Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add initial pass at privacy policy, coc, and tos
All of the documents are from hex.pm with minor modifications to convert
to Nerves Hub. They will need a more thorough review as we get closer to
launch.
  • Loading branch information
fhunleth authored and mobileoverlord committed Aug 13, 2018
1 parent abd21f5 commit 5844422
Show file tree
Hide file tree
Showing 12 changed files with 299 additions and 5 deletions.
2 changes: 2 additions & 0 deletions apps/nerves_hub_www/config/config.exs
Expand Up @@ -27,6 +27,8 @@ config :nerves_hub_www, NervesHubWWW.Mailer, adapter: Bamboo.LocalAdapter

config :nerves_hub_www, NervesHubWWWWeb.AccountController, allow_signups: true

config :phoenix, :template_engines, md: PhoenixMarkdown.Engine

# Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above.
import_config "#{Mix.env()}.exs"
2 changes: 1 addition & 1 deletion apps/nerves_hub_www/config/dev.exs
Expand Up @@ -37,7 +37,7 @@ config :nerves_hub_www, NervesHubWWWWeb.Endpoint,
~r{priv/static/.*(js|css|png|jpeg|jpg|gif|svg)$},
~r{priv/gettext/.*(po)$},
~r{lib/nerves_hub_www_web/views/.*(ex)$},
~r{lib/nerves_hub_www_web/templates/.*(eex)$}
~r{lib/nerves_hub_www_web/templates/.*(eex|md)$}
]
]

Expand Down
@@ -0,0 +1,30 @@
defmodule NervesHubWWWWeb.PolicyController do
use NervesHubWWWWeb, :controller

def coc(conn, _params) do
render(
conn,
"coc.html",
title: "Code of Conduct",
container: "container page page-sm policies"
)
end

def privacy(conn, _params) do
render(
conn,
"privacy.html",
title: "Privacy Policy",
container: "container page page-sm policies"
)
end

def tos(conn, _params) do
render(
conn,
"tos.html",
title: "Terms of Service",
container: "container page page-sm policies"
)
end
end
6 changes: 6 additions & 0 deletions apps/nerves_hub_www/lib/nerves_hub_www_web/router.ex
Expand Up @@ -41,6 +41,12 @@ defmodule NervesHubWWWWeb.Router do

get("/invite/:token", AccountController, :invite)
put("/invite/:token", AccountController, :accept_invite)

scope "/policy" do
get("/tos", PolicyController, :tos)
get("/privacy", PolicyController, :privacy)
get("/coc", PolicyController, :coc)
end
end

scope "/", NervesHubWWWWeb do
Expand Down
@@ -1,5 +1,5 @@
<div class="container-fullwidth">
<div class="container-fullwidth">

<div class="d-flex flex-row bd-highlight mb-3 justify-content-around footer-nav">
<div class="p-2 bd-highlight">
<h6 class="text-dark logo-font">
Expand All @@ -20,8 +20,9 @@
<h6 class="text-dark logo-font">
Terms and Conditions
</h6>
<a href="#">Code of conduct</a>
<a href="#">Terms of service</a>
<a href="<%= policy_path(@conn, :coc) %>">Code of Conduct</a>
<a href="<%= policy_path(@conn, :tos) %>">Terms of Service</a>
<a href="<%= policy_path(@conn, :privacy) %>">Privacy Policy</a>
</div>
</div>
</div>
@@ -0,0 +1,91 @@
## Code of Conduct

NervesHub exists to facilitate sharing firmware, by making it easy for Nerves developers to publish firmware and manage embedded devices.

NervesHub is a piece of technology, but more importantly, it is a community.

We believe that our mission is best served in an environment that is friendly, safe, and accepting; free from intimidation or harassment.

Towards this end, certain behaviors and practices will not be tolerated.

NervesHub is comprised of this website, an associated HTTP API, and the GitHub projects at [github.com/nerves-hub](https://github.com/nerves-hub).

### tl;dr

* Be respectful.
* We're here to help: <support@nerves-hub.org>
* Abusive behavior is never tolerated.
* Data published to NervesHub is hosted at the discretion of the NervesHub team, and may be removed.
* Violations of this code may result in swift and permanent expulsion from the NervesHub community.

