New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft Privacy Policy #3978

Merged
merged 8 commits into from May 21, 2018

Conversation

Projects
None yet
3 participants
@davidfischer
Contributor

davidfischer commented Apr 20, 2018

This policy would be linked from the site footer on readthedocs.org and from the version selector menu on documentation sites.

This privacy policy was heavily borrowed from GitHub's own privacy policy which is CC-0 licensed. This is a draft privacy policy and has not been committed to by Read the Docs.

If merged, this would fix #2602.
It is also a requirement for #3954 (although this policy may not be fully compliant)

@davidfischer davidfischer referenced this pull request May 1, 2018

Merged

Do Not Track support #4046

@ericholscher

Looks good to me as something to start with.

If you're **just browsing the website**, we collect the same basic information that most websites collect.
We use common internet technologies, such as cookies and web server logs.
This is stuff we collect from everybody, whether they have an account or not.

This comment has been minimized.

@ericholscher

ericholscher May 1, 2018

Member

"This is stuff" reads weird. Not sure what it's referencing.

the visitor's browser type, language preference, referring site,
additional websites requested, and the date and time of each visitor request.
We also collect potentially personally-identifying information
like Internet Protocol (IP) addresses.

This comment has been minimized.

@ericholscher

ericholscher May 1, 2018

Member

This should be a bulleted list.

User Personal Information from unauthorized access, alteration, or destruction;
maintain data accuracy; and help ensure the appropriate use of User Personal Information.
We follow generally accepted industry standards to protect the personal information
submitted to us, both during transmission and once we receive it.

This comment has been minimized.

@ericholscher

ericholscher May 1, 2018

Member

Should we enumerate this? SSL & password hashing I assume are the big ones?

This comment has been minimized.

@davidfischer

davidfischer May 1, 2018

Contributor

I don't think it is necessary especially since we don't (yet) require SSL on docs sites.

davidfischer added some commits May 1, 2018

@davidfischer davidfischer referenced this pull request May 2, 2018

Closed

GDPR Meta Issue #3954

6 of 6 tasks complete

davidfischer added some commits May 4, 2018

@ericholscher ericholscher requested a review from agjohnson May 17, 2018

@davidfischer

This comment has been minimized.

Contributor

davidfischer commented May 17, 2018

I have updated the date to coincide with the GDPR effective date.

@ericholscher

This comment has been minimized.

Member

ericholscher commented May 21, 2018

Another question: do we need to email all our users when it's live? It seems to be standard practice to email people w/ Privacy Policy updates, but it will likely just get lost in the barrage around GDPR heh.

@agjohnson

This looks great. The policy is thorough, I think it covers almost all of the points we need to cover from our perspective. I've noted a few points of clarification from the user perspective.

If you're a **child under the age of 13**, you may not have an account on Read the Docs.
Read the Docs does not knowingly collect information from or direct any of our content specifically to children under 13.
If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account.
We don't want to discourage you from writing software documentation, but those are the rules.

This comment has been minimized.

@agjohnson

agjohnson May 21, 2018

Contributor

I'm not sure if we do it here in the docs, on signup, or both, but we should probably describe why this is.

At least, this last sentence seems harsh. "Those are the rules" could explain that because of GDPR and the information we collect, we can't allow signups from young users.

This comment has been minimized.

@davidfischer

davidfischer May 21, 2018

Contributor

I believe the GDPR requires permission if somebody is under 16! The US generally requires 13. This was essentially copied from GitHub's.

We **do** share certain aggregated, non-personally identifying information
with others about how our users, collectively, use Read the Docs.
For example, we may compile statistics on the prevalence of
different types of documentation across Read the Docs.

This comment has been minimized.

@agjohnson

agjohnson May 21, 2018

Contributor

My question as a user here would be "who does this go to?"

"others" could be more specific -- "advertising partners" or whatever.

:doc:`advertising-details`.
We may share User Personal Information with your permission,
so we can perform services you have requested.

This comment has been minimized.

@agjohnson

agjohnson May 21, 2018

Contributor

"Share with whom?" again here.

Perhaps "share" is wrong, "use" maybe. I like giving examples for clarification, like above. Perhaps we could do this for each section.

We may share User Personal Information with a limited number of third-party vendors
who process it on our behalf to provide or improve our service,
and who have agreed to privacy restrictions similar to our own Privacy Statement.

This comment has been minimized.

@agjohnson

agjohnson May 21, 2018

Contributor

Yeah same here. This feels intentionally open ended. An example might clarify this, or perhaps we use more specific language here.

Also, should link to the section below

Should you choose to donate to Read the Docs or purchase a `Gold subscription`_,
your payment information and details will be processed by Stripe.
Read the Docs does not store your payment information.

This comment has been minimized.

@agjohnson

agjohnson May 21, 2018

Contributor

Also readthedocs.com subscriptions.

This comment has been minimized.

@davidfischer

davidfischer May 21, 2018

Contributor

This privacy policy does not apply to readthedocs.com!

readthedocs.com
This website is a commercial hosted offering for hosting private
documentation for corporate clients. It is governed by a separate
`policy and terms <https://readthedocs.com/terms/>`_.

This comment has been minimized.

@agjohnson

agjohnson May 21, 2018

Contributor

We have a separate terms of service, but I think we can use a common privacy policy.

This comment has been minimized.

@davidfischer

davidfischer May 21, 2018

Contributor

Ahhh I see...

davidfischer added some commits May 21, 2018

@davidfischer

This comment has been minimized.

Contributor

davidfischer commented May 21, 2018

I made most of the changes based on the feedback.

@ericholscher ericholscher merged commit 0e4fdc8 into rtfd:master May 21, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment