Page MenuHome GnuPG
Files F22947988

No OneTemporary
Actions

View Options

diff --git a/web/privacy-policy.org b/web/privacy-policy.org
index 2864e50..d852bbb 100644
--- a/web/privacy-policy.org
+++ b/web/privacy-policy.org
@@ -1,188 +1,188 @@
#+TITLE: GnuPG - Privacy Policy
#+STARTUP: showall
#+SETUPFILE: "share/setup.inc"
* Privacy Policy
#+index: privacy policy
#+index: analytics
#+index: log files
The GnuPG project runs several web sites on different technical
platforms.
We do not track the use of these sites or store data of users except
to fulfill the user requested actions, to aid in fixing technical
problems and due to financial accounting requirements.
No data is ever shared with external parties unless explicitly
requested by the user. We use cookies only for session management
-without any personal data and at https://dev.gnupg.org to store the
+without any personal data and at =dev.gnupg.org= to store the
name of a registered user.
Find below details for all provided services; the responsible person
for data privacy can be found at the end of this page.
** Website www.gnupg.org
This website uses log files to identify problems with the site and to
monitor traffic. The raw log files are kept for a week and are then
deleted. For web analytic the data from the log files is anonymized
by truncating the IP addresses to 40 bit for IPv6 and 20 bits for IPv4
and send to another machine. Reports on the use of this site will
-always be fully anonymized and may be published at [[http://ambler.gnupg.org][one of our servers]].
+always be fully anonymized and may be published at one of our servers.
Neither the raw log files nor the anonymized data from the log files
are shared with anyone; however within the first week system
administrators have access to the log files to solve technical
problems. In exceptional cases stripped down copies of the log files
may be stored for longer to analyze problems spanning more than a
week. These copies are deleted as soon as the problem has been
solved.
** Donation system at www.gnupg.org
For the donation system we use several external payment processing
services and submit data entered by the user pertaining to the
donation. For bookkeeping and administrative needs we store and
process this data:
- The name of the user if given by the user. This is not shared with
the payment processing service.
- A contact mail address if given by the user. This is not be shared
with the payment processing service.
- A message text if given by the user. This is not be shared
with the payment processing service.
- The mail address or user name as returned by the payment processing
service.
- The amount of data.
- Transaction IDs.
The data is stored in a local data base and in donation log files.
Log files which are older than a week are encrypted in a way
that only the back office is able to decrypt them. Access to this data
is only granted to system administrators and staff responsible for the
donations. We do not share this information with anyone else. Data
will be deleted according to general bookkeeping rules. If the user
has opted for publication, we put the entered name on our donation
thanks page.
Our payment service providers are:
- PayPal for PayPal based donations. Click here for their [[https://www.paypal.com/webapps/mpp/ua/privacy-prev][privacy policy]].
- Stripe for credit card based donations. Click here for their
[[https://stripe.com/de/privacy][privacy policy]].
- - SEPA. This is not a real payment service; instead we send only
- a random number to the user which allows us to match the stored
- information with a receipt of payment.
+ - SEPA. This is not a real payment service; instead we send only a
+ random number to the user which allows us to match the stored
+ information with an actual payment.
** Mailing lists
The mailing list as listed at
https://lists.gnupg.org/mailman/listinfo/ are used for discussions
between users. Reading the archives of the mailing lists keeps no
personal data other then IP address as described above under
/Website/. Anyone may subscribe to a mailing list using a valid mail
address. This can be done using the web interface or by sending
special mail to the system. Unsubscribing is also a self-service
using the same web interface; a link to the web interface if shown in
the footer of all for warded mails.
We store the subscription mail address and a user given password and
optionally a name. The mail address is used to deliver mails to the
user and for no other purpose. The password is required for
unsubscribing or temporary disabling message delivering. The password
does not protect any personal information but protects against
malicious unsubscribing requests.
Users who want to post to the list send a mail through our mail system
(see below) which is then forwarded to all users and stored in a
public mail archive. All information send by the user is forwarded to
all users; this includes all information which are send in a standard
mail. The content of the mail is considered to be in the /public
domain/ with the exception of code snippets and patches which are
subject to their respective license. As a public visible service we
have no control whatsoever where these mails and the mail archives are
copied to. Thus it is not possible to retract a one posted message.
In exceptional cases and for illegal posted content we are able and
will redact a message stored in our mail archive. Please contact as
at the mail address five at the end of the page.
** Mailing system
All mails to gnupg.org and related sites are passing through our mail
servers. We keep log files for 10 days to analyze technical problems
and for spam prevention. The IP addresses and sender addresses of
incoming mails are compared to addresses we have on local black- and
whitelists. We also compare them using DNS based list of known
spamming addresses. All mail is conveyed using TLS encryption if
supported by the peer.
** FTP Server
The FTP server ftp.gnupg.org is similar to the Web server and can be
used to download files and other material. The logs are kept for 7
days and carry the IP address of the requested, the requested file and
an error code. For access analytic the same system and properties as
used by the web server are in place. All files on the FTP server are
also available via the more secure HTTPS protocol using the address
https://gnupg.org/ftp/ which is served by our web server.
** Git repository
This is a public service which carries all published code along with
the names and mail addresses of their authors. This is required for
technical and legal (copyright) reasons.
** Bug tracker dev.gnupg.org
The system https://dev.gnupg.org is a general purpose bug track er
which is in general visible to everyone. No registration is required
to view the public data, similar to the web server. To file a bug
report a user must be registered; this is only done to avoid misuse of
the server by spammer. A user who registered must provide a valid
mail address and an arbitrary name for his account. A user may
disable his own account but can't delete any data he entered into the
system. This is required for proper documentation and the overall
security of the software developed by the GnuPG project.
Only available to the administrators of the system are the IP
