Merge branch 'main' into storyweaver-205eqhcxxmc

digitalpublicgoods/accessmod.json

@@ -0,0 +1,93 @@
+{
+  "name": "AccessMod",
+  "clearOwnership": {
+    "isOwnershipExplicit": "Yes",
+    "copyrightURL": "http://www.accessmod.org"
+  },
+  "platformIndependence": {
+    "mandatoryDepsCreateMoreRestrictions": "No",
+    "isSoftwarePltIndependent": "",
+    "pltIndependenceDesc": ""
+  },
+  "documentation": {
+    "isDocumentationAvailable": "Yes",
+    "documentationURL": [
+      "https://doc-accessmod.unepgrid.ch/display/EN/AccessMod+5+user+manual"
+    ]
+  },
+  "NonPII": {
+    "collectsNonPII": "No",
+    "checkNonPIIAccessMechanism": "Yes",
+    "nonPIIAccessMechanism": ""
+  },
+  "privacy": {
+    "isPrivacyCompliant": "Yes",
+    "privacyComplianceList": [
+      "As AccessMod is not an online tool and is a single-user desktop application, we are not sharing/exchanging information externally. However, it seems we are complying with the seven key principles of GDPR (Lawfulness, fairness and transparency; Purpose limitation; Data minimisation; Accuracy; Storage limitation; Integrity and confidentiality (security); Accountability) in the way we have developed the software."
+    ],
+    "adherenceSteps": [
+      "As AccessMod is not an online tool and is a single-user desktop application, we are not sharing/exchanging information externally. However, it seems we are complying with the seven key principles of GDPR (Lawfulness, fairness and transparency; Purpose limitation; Data minimisation; Accuracy; Storage limitation; Integrity and confidentiality (security); Accountability) in the way we have developed the software."
+    ]
+  },
+  "standards": {
+    "supportStandards": "Yes",
+    "standardsList": [
+      "UTF-8, HTML, REST, CSS, JSON, XML, CSV, TIFF, PNG.",
+      "For the geospatial data, we are using geoTIFF, shapefiles"
+    ],
+    "evidenceStandardSupport": [
+      "https://doc-accessmod.unepgrid.ch/display/EN/AccessMod+5+user+manual"
+    ],
+    "implementBestPractices": "Yes",
+    "bestPracticesList": [
+      "Principle for digital development",
+      "Modularity, Maintainability, Reusability and Extensibility",
+      "Human Centered Design Principle"
+    ]
+  },
+  "doNoHarm": {
+    "preventHarm": {
+      "stepsToPreventHarm": "Yes",
+      "additionalInfoMechanismProcessesPolicies": "AccessMod has been developed and used to improve accessibility to health care services for the population in need and, as such, to contribute to saving lives and protecting population's health. All the material associated to its use (e.g. user manual and tutorial) do refer to this use case and no other ones. As such, and to the extent of our knowledge, AccessMod has never been used as part of efforts to destroy lives, our environment and our future, in the contrary."
+    },
+    "dataPrivacySecurity": {
+      "collectsPII": "No",
+      "typesOfDataCollected": [
+        ""
+      ],
+      "thirdPartyDataSharing": "No",
+      "dataSharingCircumstances": [
+        ""
+      ],
+      "ensurePrivacySecurity": "Yes",
+      "privacySecurityDescription": "AccessMod is a single-user software. We ensure all imported data sets by the users and all results can be exported by the user. None of this data is exposed to others (e.g. through internet) unless decided by the user."
+    },
+    "inappropriateIllegalContent": {
+      "collectStoreDistribute": "No",
+      "type": "",
+      "contentFilter": "",
+      "policyGuidelinesDocumentationLink": "",
+      "illegalContentDetection": "",
+      "illegalContentDetectionMechanism": ""
+    },
+    "protectionFromHarassment": {
+      "userInteraction": "No",
+      "addressSafetySecurityUnderageUsers": "",
+      "stepsAddressRiskPreventSafetyUnderageUsers": [
+        ""
+      ],
+      "griefAbuseHarassmentProtection": "",
+      "harassmentProtectionSteps": [
+        ""
+      ]
+    }
+  },
+  "locations": {
+    "developmentCountries": [
+      "Switzerland"
+    ],
+    "deploymentCountries": [
+      ""
+    ]
+  }
+}

