KittySocial:Privacy policy

From KittyWiki
Jump to: navigation, search

The following document describes how we handle your data as a user at https://kitty.social/.

Summary

For your convenience, a summary of this policy is as follows:

  • We collect server logs for troubleshooting, moderation, and abuse management purposes.
  • We require your email address for authentication, but do not require any further personally-identifiable information.
  • Any submitted User-generated Content should be assumed to be public due to the nature of the platform.
  • We may use and share your data on a limited basis for (co-)moderation purposes.
  • We may NOT share or sell your data for commercial purposes.

Any description in this summary may be superseded by the details below.

Definitions

The following definitions may be used in this document:

  • Site Administration: The individual(s)/team responsible for maintaining the kitty.social platform, including both technical and community authoritative decisions and actions.
  • Site Moderation: The individual(s)/team responsible for regulating User-generated Content on the kitty.social platform.
  • Anonymous Users: Individuals who access the kitty.social platform directly without being authenticated or associated with an account.
  • Local Users: Individuals who access the kitty.social platform directly while being signed into an account.
  • Remote Users: Individuals who are associated with a Remote Federated Server and may have the ability to interact with Local Users and Local Content.
  • Local Server: The kitty.social platform and its associated server (or servers) which are controlled by Site Administration and represent the kitty.social platform.
  • Remote Server: Any remote entity which is not an individual accessing the kitty.social platform directly.
  • Remote Federated Server: Remote Servers who may communicate with the Local Server using the "ActivityPub" protocol.
  • User-generated Content: Content which is generated by Local Users or Remote Users for the purpose of public consumption, further defined below.

Collected Data

Below is a non-exhaustive list of the data we collect, who has access to it, our rationale for keeping it, and the removal policy for that type of data.

Server Logs

Server Logs are logs generated by the infrastructure of the site, such as the operating system and web server softwares. Information gathered may vary based on the software, though these logs generally contain IP addresses, requested site name, the path of requested content, status codes of returned content, and diagnostic messages for administration related to potential failures in your requests, which may contain Account Data or User-generated Content. Server Logs are kept for any remote client of the Local Server, regardless of role, including any type of user or server activity. Server Logs do not generally correlate data to a specific user, but may be used to do so.

Site Administration are the only people with access to Server Logs.

Server Logs are kept with the intention of being used for troubleshooting, diagnostic, moderation, security, and anti-abuse purposes.

Server Logs are not removed on any specific schedule, are not available to be removed upon request due to the complexity of isolating relevant information, and are furthermore preserved at the discretion of Site Administration for the above reasons. Server Logs may be removed at the sole discretion of Site Administration at any given time, for any reason.

Account Data

Account Data is any data gathered or provided to us in association with your account. This is data which is generally scoped as private, and includes but is not limited to: your hashed ("encrypted") password, API keys, cookies (or similar technologies) to maintain your authentication session, the email address associated with your account, and the history of IP addresses that your account has been accessed from.

Account Data is made available to Site Administration, and portions of Account Data are made available to Site Moderation.

Account Data is kept primarily as an operational requirement of the kitty.social platform, but may additionally be used for moderation, security, and anti-abuse purposes.

Account Data is destroyed on the requested removal of your account. Additional copies of this data may be present in backups, see the Backups section for more information.

User-generated Content

User-generated Content is any data submitted to the site which is intended for consumption by others. This includes any and all "notes" (posts), profile information (such as username, description, and profile metadata), and uploaded media content, regardless of security scoping set in the software.

All User-generated Content should be treated as public, regardless of any otherwise explicit or implied denotation of security, such as post scope settings. "Public" posts may be retrieved by any Anonymous User, Local User, Remote User via an authorized Remote Federated Server, or any Remote Server or other entity. "Home" posts are receivable by the same, though the channels in which they are visible are modified. "Followers" posts are restricted to the Local Users and Remote Users who are following you, which may be restricted by enabling Follow Approvals. "Direct" posts are restricted to the users specified while posting. It is important to note that the kitty.social platform and staff cannot control who has access to User-generated Content once it has been sent to Remote Users via Remote Federated Servers, or after it has been retrieved by Remote Servers. Uploaded media items are accessible by ANYONE if they have the link to it. Site Administration has access to ALL User-generated Content.

