, not on the community :confused:


(Diego Barreiro) #7

Sure, here is it:

# Privacy Questions and Answers

This notice describes how [Makeroid Community](https://community.makeroid.io/about), collects and uses data about you.

**Jump to:**

- [What information do we collect?](#heading--collect)
- [What do we use your information for?](#heading--use)
- [How do we protect your information?](#heading--protect)
- [What is your data retention policy?](#heading--data-retention)
- [Do we use cookies?](#heading--cookies)
- [Do we disclose any information to outside parties?](#heading--disclose)
- [Third party links](#heading--third-party)
- [Children's Online Privacy Protection Act Compliance](#heading--coppa)
- [Online Privacy Policy Only](#heading--online)
<br>
- [Does Makeroid comply with the EU General Data Protection Regulation?](#heading--gdpr)
- [Where can I access data about me?](#heading--access)
- [How can I change or erase data about me?](#heading--change)
- [Does Makeroid make automated decisions based on data about me?](#heading--automated-decisions)
- [Does Makeroid share data about me with others?](#heading--sharing)
- [How can I contact Makeroid about privacy?](#heading--contact)
- [What if this privacy notice changes?](#heading--changes)
<br>
- [Your Consent](#heading--consent)
- [Changes to our Privacy Policy](#heading--changes)

---

<h2 id="heading--collect">What information do we collect?</h2>

We collect information from you when you register on our site and gather data when you participate in the forum by reading, writing, and evaluating the content shared here.

When registering on our site, you may be asked to enter your name and e-mail address. You may, however, visit our site without registering. Your e-mail address will be verified by an email containing a unique link. If that link is visited, we know that you control the e-mail address.

When registered and posting, we record the IP address that the post originated from. We also may retain server logs which include the IP address of every request to our server.

<h2 id="heading--use">What do we use your information for?</h2>

Any of the information we collect from you may be used in one of the following ways:

*   To personalize your experience &mdash; your information helps us to better respond to your individual needs.
*   To improve our site &mdash; we continually strive to improve our site offerings based on the information and feedback we receive from you.
*   To improve customer service &mdash; your information helps us to more effectively respond to your customer service requests and support needs.
*   To send periodic emails &mdash; The email address you provide may be used to send you information, notifications that you request about changes to topics or in response to your user name, respond to inquiries, and/or other requests or questions.

<h2 id="heading--protect">How do we protect your information?</h2>

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.

<h2 id="heading--data-retention">What is your data retention policy?</h2>

We will make a good faith effort to:

*   Retain server logs containing the IP address of all requests to this server no more than 90 days.
*   Retain the IP addresses associated with registered users and their posts no more than 5 years.

<h2 id="heading--cookies">Do we use cookies?</h2>

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.

We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

<h2 id="heading--disclose">Do we disclose any information to outside parties?</h2>

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

<h2 id="heading--third-party">Third party links</h2>

Occasionally, at our discretion, we may include or offer third party products or services on our site. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

<h2 id="heading--coppa">Children's Online Privacy Protection Act Compliance</h2>

Our site, products and services are all directed to people who are at least 13 years old or older. If this server is in the USA, and you are under the age of 13, per the requirements of COPPA ([Children's Online Privacy Protection Act](https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act)), do not use this site.

<h2 id="heading--online">Online Privacy Policy Only</h2>

This online privacy policy applies only to information collected through our site and not to information collected offline.

<br>

<h2 id="heading--gdpr">Does Makeroid comply with the EU General Data Protection Regulation?</h2>

Makeroid respects privacy rights under [Regulation (EU) 2016/679](http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG), the European Union's General Data Protection Regulation (GDPR).  Information that GDPR requires Makeroid to give can be found throughout this privacy notice.

<h2 id="heading--access">Where can I access data about me?</h2>

You can see your account data at any time by visiting your account page on the forum.  Your account page also lists your posts and other activity on the forum.

Your account activity page also includes a link to download all of your activity in standard [comma-separated values](https://en.wikipedia.org/wiki/Comma-separated_values) format.