### Scope

We expect all members of the NervesHub community, including paid and unpaid agents, administrators, and users to abide by this Code of Conduct at all times in all NervesHub community venues, online and in person, and in one-on-one communications pertaining to NervesHub affairs.

This policy covers the usage of the NervesHub website and the NervesHub Open Source project communities, including but not limited to public GitHub repositories, IRC channels, social media, mailing lists, and public events.

This Code of Conduct is in addition to, and does not in any way nullify or invalidate, any other terms or conditions related to use of the Service.

The definitions of various subjective terms such as "discriminatory", "hateful", or "confusing" will be decided at the sole discretion of the NervesHub team (<support@nerves-hub.org>).

### Friendly Harassment-Free Space

We are committed to providing a friendly, safe and welcoming environment for all, regardless of gender identity, sexual orientation, disability, ethnicity, religion, age, physical appearance, body size, race, or similar personal characteristics.

We ask that you please respect that people have differences of opinion regarding technical choices, and that every design or implementation choice carries a trade-off and numerous costs. There is seldom a single right answer. A difference of technology preferences is not a license to be rude.

Any spamming, trolling, flaming, baiting, or other attention-stealing behaviour is not welcome, and will not be tolerated.

Harassing other users of the Service is never tolerated, whether via public or private media.

Avoid using offensive or harassing package names, nicknames, or other identifiers that might detract from a friendly, safe, and welcoming environment for all.

Harassment includes, but is not limited to: harmful or prejudicial verbal or written comments related to gender identity, sexual orientation, disability, ethnicity, religion, age, physical appearance, body size, race, or similar personal characteristics; inappropriate use of nudity, sexual images, and/or sexually explicit language in public spaces; threats of physical or non-physical harm; deliberate intimidation, stalking or following; harassing photography or recording; sustained disruption of talks or other events; inappropriate physical contact; and unwelcome sexual attention.

### Acceptable Firmware Content

The NervesHub team reserve the right to make judgement calls about what is and isn't appropriate in published firmware. These are guidelines to help you be successful in our community.

Firmware published to the Service must be created using the Nerves command-line tools, or a functionally equivalent implementation. For example, a "firmware" must not be a PNG or JPEG image, movie file, or text document. Using the Service as a personal general-purpose database is also not allowed for this reason. Firmware should be Nerves firmware files, and nothing else.

Firmware must not contain illegal or infringing content. You should only publish firmware or other materials to the Service if you have the right to do so. This includes complying with all software license agreements or other intellectual property restrictions. For example, redistributing an MIT-licensed module with the copyright notice removed, would not be allowed. You will be responsible for any violation of laws or others’ intellectual property rights.

Firmware must not be malware. For example, a firmware which is designed to maliciously exploit or damage computer systems, is not allowed. However, an explicitly documented penetration testing firmware designed to be used for white-hat security research would most likely be fine.

Firmware name, description, and other visible metadata must not include abusive, inappropriate, or harassing content.

### Reporting Violations of this Code of Conduct

If you believe someone is harassing you or has otherwise violated this Code of Conduct, please contact us at <support@nerves-hub.org> to send us an abuse report. If this is the initial report of a problem, please include as much detail as possible. It is easiest for us to address issues when we have more context.

### Consequences

All content published to the Service, including user account credentials, is hosted at the sole discretion of the Nerves Hub team.

Unacceptable behavior from any community member, including sponsors, employees, customers, or others with decision-making authority, will not be tolerated.

Anyone asked to stop unacceptable behavior is expected to comply immediately.

If a community member engages in unacceptable behavior, the NervesHub team may take any action they deem appropriate, up to and including a temporary ban or permanent expulsion from the community without warning (and without refund in the case of a paid event or service).

### Addressing Grievances

If you feel you have been falsely or unfairly accused of violating this Code of Conduct, you should notify Nerves Hub, we will do our best to ensure that your grievance is handled appropriately.

In general, we will choose the course of action that we judge as being most in the interest of fostering a safe and friendly community.

### Contact Info

Please contact the NervesHub team at <support@nerves-hub.org> if you need to report a problem or address a grievance related to an abuse report.

You are also encouraged to contact us if you are curious about something that might be "on the line" between appropriate and inappropriate content. We are happy to provide guidance to help you be a successful part of our community.

### Changes

This is a living document and may be updated from time to time. Please refer to the [git history](https://github.com/nerves-hub/nerves_hub_web/tree/master/apps/nerves_hub_www/lib/nerves_hub_www_web/templates/policy/coc.html.md) for this document to view the changes.