digitalpublicgoods/boxtribute.json

@@ -0,0 +1,110 @@
+{
+  "name": "Boxtribute",
+  "clearOwnership": {
+    "isOwnershipExplicit": "Yes",
+    "copyrightURL": "https://www.boxtribute.org/"
+  },
+  "platformIndependence": {
+    "mandatoryDepsCreateMoreRestrictions": "No",
+    "isSoftwarePltIndependent": "",
+    "pltIndependenceDesc": ""
+  },
+  "documentation": {
+    "isDocumentationAvailable": "Yes",
+    "documentationURL": [
+      "https://github.com/boxwise/dropapp#readme",
+      "https://github.com/boxwise/boxtribute#readme"
+    ]
+  },
+  "NonPII": {
+    "collectsNonPII": "No",
+    "checkNonPIIAccessMechanism": "",
+    "nonPIIAccessMechanism": ""
+  },
+  "privacy": {
+    "isPrivacyCompliant": "Yes",
+    "privacyComplianceList": [
+      "GDPR in the European Union"
+    ],
+    "adherenceSteps": [
+      "We collect no data on our website, which we can see on the bottom of our page. ",
+      "All the people who work on the project, from staff to volunteers, have to sign a confidentiality agreement: https://drive.google.com/file/d/1kASwONuUHbneCHXUuJT-YC-g5ZZ0WM5E/view?usp=sharing as well as sign data privacy guidelines: https://drive.google.com/file/d/1GogW9b5r0MPuGTNOtnwmsLYNTjj849kl/view?usp=sharing",
+      "For all partners who use our hosted services, we have them sign a data processing agreement (https://docs.google.com/document/d/1_CbXjNLmk96A7VjLhyjh6Q1l0EIeu_BRWgMEhhHTHXI/edit?usp=sharing) as well as an annex disclosing all of our data sub-processors, as well as having them designate a GDPR contact person who is authorized to issue privacy transfer instructions to us (https://docs.google.com/document/d/1BbyW-yIrBKsHsTtOEwLiVtMnnfqjsSAQCZVWS5fgZOw/edit?usp=sharing). We also have a dedicated GDPR email address which is limited only to authorized personnel, gdpr@boxtribute.org"
+    ]
+  },
+  "standards": {
+    "supportStandards": "Yes",
+    "standardsList": [
+      "HMTL",
+      "CSS",
+      "JavaScript",
+      "REST",
+      "JSON"
+    ],
+    "evidenceStandardSupport": [
+      "https://drive.google.com/file/d/1uydhO--UtSx8VK_V9bHqj_4Qi-mO8OdP/view?usp=sharing"
+    ],
+    "implementBestPractices": "Yes",
+    "bestPracticesList": [
+      "Design with the User: we work closely with other organizations on the field and build trust as former field workers ourselves",
+      "Understand the Existing Ecosystem: One of our core principles is try to patch the gaps in the humanitarian system, and reduce the areas of duplication and overlap. In fact, our software is designed specifically for that purpose, and we try to follow that principle as well in our own design and operations.",
+      "Be Data Driven: We compare our impact and our methods not only with usage data of the software, but also global humanitarian data. Both our long-term policies and day-to-day decisions make heavy use of this.",
+      "Be Collaborative: We are always collaborative within the sector and across the sector. We attend conferences to give people a better idea of how things work internally.",
+      "Address Privacy and Security: We not only follow GDPR guidelines ourselves, but our software also encourages our users to follow those same guidelines by having simple privacy management modules for beneficiaries. "
+    ]
+  },
+  "doNoHarm": {
+    "preventHarm": {
+      "stepsToPreventHarm": "Yes",
+      "additionalInfoMechanismProcessesPolicies": "We have a strong anti-discrimination and anti-harassment policy for our team and volunteers. We check potential partners to make sure that they have similar policies and safeguarding in place. "
+    },
+    "dataPrivacySecurity": {
+      "collectsPII": "Yes",
+      "typesOfDataCollected": [
+        "We register beneficiaries as a data processor for participating partner organizations. "
+      ],
+      "thirdPartyDataSharing": "No",
+      "dataSharingCircumstances": [
+        ""
+      ],
+      "ensurePrivacySecurity": "Yes",
+      "privacySecurityDescription": "We collect no data on our website. It's not really a content or interaction platform. This is more about logistical cooperation in the field for humanitarian aid."
+    },
+    "inappropriateIllegalContent": {
+      "collectStoreDistribute": "No",
+      "type": "",
+      "contentFilter": "",
+      "policyGuidelinesDocumentationLink": "",
+      "illegalContentDetection": "",
+      "illegalContentDetectionMechanism": ""
+    },
+    "protectionFromHarassment": {
+      "userInteraction": "Yes",
+      "addressSafetySecurityUnderageUsers": "Yes",
+      "stepsAddressRiskPreventSafetyUnderageUsers": [
+        "For our users, this is not relevant as it's not a content or interaction platform. For our team, we do not accept any underage people."
+      ],
+      "griefAbuseHarassmentProtection": "Yes",
+      "harassmentProtectionSteps": [
+        "It's not really a content or interaction platform, so this is not really relevant. This is more about logistical cooperation in the field for humanitarian aid. "
+      ]
+    }
+  },
+  "locations": {
+    "developmentCountries": [
+      "Germany",
+      "Greece",
+      "Netherlands",
+      "United Kingdom"
+    ],
+    "deploymentCountries": [
+      "Germany",
+      "Greece",
+      "Lebanon",
+      "Poland",
+      "Bosnia and Herzegovina",
+      "Serbia",
+      "Italy"
+    ]
+  }
+}

