Update privacy policy

source/privacy.rst

@@ -3,7 +3,7 @@ UH VPN Privacy Policy
 
 Ultra Horizon is committed to protecting your privacy. We want you to understand what information we collect, what we don’t collect, and how we collect, use, and store information.
 
-**We do not collect logs relating to the organisation or users activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, meaning no logs of your IP address, your outgoing UH VPN IP address, connection timestamp, or session duration.** This is fundamentally because the servers operating behind UH VPN are owned and controlled by user or organisation paying for the service.
+**We do not collect logs relating to an organisation or user's activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, meaning no logs of your IP address, your outgoing UH VPN IP address, connection timestamp, or session duration.** This is fundamentally because the servers operating behind UH VPN are owned and controlled by user or organisation paying for the service.
 
 Our guiding principle towards data collection is to only collect the minimal data required to operate a world-class secure network authorisation service at scale. We designed our systems to not have sensitive data about our customers; even when compelled we cannot provide data that we do not possess.
 
@@ -39,24 +39,26 @@ Information stored about the organisation
 
 This section is only applicable to the organisation and administrators making use of the management interface at `https://uh-vpn.com`_.  In this section, the second person plural ("**you**", "**your**", "**yours**", or "**yourselves**") refers to the individual account holders on management interface.
 
-Information is collected for the purpose of administering the UH VPN subscription owned by the entity, and includes your name and email address which you submit when you sign up for our Services.  This information is stored by our third party authentication provider, Auth0.  All interactions with Auth0 are done over encrypted connections.
+Information is collected for the purpose of administering the UH VPN subscription owned by the entity, and includes your email address which you submit when you sign up for our Services.  This information is stored by our third party authentication provider, Auth0.  All interactions with Auth0 are done over encrypted connections.
 
 Information stored about the entity is for the purpose of maintaining the core UH VPN service, and includes the name, logo, one-time password expiry time and colour choices of the organisation.
 
-In addition to this, critical information to facilitate VPN connections to servers hosted by the entity are stored, including a name, domain/IP address, port number, CA certificate, static TLS Key and transport protocol.
+Billing information collected when utilising premium groups is held securely by our payment partner Stripe, please see `Stripe's privacy policy`_ for more information. UH VPN securely sends stripe the number of devices in use, billing address, cardholder name and tokenized card details in order to facilitate future payments. Ultra Horizon Ltd is a VAT registered UK based company and so billing address details are required in order to determine VAT status on customer invoices.
 
-Finally, information pertaining to abstract identities and profiles are kept by us.  Information related to the identity includes a string that represents a name for the identity, along with an email address to deliver one-time passwords to.  Information related to the profile includes a string that represents the name of the profile, along with an optional expiry time for the profile.  After generation of a profile and until consumption, a one-time password that is associated with an organisation, identity and profile is also stored.
+In addition to the above, critical information to facilitate VPN connections to servers hosted by the entity are stored, including a server name, domain/IP address, port number, CA certificate, server certificate, server key, static TLS Key, routing information and transport protocol.
+
+Finally, information pertaining to abstract persons and devices are kept by us.  Information related to the person includes a string that represents a name for the person, along with an email address to deliver one-time passwords to.  Information related to the device includes a string that represents the name of the device, along with an optional expiry time for the device.  After generation of a device and until consumption, a one-time password that is associated with a group, person and device is also stored.
 
 Information stored about the users
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 This section is only applicable to the users of the UH VPN native applications, be it on any mobile or desktop platform, and marks the return of the second person plural ("**you**", "**your**", "**yours**", or "**yourselves**") referring to the users.
 
-The users are provided with a one-time password to their email address by the organisation when assigned a profile.  The organisation will have specified an identifier for them which may or may not be their name, along with an identifier for the device that the one-time password is entered on.  Once consumed, this one-time password is removed from the server and the profile is synced by use of a cryptographically signed token stored only on the users device.
+The users are provided with a one-time password to their email address by the organisation when assigned a device profile.  The organisation will have specified an identifier for them which may or may not be their name, along with an identifier for the device that the one-time password is entered on.  Once consumed, this one-time password is removed from the server and the profile is synced by use of a cryptographically signed token (JWT) stored only on the users device.
 
 No information is collected by Ultra Horizon about the app users.
 
-After a profile is synced, the secure token is used to request from Ultra Horizon any updates pertaining to the profile, including revocation and server changes.  All other interactions are then solely through the VPN connection directly to the organisation's servers.
+After a profile is synced, the secure token is used to request from Ultra Horizon any updates pertaining to the device profile, including revocation and server configuration changes.  All other interactions are then solely through the VPN connection directly to the organisation's servers.
 
 Aggregate information stored
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -92,7 +94,7 @@ In this section, the second person plural ("**you**", "**your**", "**yours**", o
 
 Ultra Horizon keeps records of any correspondence, questions, complaints, or compliments you submit to us through our Site or Services, along with our response. Depending on how you contact Ultra Horizon, we may collect any information that is listed on your account and any subsequent information you provide to us. Having full correspondence records enables our staff to provide the best possible customer support experience.
 
-We use one third-party platform for email support correspondence: Intercom (for the remainder of this section referred to as the English third person plural: "**they**", "**them**", "**their**", "**theirs**", or "**themselves**"). When you correspond with us using this platform, your correspondence records, including your name, email address, are stored in their systems. The platform utilises modern security practices and all our live chats are encrypted.
+We use one third-party platform for support correspondence: GitHub (for the remainder of this section referred to as the English third person plural: "**they**", "**them**", "**their**", "**theirs**", or "**themselves**"). When you correspond with us using this platform, your correspondence records, including your username are placed on our repository issue records. The platform utilises modern security practices and connections to this site are secured via HTTPS.
 
 VPN Tunnel Monitoring
 ~~~~~~~~~~~~~~~~~~~~~
@@ -145,4 +147,5 @@ If you have any questions regarding our Privacy Policy and how we handle your in
 
 .. _contact page: https://ultra-horizon.com/contact
 .. _enquiries@ultra-horizon.com: mailto:enquiries@ultra-horizon.com
-.. _https://uh-vpn.com: https://uh-vpn.com
+.. _https://uh-vpn.com: https://uh-vpn.com
+.. _Stripe's privacy policy: https://stripe.com/gb/privacy