diff --git a/web/privacy-policy.org b/web/privacy-policy.org index 2864e50..d852bbb 100644 --- a/web/privacy-policy.org +++ b/web/privacy-policy.org @@ -1,188 +1,188 @@ #+TITLE: GnuPG - Privacy Policy #+STARTUP: showall #+SETUPFILE: "share/setup.inc" * Privacy Policy #+index: privacy policy #+index: analytics #+index: log files The GnuPG project runs several web sites on different technical platforms. We do not track the use of these sites or store data of users except to fulfill the user requested actions, to aid in fixing technical problems and due to financial accounting requirements. No data is ever shared with external parties unless explicitly requested by the user. We use cookies only for session management -without any personal data and at https://dev.gnupg.org to store the +without any personal data and at =dev.gnupg.org= to store the name of a registered user. Find below details for all provided services; the responsible person for data privacy can be found at the end of this page. ** Website www.gnupg.org This website uses log files to identify problems with the site and to monitor traffic. The raw log files are kept for a week and are then deleted. For web analytic the data from the log files is anonymized by truncating the IP addresses to 40 bit for IPv6 and 20 bits for IPv4 and send to another machine. Reports on the use of this site will -always be fully anonymized and may be published at [[http://ambler.gnupg.org][one of our servers]]. +always be fully anonymized and may be published at one of our servers. Neither the raw log files nor the anonymized data from the log files are shared with anyone; however within the first week system administrators have access to the log files to solve technical problems. In exceptional cases stripped down copies of the log files may be stored for longer to analyze problems spanning more than a week. These copies are deleted as soon as the problem has been solved. ** Donation system at www.gnupg.org For the donation system we use several external payment processing services and submit data entered by the user pertaining to the donation. For bookkeeping and administrative needs we store and process this data: - The name of the user if given by the user. This is not shared with the payment processing service. - A contact mail address if given by the user. This is not be shared with the payment processing service. - A message text if given by the user. This is not be shared with the payment processing service. - The mail address or user name as returned by the payment processing service. - The amount of data. - Transaction IDs. The data is stored in a local data base and in donation log files. Log files which are older than a week are encrypted in a way that only the back office is able to decrypt them. Access to this data is only granted to system administrators and staff responsible for the donations. We do not share this information with anyone else. Data will be deleted according to general bookkeeping rules. If the user has opted for publication, we put the entered name on our donation thanks page. Our payment service providers are: - PayPal for PayPal based donations. Click here for their [[https://www.paypal.com/webapps/mpp/ua/privacy-prev][privacy policy]]. - Stripe for credit card based donations. Click here for their [[https://stripe.com/de/privacy][privacy policy]]. - - SEPA. This is not a real payment service; instead we send only - a random number to the user which allows us to match the stored - information with a receipt of payment. + - SEPA. This is not a real payment service; instead we send only a + random number to the user which allows us to match the stored + information with an actual payment. ** Mailing lists The mailing list as listed at https://lists.gnupg.org/mailman/listinfo/ are used for discussions between users. Reading the archives of the mailing lists keeps no personal data other then IP address as described above under /Website/. Anyone may subscribe to a mailing list using a valid mail address. This can be done using the web interface or by sending special mail to the system. Unsubscribing is also a self-service using the same web interface; a link to the web interface if shown in the footer of all for warded mails. We store the subscription mail address and a user given password and optionally a name. The mail address is used to deliver mails to the user and for no other purpose. The password is required for unsubscribing or temporary disabling message delivering. The password does not protect any personal information but protects against malicious unsubscribing requests. Users who want to post to the list send a mail through our mail system (see below) which is then forwarded to all users and stored in a public mail archive. All information send by the user is forwarded to all users; this includes all information which are send in a standard mail. The content of the mail is considered to be in the /public domain/ with the exception of code snippets and patches which are subject to their respective license. As a public visible service we have no control whatsoever where these mails and the mail archives are copied to. Thus it is not possible to retract a one posted message. In exceptional cases and for illegal posted content we are able and will redact a message stored in our mail archive. Please contact as at the mail address five at the end of the page. ** Mailing system All mails to gnupg.org and related sites are passing through our mail servers. We keep log files for 10 days to analyze technical problems and for spam prevention. The IP addresses and sender addresses of incoming mails are compared to addresses we have on local black- and whitelists. We also compare them using DNS based list of known spamming addresses. All mail is conveyed using TLS encryption if supported by the peer. ** FTP Server The FTP server ftp.gnupg.org is similar to the Web server and can be used to download files and other material. The logs are kept for 7 days and carry the IP address of the requested, the requested file and an error code. For access analytic the same system and properties as used by the web server are in place. All files on the FTP server are also available via the more secure HTTPS protocol using the address https://gnupg.org/ftp/ which is served by our web server. ** Git repository This is a public service which carries all published code along with the names and mail addresses of their authors. This is required for technical and legal (copyright) reasons. ** Bug tracker dev.gnupg.org The system https://dev.gnupg.org is a general purpose bug track er which is in general visible to everyone. No registration is required to view the public data, similar to the web server. To file a bug report a user must be registered; this is only done to avoid misuse of the server by spammer. A user who registered must provide a valid mail address and an arbitrary name for his account. A user may disable his own account but can't delete any data he entered into the system. This is required for proper documentation and the overall security of the software developed by the GnuPG project. Only available to the administrators of the system are the IP addresses and login times of the users. We need to keep them to help preventing abuse of this public service. No such data is ever shared with any 3rd party or used for other purposes. All user entered content is considered to be in the /public domain/ with the exception of code snippets and patches which are subject to their respective license. # Fixme: We need to figure out properties of the log files etc. ** Responsible person for data protection If you have any questions about our privacy policy or need to get -information on the data strored about you, write to +information on the data stored about you, write to Werner Koch, =data-privacy at gnupg dot org= ([[file:share/data-privacy-key.asc][OpenPGP key]])\\ g10 Code GmbH\\ Hüttenstr. 61\\ 40699 Erkrath\\ Germany You can expect a response within a week. If exceptionally you don't get a timely response please send a reminder or call us at the phone number given in the [[file:imprint.org][imprint]]. ** History - 2018-05-18 :: Revamped the page. No actual policy changes. - 2014-03-12 :: Removed the Piwik web analytics software and changed the policy to allow for log file based analytics. - 2013-11-07 :: Installed Piwik web analytics software and wrote a privacy policy. We have not been forced by any court order or other means not to obey to the above rules. diff --git a/web/share/data-privacy-key.asc b/web/share/data-privacy-key.asc index f75eeb0..4cf9e39 100644 --- a/web/share/data-privacy-key.asc +++ b/web/share/data-privacy-key.asc @@ -1,38 +1,38 @@ pub rsa2048 2018-05-16 [SC] [expires: 2020-05-15] DC3629A4DBD434211589A0E1EB6CA96502867BDA -uid data-privacy@gnupg.org +uid data-privacy at gnupg dot org sub rsa2048 2018-05-16 [E] AB9897AC6DAAB01680F6C8FFC36EBD049AEA1BAA -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFr72M0BCADzDmCPrvQWm/aObH6mGkPZdAtaiTTpHh0/okXcCSYdofjqXJe/ myBHj1eMZ5MO29+lahmDiwsb2v+JAxYzKc76DhBVv1Ee5/GmNH27bmERC2sS3KO6 pae43aXf1xsdOjXw0BthS1CZZ4MNukUzpUVeeo2GkThFy3v1HHzgTPUcGSzN7LUl 8X0+PyX+N0Y0S4sWsVOadyj0PokP/L8+zHnBQP3UkjBwahAEM9YQ2EDiUak1UK5S 4t50+q43vPikfohEDm/Tk0A6lU7Q3KUyIlS/rjwzPn/ZA1o02Xehyl3odp6aUFVB D5xW98SF3PgYvgAxAMXx21PPnQ0Ai8W2oTgXABEBAAG0FmRhdGEtcHJpdmFjeUBn bnVwZy5vcmeJAVQEEwECAD4WIQTcNimk29Q0IRWJoOHrbKllAoZ72gUCWvvYzQIb AwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDrbKllAoZ72vKZCACD X/4YuYxCliWF7Fla01K7fAcivl8XUiDHWDbvWL55bbN5wAcl+EmyGfVcQjprrR/N 8fXySBOZuBhm3d898APhKzqMrsKSnqnys2qfPtyA9Ft4FTQ81Py3Dq3n/ULIRdnd Rd/5Q46b98o1KXE9Y291TqW5tKBGbC7QIVZ0avma44dlp43u/fjwoLccBN7AY0eW KAKvcIh5qMpa3nXEvKzlUg3JBG4RfPxHWxeJYfX5H4ibipSIYbjsxFIs4L2wER/U o46BdPC5rw2FuGSD8yKCdKRIsupqNP3Fkj5VUe4XwdU8OZZGnrSclsAX7xROoEkS ZrjV0mZkfYW9PUv1P+SjuQENBFr72M0BCADCTuMKyGLoj5nmCmYHO9hOnGt3qVEF 9g4UvOIu/REl/gLNRFOcGqqmDyJjeo77syHqQVI98yc4JOr74tdPvr2rS22Hmuv3 CCcFhSDT32kV6l8eTgB5SB6Ap+q63OuFBwAEVnJqf5TzvYdGsGQSrFgoEinp1upa E5tSknF0EEPrC+htDh845+YtAXPcDcIvZZHb6irG629Jl6BgnNJaL2xHxxtcLm6H g92PACiOVmdThTk15PKDAznYtHmxu5jRUF5+KWT/E6N8FFr6aYRvPK7KctRRDJMm fqijnsXvELZav5MBnW27cnGL5nTjYXEdzFOLghAT2qotyJjmjOVIvqF5ABEBAAGJ ATYEGAECACAWIQTcNimk29Q0IRWJoOHrbKllAoZ72gUCWvvYzQIbDAAKCRDrbKll AoZ72rwpB/9bHDd3h3M7+2IEnl4WnbMUUTN6TiGc+vBulNPnTjeOp2+6p+j79HYD LPrOZo4nYz0GBwbWe91W8p9li5VYAs2WLXnJ1nLfll/mrA6OxWLwW7VotSeFLInz vxPGlLbI6mEJ3L6PyLNCd6buGEIyVoJNkUAVSOjuVby1BZJftItWH3q5drTLkQzg mJ8h+ctQxDkn0UD4LWzEmE55ieLH0ySnVzY7nOzGtcE/IjzgtuRllkoNZmc22VOk EvTeR84kdIntwk6nb2St8qMnN9ea81/iDNSCt9xkz/HMN5WAjLTYqr7LSQrUTae1 /r7eE98xbr4BrOpjQOefGkVreSPcJHT9 =Fr5h -----END PGP PUBLIC KEY BLOCK-----