Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
175 lines (90 sloc) 15.4 KB

This document is publicly stored and versioned on GitHub at https://github.com/forward-motion/commentbox.io/blob/master/docs/PRIVACY.md.

About Us.

CommentBox.io is a hosted commenting platform. Our platform is comprised of Services that include a website at https://commentbox.io ("The Website"), a dashboard application at https://dashboard.commentbox.io ("The Dashboard"), and an embedded commenting plugin at https://github.com/forward-motion/commentbox.io ("The Plugin").

Our philosophy is one of friendliness, transparency, and responsibility, and we have designed our Services around these ideals. We hope that you enjoy using our Services, and that in building a platform that respects users, our users will in turn reciprocate that respect towards our Services.

Objective.

The overall privacy mandate of CommentBox.io is to never collect more data than we require to run our collective services, and for only as much time as we require it. Our mission is to provide you with high quality service, and to do so with minimal data collection, processing, or intrusion. We have no interest in any personal data or data generated by our users, other than what is necessary to deliver our services. We aim for full transparency on how we gather, use, and share your personal information and other data.

For each, we will outline the following:

  • What kinds of data we collect, and how.
  • What we use collected data for.
  • What we won't use collected data for.
  • What 3rd parties have access to collected data.
  • How long collected data is retained.
  • How you can remove data collected from you.

The Website.

What kinds of data we collect, and how.

The data we collect on The Website are for analytics purposes only. We not use any 3rd party analytics (such as Google Analytics).

However, we do engage in 1st party analytics, by parsing the server logs of requests made to a particular file ("first-party-analytics.png") present on The Website. This method does not use any cookies or other forms of tracking. Here is the exact list of the fields that our access logs collect: https://cloud.google.com/storage/docs/access-logs#format

What we use collected data for.

The only purpose of collecting server log data is to count visitors to The Website. We do this in a transparent fashion using the following script: https://github.com/forward-motion/commentbox.io-analytics.

Of particular note is that we respect the Do Not Track setting in browsers, and we also hash visitors' IP addresses with a secret key.

What we won't use collected data for.

We won't utilize collected data for any purpose except for what was described above. We also have no mechanisms in place for linking this data with any other datasets. Particularly, we have no way of associating IP address with user accounts of our dashboard or plugin. We also have no way of tracking users across websites, besides the "referer" HTTP header sent to us by your browser.

What 3rd parties have access to collected data.

Our server logs are generated by Google Cloud Storage, where our analytics file is hosted.

How long collected data is retained.

Access log files are automatically deleted after approximately 30 days. Our external analytics database is also purged every 12 months.

How you can remove data collected from you.

Unfortunately, your IP address and referer will tend to show up on server logs whenever you interact with any server (not just ours). However, there are steps you can take to prevent us from counting you:

  1. You may turn on the "Do Not Track" setting in your browser, which we honor.
  2. You may utilize browser plugins to prevent your browser from making requests to our analytics file ("first-party-analytics.png").

The Dashboard.

What kinds of data we collect, and how.

We offer social login options with Facebook, Twitter, and Google, as well as logging in via email. All login methods are offered via Firebase Auth, and all require collecting your email address and name. If using social login, we will receive this data from your 3rd party account (e.g. from your Facebook or Twitter account). If using email login, you will be asked to provide this data yourself.

Note that we do not collect or utilize any other 3rd party data, including your Facebook ID, Twitter ID, or google ID. The only data we collect and utilize are your email address and name.

Before logging in, you may opt to uncheck "remember me", which discards your session if you close your browser/browser tab. Keeping "remember me" checked allows us to save your login status into local storage (not cookies). Note, however, that the third party services that you may choose to log in with can utilize their own cookies or other mechanisms to save your login status on their domain, resulting in you not having to re-type your credentials. We do not have control over this, and normally this is the desired behavior, however we do offer the option to "re-authenticate", meaning we prompt third party login windows to allow you to re-enter your credentials.

Secondly, we collect credit card information via Stripe, when you are asked to provide it to us. This information is saved securely via Stripe's front-end plugins, without ever touching our front-end or back-end code.

Thirdly, we do not track analytics on The Dashboard. This includes the first-party analytics method installed on The Website.

What we use collected data for.

We use your email address to uniquely identify you, even across multiple login methods.

Secondly, we use your email to associate your dashboard user account to your plugin user account, as these user accounts are separate.

Thirdly, we associate your name, email address, and credit card information with a Stripe customer that we create to represent your user account in Stripe. Your email address may be used directly by Stripe when attempting to send you transactional emails about payment-related activity.

Fourthly, we use your email to send you transactional email via SparkPost or Firebase Auth, based on various explicit opt-in actions. For example, setting up a new project will prompt you to clearly mark which email notifications you wish to receive.

Fifthly, we use your name to refer to you whenever a name is required, either in emails or on The Dashboard front-end.

What we won't use collected data for.

We'll never send you any marketing emails or product announcements. We don't put your email address into any subscriber lists of any sort. The only emails we send are transactional in nature.

What 3rd parties have access to collected data.

We leverage Firebase Auth for login, SparkPost for sending transactional emails, and Stripe for payments. All three parties have access to both your email address and display name.

Secondly, Firebase Auth has access to general data regarding your social login, however we do not use this data.

Thirdly, Stripe has access to your credit card details, however we do not have direct access to these details.

Fourthly, data we save related to your projects or project comments are saved in Google Cloud Datastore (in a U.S. based datacenter), The Dashboard's primary database.

Fifthly, your project comments may be saved in Algolia (also in a U.S. based datacenter) if you've subscribed to a pricing plan that includes search, which allows you to search through these comments.

How long collected data is retained.

Since all of the data we collect is essential to The Dashboard's operation, we retain it all indefinitely, with the exception of Algolia comments, which have an expiration time of 90 days.

How you can remove data collected from you.

With the exception of your Stripe customer account, you are able to delete all of your data via The Dashboard. You may delete individual project data in each project's "danger zone", or you may delete your entire account and related data in the account section's "danger zone".

If you delete your account, this also deletes all of your projects and related project data. This includes all data stored in Firebase Auth, Google Cloud Datastore, and Algolia. The only data we retain is your Stripe customer account, which is necessary for accounting and to adhere to the law in some countries.

Note that deleting your dashboard account does not delete your plugin user account, which is separate.

The Plugin.

What kinds of data we collect, and how.

We offer social login options with Facebook, Twitter, and Google, as well as logging in via email. All login methods are offered via Firebase Auth, and all require collecting your email address and name. If using social login, we will receive this data from your 3rd party account (e.g. from your Facebook or Twitter account). If using email login, you will be asked to provide this data yourself.

Secondly, with social login, we also collect your profile photo from your 3rd party account. We do not collect this data when using email login.

Note that we do not collect or utilize any other 3rd party data, including your Facebook ID, Twitter ID, or google ID. The only data we collect and utilize are your email address, name, and photo.

Before logging in, you may opt to uncheck "remember me", which discards your session if you close your browser/browser tab. Keeping "remember me" checked allows us to save your login status into local storage (not cookies). Note, however, that the third party services that you may choose to log in with can utilize their own cookies or local storage to save your login status on their domain, resulting in you not having to re-type your credentials. We do not have control over this, and normally this is the desired behavior, however we do offer the option to "re-authenticate", meaning we prompt third party login windows to allow you to re-enter your credentials.

Thirdly, we collect the project ID and URL of The Website that The Plugin is installed on. This data is then associated to any comments made, for the purpose of linking back to that comment.

Fourthly, we of course collect the comments, votes, flags, and any other explicit actions you perform whilst interacting with The Plugin.

Fifthly, The Plugin does not use any 3rd party analytics (such as Google Analytics). However, we do retain and utilize access log data, but not for the same analytics purposes as The Website. Instead, we use this data in order to bill our customers by their usage, by parsing the server logs of requests made by The Plugin. This method does not use any cookies or other forms of tracking. Here is a list of exactly the fields that we collect: https://cloud.google.com/storage/docs/access-logs#format. Also, unlike The Website, we do not use the IP address or referer fields. The only relevant fields are the ones that help us determine which action was taken (e.g. creating a comment or downloading comments). We are not concerned with who performed the action. This data is then sent to and aggregated by Stripe for billing purposes.

What we use collected data for.

We use your email address to uniquely identify you, even across multiple login methods. Your email address is never exposed publicly to other plugin users or dashboard users, but your user ID, name, and photo are. When posting a comment, you may choose to post anonymously, which hides your user ID, name, and photo from all users, including dashboard users. Comments made anonymously also do not show up in your comment history.

You should expect that any comment you create will become public, and will at the very least be seen by a moderator.

Secondly, we use your email to associate your dashboard user account to your plugin user account, as these user accounts are separate. This is necessary to determine which plugin users are moderators.

Thirdly, we use your email to send you transactional email via SparkPost or Firebase Auth, based on various explicit opt-in actions. For example, when posting a comment, you may opt-in to receive email notifications about replies to your comment.

Fourthly, we use your name to refer to you whenever a name is required, either in emails or on The Plugin's front-end.

Fifthly, we use the project ID and website URL that plugin is installed on in order to link back to any comments made while on that website.

Sixthly, we use the server log data in order to accurately count usage and bill our customers accordingly.

What we won't use collected data for.

We'll never send you any marketing emails or product announcements. We don't put your email address into any subscriber lists of any sort. The only emails we send are transactional in nature. We also don't use any data (including comment data, websites users comment on, etc.) in order to build "profiles" of users, analyze their habits, or attempt to track users across websites. Even users' comment histories are limited to The Website that their history is currently being viewed on.

What 3rd parties have access to collected data.

We leverage Firebase Auth for login and SparkPost for sending transactional emails. Both parties have access to both your email address and name. Firebase Auth has access to general data regarding your social login, however we do not use this data.

Data related to comments made, votes cast, or any other explicit user action is saved in a combination of Google Cloud Storage, Google Cloud Datastore, and Firebase Firestore, all of which are located in U.S. datacenters.

Additionally, user comments may be saved in Algolia (also in a U.S. based datacenter) if the project is subscribed to a plan that includes search, which allows project moderators to search through these comments.

How long collected data is retained.

Since all of the data we collect is essential to The Plugin's operation, we retain it all indefinitely, with the exception of Algolia comments, which have an expiration time of 90 days, and server logs, which are retained for 180 days, for payment auditing purposes.

How you can remove data collected from you.

You may delete your plugin account from the "danger zone" in the user profile section of The Plugin. Deleting your account also removes all of your data, including comments, votes, preferences, etc. This includes all data stored in Firebase Auth, Google Cloud Storage, Google Cloud Datastore, Firebase Firestore, and Algolia.

Other Items.

Our Services are offered worldwide, but the majority of our datacenters are located in the United States. As such, the information about you that we process when you use the Services in the EU will be used, stored, and/or accessed by individuals operating outside the European Economic Area (EEA) who work for us, other members of our group of companies, or third party data processors. This is required for the purposes listed in the relevant sections above. When providing information about you to entities outside the EEA, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy as required by applicable law. These measures include:

  • In the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield; or
  • In the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.

You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU.

If you have a question about this Privacy Policy, please email us at hello@commentbox.io.