<h2 id="heading--forgotten">How can I change or erase data about me?</h2>

You can change your account data at any time by visiting the profile settings page for your account.  The settings of this forum may also allow you to close your account, on the settings page for your account.  Closing your account starts a process of erasing or anonymizing Makeroid's records of data you provided for your account. Makeroid can also erase and anonymize accounts.

Depending on the settings of this forum, you may also be able to edit, anonymize, or erase your posts.  When you edit posts, Makeroid will keep all versions of your posts.  Forum administrators can view old versions of posts, and optionally make them visible to other forum visitors.

<h2 id="heading--automated-decisions">Does Makeroid make automated decisions based on data about me?</h2>

<h3 id="heading--spam">Makeroid classifies posts as spam automatically.</h3>

Makeroid uses data about your posts and other activity to make automated decisions about whether your posts to [community.makeroid.io](https://community.makeroid.io).  When [Akismet](#heading--sharing) decides that a post is likely spam, the forum refuses to accept the post.

If you think a post has been wrongly blocked or removed, contact an administrator of your forum.  They can override the decision that a post was spam.

<h3 id="heading--trust-levels">Makeroid uses data about posts and activity to set trust levels automatically.</h3>

Makeroid uses data about your posts and activity to award you badges and calculate a trust level for your account.  Your trust level may affect how you can participate in the forum, such as whether you can upload images, as well as give you access to moderation and management powers in the forum.  Your trust level therefore reflects forum administrators' confidence in you, and their willingness to delegate community management functions, like moderation.

If you think your trust level has been set incorrectly, contact an administrator of your forum.  They can manually adjust the trust level of your account.

<h2 id="heading--sharing">Does Makeroid share data about me with others?</h2>

Makeroid shares account data with others as [mentioned in the section about account data](#heading--account-data).

Makeroid shares data about your posts and other forum activity with others as [mentioned in the section about account data](#heading--forum-data).

Makeroid does not sell or give information about you to other companies or services.

Service                           | Privacy Notice                                | Description 
----------------------------------|-----------------------------------------------|------------
[Akismet]     | <https://automattic.com/privacy/>             | [reduces spam posts](#heading--spam)
[Google Analytics]                | <https://www.google.com/analytics/terms/>     | Compiles visitor statistics. You can opt out of Google Analytics using a [browser extension](https://tools.google.com/dlpage/gaoptout).
[ArubaCloud]              | <https://www.arubacloud.com/gdpr-data-protection-eu-regulation.aspx> | Hosts our community on their servers

[Akismet]: https://akismet.com/

[Google Analytics]: https://analytics.google.com/

[ArubaCloud]: https://arubacloud.com

Other individuals and companies may also reuse data about you that Makeroid publishes, such as your posts to public forums.

<h2 id="heading--contact">How can I contact Makeroid about privacy?</h2>

You can send questions and complaints to:

Makeroid
[privacy@makeroid.io](mailto:privacy@makeroid.io)

European Users with questions or complaints about GDPR compliance should also address Makeroid's representative in the Union:

_Diego Barreiro_
Makeroid
[diego@makeroid.io](mailto:diego@makeroid.io)

For complaints under GDPR more generally, European Union users may lodge complaints with their local data protection supervisory authorities.

<h2 id="heading--changes">How can I find out about changes?</h2>

This version of Makeroid's privacy questions and answers took effect May 25, 2018.

Makeroid will post the next version at <https://community.makeroid.io/privacy>. Makeroid may change how it announces changes in future versions.

In the meantime, Makeroid may update [its contact information](#heading--contact) without announcing a change. Please refer to <https://community.makeroid.io/privacy> for the latest contact information at any time.

<br>

<h2 id="heading--consent">Your Consent</h2>

By using our site, you consent to our web site privacy policy.

<h2 id="heading--changes">Changes to our Privacy Policy</h2>

If we decide to change our privacy policy, we will post those changes on this page.

This document is Copyrighted. It was last updated May 25, 2018.