Consumer Rights Wiki:Privacy policy: Difference between revisions

(11 intermediate revisions by 2 users not shown)

Line 1:

__NOTOC__

==Consumer Rights Wiki Privacy Policy==

Last Updated: ~~May 27~~, ~~2025~~

Last Updated: January 20, 2026

~~Welcome to the~~ Privacy Policy of the Consumer Rights Wiki (~~hereafter abbreviated as the~~ CRW)~~. This document outlines how personal information is collected~~, ~~used~~, and ~~protected when you~~ use ~~our wiki platform. By accessing or contributing to the CRW Wiki~~, ~~you agree to~~ the ~~terms outlined in this Privacy Policy~~.

This Privacy Policy explains how the Consumer Rights Wiki ("CRW," "we," "us," or "our"), our service providers, and our partners, collect, use, share, and protect Personally Identifying Information (PII), and other data, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

==~~Information we collect~~==

==1. Data Controller==

The data controller responsible for your personal data is:

~~===Account information===~~

'''FULU Foundation'''

~~To contribute to the CRW~~, ~~you may need to create an account. When registering~~, ~~we collect~~:

Fulu Foundation, Austin, Texas 78705

Email: [email protected]

*Username

==2. Legal Basis for Processing==

*Email address (for account verification and communication purposes)

We process personal data based on the following legal grounds under Article 6 of the GDPR:

~~===Contributions~~ and ~~interactions===~~

'''Contract (Article 6(1)(b))'''

~~We collect information about your~~ contributions~~, edits,~~ and ~~interactions with the Consumer Rights Wiki, including:~~

Data used for:

* Account registration and management

* User authentication and login

* Enabling wiki contributions and editing

*~~Edited content~~

'''Legitimate Interests (Article 6(1)(f))'''

*~~Discussions~~ and ~~comments~~

Data used for:

*~~Pages visited~~

* IP address processing for security and anti-spam protection

* Privacy-preserving analytics through Plausible Analytics

* Maintaining the integrity and security of the wiki

* Prevention of abuse and vandalism

===~~Automatically collected information~~===

===2.1 Data Minimization===

We ~~may~~ collect ~~certain information automatically, such as:~~

We adhere to the principle of data minimization, collecting only the personal data that is necessary for the specific purposes outlined in this policy. We do not collect excessive or irrelevant data.

*IP address

===2.2 Special Categories of Data===

*Browser type

We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation). If such data is inadvertently collected through user-generated content, it is not processed by us for any purpose.

*Device information

==~~=Analytics~~ data===

==3. PII and other data We Collect==

~~We use a self-hosted instance of Plausible Analytics, a privacy-focused analytics platform, to understand how visitors use our wiki. Plausible collects:~~

*Page views and site navigation patterns

*Referrer information (how you arrived at our site)

*Country of origin (derived from IP address, but IP addresses are not stored)

*Device type (desktop, mobile, tablet)

*Browser and operating system

~~Important notes about our analytics~~:

===3.1 Account Information===

*~~Plausible does not use cookies~~ or ~~any persistent identifiers~~

When you create an account, we collect:

*~~No personal information is collected~~ or ~~stored~~

* '''Username''' - Stored indefinitely, or until account deletion request

*~~IP addresses are used only to determine country of origin~~ and ~~are immediately discarded~~

* '''Email address''' - Stored indefinitely, or until account deletion request

*All analytics data is aggregated and anonymous

* '''Hashed and salted password''' - Stored indefinitely, or until account deletion request

*Analytics data is stored on our own servers and is not shared with third parties

===~~Privacy statement for the service hCaptcha~~===

===3.2 Contribution Data===

* '''Edit history and contributions''' - Stored indefinitely as necessary for wiki functionality and attribution under legitimate interest

* '''Timestamps of edits''' - Stored indefinitely as part of contribution history

* '''Discussion posts and comments''' - Stored indefinitely as part of wiki content

~~When accessing some sub~~-~~services~~ of ~~our website, additional personal services are processed.~~

===3.3 Technical Data===

* '''IP addresses''' - Stored in server logs and backups for 90 days for security purposes, and indefinitely in edit history for attribution and anti-vandalism purposes

* '''Browser type and version''' - Processed temporarily for technical compatibility and for generation of anonymized analytics

* '''Device information''' - Processed temporarily for technical compatibility and for generation of anonymized analytics

~~Processed data categories~~: ~~technical connection data~~ of ~~the server access~~ (IP ~~address, date, time, requested page~~, browser information~~), data about the use of the website, and the logging of clicks on individual elements.~~

===3.4 Analytics Data (via Plausible Analytics)===

Our self-hosted Plausible Analytics instance collects:

* Page views and navigation patterns

* Referrer information

* Country of origin (derived from IP addresses, which are immediately discarded)

* Device type and browser information

~~Purpose of processing~~: ~~avoid non-human~~ and ~~automated input~~.

'''Important''': Plausible does not use cookies or persistent identifiers, or create profiles. All data is aggregated and anonymous.

~~The legal basis for processing~~: ~~a legitimate interest that overrides the rights and freedoms of the~~ data ~~subject (Art. 6~~ (1) ~~f GDPR).~~

===3.5 Security Services===

'''hCaptcha''' processes the following when you interact with protected forms:

* Technical connection data (IP address, timestamp)

* Interaction data with the captcha interface

~~Legitimate interests~~: ~~strong economic interest in safe and functioning operation of the technical systems.~~

'''CloudFlare''' processes the following when you connect to the site:

* Technical connection data (Traffic routing data, HTTP request metadata)

Data are transmitted: to the data processor Intuition Machines, Inc., 1065 SW 8th St #704, Miami FL 33130, USA (https://www.hcaptcha.com).

==4. Data Retention and Backup Schedule==

===4.1 Primary Data Retention===

{| class="wikitable"

|-

! Data Type

! Retention Period

! Justification

|-

| Account data (username, email, hashed and salted password)

| Indefinitely until deletion request

| Necessary to perform contract

|-

| Contribution history

| Indefinitely

| Legitimate interest in maintaining wiki integrity and attribution

|-

| IP addresses in server logs

| 30 days

| Security and anti-abuse purposes

|-

| IP addresses in edit history

| Indefinitely until deletion request

| Attribution and anti-vandalism

|-

| Analytics data (aggregated)

| Indefinitely

| Legitimate interest in service improvement

|}

===4.2 Backup and Recovery Schedule===

{| class="wikitable"

|-

! Backup Type

! Frequency

! Retention Period

! Data Included

|-

| Daily backups

| Every 24 hours

| 7 days

| Full database, user accounts, contribution history, configuration

|-

| Monthly backups

| 1st of each month

| 6 months

| Full database, user accounts, contribution history, configuration

|-

| Server logs

| Continuous

| 30 days rolling

| Access logs, error logs, security logs

|}

'''Important Notes on Backups:'''

* All backups are fully encrypted

* Deleted data may persist in backups until the backup retention period expires

* Maximum possible retention through backups: 6 months for monthly backups

* After backup expiration, data is permanently deleted unless specifically retained under section 4.1

==5. International Data Transfers==

Our servers are hosted by Hetzner in the United States. This constitutes an international data transfer from the EU/EEA. We ensure appropriate safeguards through:

* '''EU-US Data Privacy Framework''': Our hosting providers participate in the EU-US Data Privacy Framework, ensuring adequate protection for your personal data

* '''hCaptcha transfers''': Data may be transferred to Intuition Machines, Inc. in the USA under the EU-US Data Privacy Framework (European Commission adequacy decision C(2023) 4745)

==6. Your Rights Under GDPR==

You have the following rights regarding your personal data:

===6.1 Right of Access (Article 15)===

You can request a copy of your personal data we hold.

===6.2 Right to Rectification (Article 16)===

You can request correction of inaccurate personal data.

===6.3 Right to Erasure (Article 17)===

You can request deletion of your personal data, subject to legal obligations and legitimate interests (e.g., contribution history may be retained for attribution).

===6.4 Right to Restriction (Article 18)===

You can request restriction of processing in certain circumstances.

===6.5 Right to Object (Article 21)===

You can object to processing based on legitimate interests.

===6.6 Right to Data Portability (Article 20)===

You can request your data in a structured, machine-readable format.

===6.7 Right to Lodge a Complaint===

You have the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, contact us at: [email protected]

==7. Data Sharing and Third Parties==

We do not sell or rent your personal data. We share data only with:

===7.1 Service Providers (Data Processors)===

{| class="wikitable"

|-

! Service Provider

! