Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft Privacy Policy #3978

Merged
merged 8 commits into from May 21, 2018
Merged

Conversation

@davidfischer
Copy link
Contributor

@davidfischer davidfischer commented Apr 20, 2018

This policy would be linked from the site footer on readthedocs.org and from the version selector menu on documentation sites.

This privacy policy was heavily borrowed from GitHub's own privacy policy which is CC-0 licensed. This is a draft privacy policy and has not been committed to by Read the Docs.

If merged, this would fix #2602.
It is also a requirement for #3954 (although this policy may not be fully compliant)

Copy link
Member

@ericholscher ericholscher left a comment

Looks good to me as something to start with.


If you're **just browsing the website**, we collect the same basic information that most websites collect.
We use common internet technologies, such as cookies and web server logs.
This is stuff we collect from everybody, whether they have an account or not.
Copy link
Member

@ericholscher ericholscher May 1, 2018

"This is stuff" reads weird. Not sure what it's referencing.

the visitor's browser type, language preference, referring site,
additional websites requested, and the date and time of each visitor request.
We also collect potentially personally-identifying information
like Internet Protocol (IP) addresses.
Copy link
Member

@ericholscher ericholscher May 1, 2018

This should be a bulleted list.

User Personal Information from unauthorized access, alteration, or destruction;
maintain data accuracy; and help ensure the appropriate use of User Personal Information.
We follow generally accepted industry standards to protect the personal information
submitted to us, both during transmission and once we receive it.
Copy link
Member

@ericholscher ericholscher May 1, 2018

Should we enumerate this? SSL & password hashing I assume are the big ones?

Copy link
Contributor Author

@davidfischer davidfischer May 1, 2018

I don't think it is necessary especially since we don't (yet) require SSL on docs sites.

@davidfischer davidfischer mentioned this pull request May 2, 2018
6 tasks
@ericholscher ericholscher requested a review from agjohnson May 17, 2018
@davidfischer
Copy link
Contributor Author

@davidfischer davidfischer commented May 17, 2018

I have updated the date to coincide with the GDPR effective date.

@ericholscher
Copy link
Member

@ericholscher ericholscher commented May 21, 2018

Another question: do we need to email all our users when it's live? It seems to be standard practice to email people w/ Privacy Policy updates, but it will likely just get lost in the barrage around GDPR heh.

Copy link
Contributor

@agjohnson agjohnson left a comment

This looks great. The policy is thorough, I think it covers almost all of the points we need to cover from our perspective. I've noted a few points of clarification from the user perspective.

If you're a **child under the age of 13**, you may not have an account on Read the Docs.
Read the Docs does not knowingly collect information from or direct any of our content specifically to children under 13.
If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account.
We don't want to discourage you from writing software documentation, but those are the rules.
Copy link
Contributor

@agjohnson agjohnson May 21, 2018

I'm not sure if we do it here in the docs, on signup, or both, but we should probably describe why this is.

At least, this last sentence seems harsh. "Those are the rules" could explain that because of GDPR and the information we collect, we can't allow signups from young users.

Copy link
Contributor Author

@davidfischer davidfischer May 21, 2018

I believe the GDPR requires permission if somebody is under 16! The US generally requires 13. This was essentially copied from GitHub's.

We **do** share certain aggregated, non-personally identifying information
with others about how our users, collectively, use Read the Docs.
For example, we may compile statistics on the prevalence of
different types of documentation across Read the Docs.
Copy link
Contributor

@agjohnson agjohnson May 21, 2018

My question as a user here would be "who does this go to?"

"others" could be more specific -- "advertising partners" or whatever.

:doc:`advertising-details`.

We may share User Personal Information with your permission,
so we can perform services you have requested.
Copy link
Contributor

@agjohnson agjohnson May 21, 2018

"Share with whom?" again here.

Perhaps "share" is wrong, "use" maybe. I like giving examples for clarification, like above. Perhaps we could do this for each section.


We may share User Personal Information with a limited number of third-party vendors
who process it on our behalf to provide or improve our service,
and who have agreed to privacy restrictions similar to our own Privacy Statement.
Copy link
Contributor

@agjohnson agjohnson May 21, 2018

Yeah same here. This feels intentionally open ended. An example might clarify this, or perhaps we use more specific language here.

Also, should link to the section below


Should you choose to donate to Read the Docs or purchase a `Gold subscription`_,
your payment information and details will be processed by Stripe.
Read the Docs does not store your payment information.
Copy link
Contributor

@agjohnson agjohnson May 21, 2018

Also readthedocs.com subscriptions.

Copy link
Contributor Author

@davidfischer davidfischer May 21, 2018

This privacy policy does not apply to readthedocs.com!

readthedocs.com
This website is a commercial hosted offering for hosting private
documentation for corporate clients. It is governed by a separate
`policy and terms <https://readthedocs.com/terms/>`_.
Copy link
Contributor

@agjohnson agjohnson May 21, 2018

We have a separate terms of service, but I think we can use a common privacy policy.

Copy link
Contributor Author

@davidfischer davidfischer May 21, 2018

Ahhh I see...

@davidfischer
Copy link
Contributor Author

@davidfischer davidfischer commented May 21, 2018

I made most of the changes based on the feedback.

@ericholscher ericholscher merged commit 0e4fdc8 into readthedocs:master May 21, 2018
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

3 participants