User-generated Content is the focus of the kitty.social platform.

User-generated Content is destroyed when individually requested via the kitty.social platform, and wholly destroyed on the requested removal of your account. Additional copies of this data may be present in backups, see the Backups section for more information.

External Content

External Content is a subset of User-generated Content which has been received from Remote Federated Servers.

External Content is accessible by the same entities as listed above.

External Content is destroyed when a programmatic request is received from the Remote Federated Server of which the contributing Remote User is associated with. Remote Users may also request deletion of their External Content from Site Administration.

Federation

A large part of the kitty.social platform's capability is Federation, or its ability to share User-generated Content with Remote Federated Servers. Once User-generated Content has been distributed from the kitty.social platform in this manner, kitty.social staff cannot be responsible or held liable for how the data is handled or used by third parties.

Backups

In the interest of preventing catastrophic failure of the kitty.social platform, Site Administration keeps regular backups of all platform data. These backups may contain data which has been previously requested to be deleted, either by means of the kitty.social platform interface, API call, or explicit request to Site Administration. This data may be used to recover the kitty.social platform from a failure, and may restore content which has been previously deleted. In this case, you may request that the data be removed again. Except for internal recovery purposes, this data may not be published in whole or in part to the public, but may be used for Moderation purposes as described below.

Moderation

Site Administration and Site Moderation may use any data that they have access to in the course of ensuring conformance to the Terms of service, including Server Logs, Account Data, User-generated Content, and Backups.

Data which is used for the purposes of moderation may be preserved for moderation, security, and/or legal reasons.

Data which is used for the purposes of moderation may be CONFIDENTALLY shared with moderation teams of Remote Federated Servers at the sole discretion of Site Administration and/or Site Moderation.

Site Administration and Site Moderation acting as Local Users outside of their higher roles may choose to publicly publish data categorized as User-generated Content which is related to moderation purposes if the content could have been acquired by any normal non-administrative means prior to any moderative action, IF the purpose of publishing the data is with the intention of protecting the broader community and public.

Personally-identifiable Information

The only Personally-Identifiable Information that we require from you as a Local User is your email address, classified and handled as Account Data under this document. We are not responsible for the security of any Personally-Identifiable Information that you choose to publish as User-generated Content.

Tracking

We may track your usage of the kitty.social platform for purposes of forecasting server load and requirements, as well as public statistics. We do NOT track any association with other entities, nor do we explicitly provide tracking data to other entities, or allow other entities to track you on our behalf. Other entities (such as Remote Federated Servers) MAY be able to aggregate your usage of the platform through public statistics, site APIs, and other public User-generated Content, BUT, other entities have no influence over the tracking data that is collected from you by the kitty.social platform.

Anti-marketing

We may NOT use your data for any commercial interest or direct solicitation. Site Administration MAY advertise or solicit on the kitty.social platform for any reason or on behalf of others at their own discretion, but may NOT use any Collected Data to influence the delivery of such advertisements or solicitations outside of the normal propagation mechanisms of platform Announcements, Advertisements (placed at intervals between posts for all users when used), or User-generated Content.

Additionally, we may NOT sell any Collected Data to any third party, for any reason. We may NOT share Server Logs or your Account Data with any third party for purposes other than moderation. We MAY share User-generated Content with third parties as that is the inherent purpose of the kitty.social platform, but we may NOT do so with any kind of commercial intent.

Caveats

The kitty.social platform and staff have no influence or control over third party entities that may receive data which was originally submitted to the kitty.social platform.

Many elements of this policy are contingent upon the support of the Server Software, and kitty.social may not be held liable for faults in this policy caused by the Server Software. Parts of this policy which describe how the Server Software handles your data are done so on a best-effort basis.

Changes in Policy

Changes in this policy will be notified to Local Users by kitty.social platform Announcements. You may review a history of changes to this document here.

Retrieved from "https://kitty.wiki/index.php?title=KittySocial:Privacy_policy&oldid=18"