digitalpublicgoods/coral.json

@@ -0,0 +1,117 @@
+{
+  "name": "Coral",
+  "clearOwnership": {
+    "isOwnershipExplicit": "Yes",
+    "copyrightURL": "https://coralproject.net/about-2/"
+  },
+  "platformIndependence": {
+    "mandatoryDepsCreateMoreRestrictions": "No",
+    "isSoftwarePltIndependent": "",
+    "pltIndependenceDesc": ""
+  },
+  "documentation": {
+    "isDocumentationAvailable": "Yes",
+    "documentationURL": [
+      "https://docs.coralproject.net"
+    ]
+  },
+  "NonPII": {
+    "collectsNonPII": "Yes",
+    "checkNonPIIAccessMechanism": "Yes",
+    "nonPIIAccessMechanism": "You can use the API or a db dump. We don't get any access to any information whatsoever - we don't even know if you're running the software - but in order for it to work, people have to create accounts, and that information lives on your servers"
+  },
+  "privacy": {
+    "isPrivacyCompliant": "Yes",
+    "privacyComplianceList": [
+      "We don't host any of your data (unless we have a separate paid relationship with you), so it is up to each individual host to ensure that they are compliant. However, we provide the infrastructure and tooling to make compliance easy for GDPR, PIPEDA, CCPA, etc."
+    ],
+    "adherenceSteps": [
+      "https://docs.coralproject.net/gdpr"
+    ]
+  },
+  "standards": {
+    "supportStandards": "Yes",
+    "standardsList": [
+      "JWT standards https://docs.coralproject.net/sso ",
+      "Structured object types via RESTful-like API through GraphQL https://docs.coralproject.net/api/schema"
+    ],
+    "evidenceStandardSupport": [
+      "https://app.circleci.com/pipelines/github/coralproject/talk"
+    ],
+    "implementBestPractices": "Yes",
+    "bestPracticesList": [
+      "https://digitalprinciples.org/",
+      "https://www.mozilla.org/en-US/about/manifesto/",
+      "CI linting https://github.com/coralproject/talk/blob/develop/CONTRIBUTING.md"
+    ]
+  },
+  "doNoHarm": {
+    "preventHarm": {
+      "stepsToPreventHarm": "Yes",
+      "additionalInfoMechanismProcessesPolicies": "We always consider how any feature could be used by a hostile force, eg abuser, spammer, troll. We will not ship any feature that can be used also to troll without strong mitigation principles.  https://medium.com/the-coral-project/by-andrew-losowsky-head-of-coral-365c44152149 "
+    },
+    "dataPrivacySecurity": {
+      "collectsPII": "Yes",
+      "typesOfDataCollected": [
+        "Email address",
+        "Username (which can contain PII)"
+      ],
+      "thirdPartyDataSharing": "No",
+      "dataSharingCircumstances": [
+        ""
+      ],
+      "ensurePrivacySecurity": "Yes",
+      "privacySecurityDescription": "https://docs.coralproject.net/gdpr"
+    },
+    "inappropriateIllegalContent": {
+      "collectStoreDistribute": "Yes",
+      "type": "UGC via comments",
+      "contentFilter": "Yes",
+      "policyGuidelinesDocumentationLink": "https://coralproject.net/acceptable-use-policy/",
+      "illegalContentDetection": "Yes",
+      "illegalContentDetectionMechanism": "We have several mechanisms in place to prevent spam and abuse, including optional integration of AI (including free-to-use AI services), the ability to block/flag/remove users, domains, and language, and much more"
+    },
+    "protectionFromHarassment": {
+      "userInteraction": "Yes",
+      "addressSafetySecurityUnderageUsers": "No",
+      "stepsAddressRiskPreventSafetyUnderageUsers": [
+        ""
+      ],
+      "griefAbuseHarassmentProtection": "Yes",
+      "harassmentProtectionSteps": [
+        "The entire platform is built around best-in-class safety and moderation tools. Users can mute each other, flag/report abusive content, and moderators have dozens of dedicated tools to help spot, remove, and take action against grief, abuse, harassment "
+      ]
+    }
+  },
+  "locations": {
+    "developmentCountries": [
+      "United States of America",
+      "Canada",
+      "Germany"
+    ],
+    "deploymentCountries": [
+      "Argentina",
+      "Australia",
+      "Austria",
+      "Belgium",
+      "Brazil",
+      "Canada",
+      "Denmark",
+      "Chile",
+      "Finland",
+      "France",
+      "Germany",
+      "New Zealand",
+      "Netherlands",
+      "Norway",
+      "Serbia",
+      "Spain",
+      "Switzerland",
+      "United Kingdom",
+      "United States of America",
+      "Uruguay",
+      "Montenegro",
+      "Poland"
+    ]
+  }
+}