addresses and login times of the users. We need to keep them to help
preventing abuse of this public service. No such data is ever shared
with any 3rd party or used for other purposes.
All user entered content is considered to be in the /public domain/
with the exception of code snippets and patches which are subject to
their respective license.
# Fixme: We need to figure out properties of the log files etc.
** Responsible person for data protection
If you have any questions about our privacy policy or need to get
-information on the data strored about you, write to
+information on the data stored about you, write to
Werner Koch, =data-privacy at gnupg dot org= ([[file:share/data-privacy-key.asc][OpenPGP key]])\\
g10 Code GmbH\\
Hüttenstr. 61\\
40699 Erkrath\\
Germany
You can expect a response within a week. If exceptionally you don't
get a timely response please send a reminder or call us at the phone
number given in the [[file:imprint.org][imprint]].
** History
- 2018-05-18 :: Revamped the page. No actual policy changes.
- 2014-03-12 :: Removed the Piwik web analytics software and changed
the policy to allow for log file based analytics.
- 2013-11-07 :: Installed Piwik web analytics software and wrote a
privacy policy.
We have not been forced by any court order or other means not to obey
to the above rules.
diff --git a/web/share/data-privacy-key.asc b/web/share/data-privacy-key.asc
index f75eeb0..4cf9e39 100644
--- a/web/share/data-privacy-key.asc
+++ b/web/share/data-privacy-key.asc
@@ -1,38 +1,38 @@
pub rsa2048 2018-05-16 [SC] [expires: 2020-05-15]
DC3629A4DBD434211589A0E1EB6CA96502867BDA
-uid data-privacy@gnupg.org
+uid data-privacy at gnupg dot org
sub rsa2048 2018-05-16 [E]
AB9897AC6DAAB01680F6C8FFC36EBD049AEA1BAA
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFr72M0BCADzDmCPrvQWm/aObH6mGkPZdAtaiTTpHh0/okXcCSYdofjqXJe/
myBHj1eMZ5MO29+lahmDiwsb2v+JAxYzKc76DhBVv1Ee5/GmNH27bmERC2sS3KO6
pae43aXf1xsdOjXw0BthS1CZZ4MNukUzpUVeeo2GkThFy3v1HHzgTPUcGSzN7LUl
8X0+PyX+N0Y0S4sWsVOadyj0PokP/L8+zHnBQP3UkjBwahAEM9YQ2EDiUak1UK5S
4t50+q43vPikfohEDm/Tk0A6lU7Q3KUyIlS/rjwzPn/ZA1o02Xehyl3odp6aUFVB
D5xW98SF3PgYvgAxAMXx21PPnQ0Ai8W2oTgXABEBAAG0FmRhdGEtcHJpdmFjeUBn
bnVwZy5vcmeJAVQEEwECAD4WIQTcNimk29Q0IRWJoOHrbKllAoZ72gUCWvvYzQIb
AwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDrbKllAoZ72vKZCACD
X/4YuYxCliWF7Fla01K7fAcivl8XUiDHWDbvWL55bbN5wAcl+EmyGfVcQjprrR/N
8fXySBOZuBhm3d898APhKzqMrsKSnqnys2qfPtyA9Ft4FTQ81Py3Dq3n/ULIRdnd
Rd/5Q46b98o1KXE9Y291TqW5tKBGbC7QIVZ0avma44dlp43u/fjwoLccBN7AY0eW
KAKvcIh5qMpa3nXEvKzlUg3JBG4RfPxHWxeJYfX5H4ibipSIYbjsxFIs4L2wER/U
o46BdPC5rw2FuGSD8yKCdKRIsupqNP3Fkj5VUe4XwdU8OZZGnrSclsAX7xROoEkS
ZrjV0mZkfYW9PUv1P+SjuQENBFr72M0BCADCTuMKyGLoj5nmCmYHO9hOnGt3qVEF
9g4UvOIu/REl/gLNRFOcGqqmDyJjeo77syHqQVI98yc4JOr74tdPvr2rS22Hmuv3
CCcFhSDT32kV6l8eTgB5SB6Ap+q63OuFBwAEVnJqf5TzvYdGsGQSrFgoEinp1upa
E5tSknF0EEPrC+htDh845+YtAXPcDcIvZZHb6irG629Jl6BgnNJaL2xHxxtcLm6H
g92PACiOVmdThTk15PKDAznYtHmxu5jRUF5+KWT/E6N8FFr6aYRvPK7KctRRDJMm
fqijnsXvELZav5MBnW27cnGL5nTjYXEdzFOLghAT2qotyJjmjOVIvqF5ABEBAAGJ
ATYEGAECACAWIQTcNimk29Q0IRWJoOHrbKllAoZ72gUCWvvYzQIbDAAKCRDrbKll
AoZ72rwpB/9bHDd3h3M7+2IEnl4WnbMUUTN6TiGc+vBulNPnTjeOp2+6p+j79HYD
LPrOZo4nYz0GBwbWe91W8p9li5VYAs2WLXnJ1nLfll/mrA6OxWLwW7VotSeFLInz
vxPGlLbI6mEJ3L6PyLNCd6buGEIyVoJNkUAVSOjuVby1BZJftItWH3q5drTLkQzg
mJ8h+ctQxDkn0UD4LWzEmE55ieLH0ySnVzY7nOzGtcE/IjzgtuRllkoNZmc22VOk
EvTeR84kdIntwk6nb2St8qMnN9ea81/iDNSCt9xkz/HMN5WAjLTYqr7LSQrUTae1
/r7eE98xbr4BrOpjQOefGkVreSPcJHT9
=Fr5h
-----END PGP PUBLIC KEY BLOCK-----

File Metadata

Mime Type
text/x-diff
Expires
Sat, May 10, 8:48 AM (1 d, 20 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
78/42/f0d7be5c519eef4e14de951979d9

Event Timeline