From 30619c3c69b3c2fe07ab97d34a11875f4fb2b6b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Dachary?= Date: Thu, 14 Apr 2022 14:58:37 +0100 Subject: [PATCH] add legal/privacy/tos draft pages --- .gitignore | 1 + content/legalese/index.md | 30 ++++++++++++++++++ content/privacy-policy/index.md | 56 ++++++++++++++++++++++++++++++++- content/tos/index.md | 44 ++++++++++++++++++++++++++ 4 files changed, 130 insertions(+), 1 deletion(-) create mode 100644 content/legalese/index.md create mode 100644 content/tos/index.md diff --git a/.gitignore b/.gitignore index 8608f04..871ace1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ public/ bin/ tmp +*~ diff --git a/content/legalese/index.md b/content/legalese/index.md new file mode 100644 index 0000000..527a4b0 --- /dev/null +++ b/content/legalese/index.md @@ -0,0 +1,30 @@ +--- +title: "Legalese" +draft: false +--- + +## [Copyright](#copyright) + +The copyright of the software and content used to build the infrastructure is held by the individual contributors who implemented it, as found in the [git history](https://lab.enough.community/main/infrastructure/commits/master). + +## [Intellectual Property](#ip) + +[Did You Say “Intellectual Property”? It's a Seductive Mirage](https://www.gnu.org/philosophy/not-ipr.html) + +## [Disclaimer of Warranty](#warranty) + +There is no warranty for the service, to the extent permitted by applicable law. Except when otherwise stated in writing the service is provided "as is" without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. + +## [Limitation of Liability](#liability) + +In no event unless required by applicable law or agreed to in writing will any member of the Hostea community, or any other party who modifies the service as permitted by Hostea, be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the service (including but not limited to loss of data or data being rendered inaccurate or losses sustained by you or third parties or a failure of the service to operate with any other service), even if such member or other party has been advised of the possibility of such damages. + +## [Interpretation of the Warranty and Liability disclaimers](#interpretation) + +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the service. + +## [Hosting](#hosting) + +The services and this web site, as well as all sub-domains, are exclusively maintained and used by the individuals composing the Hostea. They can be reached at contact@hostea.org. + +For details, see [the documentation](https://enough-community.readthedocs.io/). diff --git a/content/privacy-policy/index.md b/content/privacy-policy/index.md index 1e01dcc..b610bf9 100644 --- a/content/privacy-policy/index.md +++ b/content/privacy-policy/index.md @@ -3,4 +3,58 @@ title: "Privacy" draft: false --- -TODO +## [Who is we?](#we) + +In the context of a horizontal community, the word **we** has a different meaning than within not-for-profit organizations or companies. **We** are the individuals who have access to the resources that would enable them to modify how it is implemented. For instance, someone with access to the configuration of the web server can change the log retention policy. + +## [What information do we collect?](#collect) + +We collect information from you when you register on our site and gather data when you participate in the community by reading, writing, and evaluating the content shared here. + +When registering on Hostea sites, you may be asked to enter your name and e-mail address. You may, however, visit our sites without registering. Your e-mail address will be verified by an email containing a unique link. If that link is visited, we know that you control the e-mail address. + +When registered and participating, we record the IP address that the post originated from. We also may retain server logs which include the IP address of every request to our server. + +## [What do we use your information for?](#use) + +Any of the information we collect from you may be used in one of the following ways: + +* To personalize your experience — your information helps us to better respond to your individual needs. +* To send periodic emails — The email address you provide may be used to send you information, notifications that you request about changes to topics or in response to your user name, respond to inquiries, and/or other requests or questions. + +## [How do we protect your information?](#protect) + +We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. + +## [What is your data retention policy?](#data-retention) + +We will make a good faith effort to: + +* Retain server logs containing the IP address of all requests to this server no more than 15 days. +* Retain the IP addresses associated with registered users and their posts no more than 15 days. + +## [What about my data?](#data-access) + +Users of Hoteas services can ask contact@hostea.org to: + +* Delete their account on a service when it is not a feature available to the user (for instance Nextcloud) +* Retreive data associated with their account on a service that does not already provide full access + +## [Do we use cookies?](#cookies) + +Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow). These cookies enable the sites to recognize your browser and, if you have a registered account, associate it with your registered account. + +We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We do not contract with third-party service providers. + +## [Do we disclose any information to outside parties?](#disclose) + +We do not sell, trade, or otherwise transfer to outside parties any information. + +## [Your Consent](#consent) + +By using our sites, you consent to our sites privacy policy. + +## [Changes to our Privacy Policy](#changes) + +If we decide to change our privacy policy, we will post those changes on this page. + diff --git a/content/tos/index.md b/content/tos/index.md new file mode 100644 index 0000000..22dd25b --- /dev/null +++ b/content/tos/index.md @@ -0,0 +1,44 @@ +--- +title: "Terms of Service" +draft: false +--- + +## [CHATONS Charter compliance](#chatons) + +Hostea is committed to comply with the [CHATONS charter](https://framagit.org/chatons/CHATONS/-/blob/master/docs/charter-and-manifesto.md). + +All applications and infrastructure software used in Hostea are published under a Free Software license. + +## [User content](#user-content) + +Hostea has no copyright claim over content uploaded by its users. + +Hostea hosts, via application software, content in private spaces that are not publicly accessible. Hostea system administrators is committed to not look into those private spaces, even when they have the technical ability to do so, so as to respect the privacy expectations of hostea users. + +## [Infrastructure](#infrastructure) + +Hostea exclusively uses resources located in France, at the Graveline OVH datacenter (59820 Gravelines, Nord-Pas-de-Calais-Picardie, France) and at 12 bd Magenta, 75010 Paris, France. A copy of the backups is kept at Arndtstr 44, 10965 Berlin, Germany. + +## [Security](#security) + +Security updates are applied via [unattended upgrades](https://lab.enough.community/main/infrastructure/-/blob/master/playbooks/misc/upgrades-playbook.yml). + +## [Backups](#backups) + +Backups are managed [via the Enough backup playbook](https://lab.enough.community/main/infrastructure/-/tree/master/playbooks/backup) so that there exist at least one backup of each machine in a geographical location that is different from the one where it runs. + +Disaster recovery involves rebooting the machine that was lost using a backup, either within a libvirt hypervisor or an OpenStack tenant. + +## [GDPR compliance](#gdpr) + +A user can request deletion or anonymisation of the data they are unable to delete themselves by sending a request to contact@hostea.org. + +A user can request an copy of the data held by Hostea that they are unable to download themselves by sending a request to contact@hostea.org. + +## [Editorial responsibility](#editor) + +The person responsible for the editorial content published on Hostea is Loïc Dachary, 12 bd Magenta, 75010 Paris. + +## [Human contact](#contact) + +Hostea users are kindly invited to get in touch with loic@dachary.org and organize a meeting in person to discuss the services provided.