### Credit and License

This code of conduct is based on [hex.pm's code of conduct](https://hex.pm/policies/coc), which in turn borrows from [npm's code of conduct](http://www.npmjs.com/policies/conduct), the Stumptown Syndicate [Citizen's Code of Conduct](http://citizencodeofconduct.org), and the [Rust Project Code of Conduct](https://github.com/mozilla/rust/wiki/Note-development-policy#conduct).

This document may be reused under a [Creative Commons Attribution-ShareAlike License](http://creativecommons.org/licenses/by-sa/4.0).
@@ -0,0 +1,61 @@
## Privacy Policy

We store information about access to and users on the [nerves-hub.org](https://nerves-hub.org/) website, the nerves-hub.org API and repository. This data is stored in the US on Amazon AWS servers.

### Websites

All requests to the nerves-hub.org website are logged. The logs include information about the time the request was made and to which URL, the IP address it was from and browser user agent. Devices additionally report a serial number and firmware metadata as detailed in the [nerves_hub device library](https://github.com/nerves-hub/nerves_hub).

The logged data is only available to nerves-hub.org's administrative team, but may be made available in aggregate and anonymized forms.

#### Cookies

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns.

The websites uses cookies to help identify logged in users. Website visitors who do not wish to have cookies placed on their computers should not log in to the websites.

### API

A registered user is required to publish firmware, to otherwise consume the API a user is not required. See the "User information" section below for more information about what user information is stored and is public.

Requests to the API is logged and the same information is stored as for the websites.

### Repository

Firmware metadata and contents are available to all user accounts associated with a tenant and all devices enabled to access that firmware. Firmware metadata and contents are also visible to the nerves-hub.org administrative team. Firmware metadata may be made available in aggregate and anonymized forms. Even though firmware metadata and contents have limited availability, care still needs to be taken to not include private or confidential information in the clear in the firmware. If credentials are accidentally published they should be changed immediately.

Requests to the repository is logged and the same information is stored as for the websites.

### User information

For registered users their username, email address, and cryptographically hashed password is stored and is required to be provided by users. In addition to this profile information, such as user's full name and social media handles, may be stored of the user if the user chooses to provide it.

### Disclosure

nerves-hub.org may disclose personally identifiable information under special circumstances, such as to comply with subpoenas or when your actions violate the [Terms of Service](termsofservice).

### United States Jurisdiction

The nerves-hub.org service is hosted in the United States. This Privacy Policy is intended to comply with privacy laws in the United States and may not comply with all privacy laws in other countries.

If you are a non-US user of the service, by using our service and providing us with data, you acknowledge, agree and provide your consent that your personal information may be processed in the United States for the purposes identified in this Privacy Policy. In addition, such data may be stored on servers located outside your resident jurisdiction, which may have less stringent privacy practices than your own. By using the nerves-hub.org service and providing us with your data, you consent to the transfer of such data and any less stringent privacy practices.

### Communication

All emails to `***@nerves-hub.org` are stored, including the email address of the sender and the contents of the email. This information is available internally to nerves-hub.org but will not be disclosed to the outside. See the "Disclosure" section for exceptions to this.

### Questions

Any questions about this Privacy Policy should be addressed to <support@nerves-hub.org>.

### Changes

Although most changes are likely to be minor, nerves-hub.org may change its Privacy Policy from time to time, and at nerves-hub.org's sole discretion. The detailed history of changes can be found in the [git repository](https://github.com/nerves-hub/nerves_hub_web/tree/master/apps/nerves_hub_www/lib/nerves_hub_www_web/templates/policy/privacy.html.md) history for this document.

nerves-hub.org encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of the nerves-hub.org websites and the repository after any change in this Privacy Policy will constitute your acceptance of such change.

### Credit and License

This policy document is based on [hex.pm's Privacy Policy](https://hex.pm/policies/privacy) which is partly based on [npm's Privacy Policy](https://www.npmjs.com/policies/privacy) and [WordPress.org privacy policy](https://wordpress.org/about/privacy).

This document may be reused under a [Creative Commons Attribution-ShareAlike License](http://creativecommons.org/licenses/by-sa/4.0).

0 comments on commit 5844422

Please sign in to comment.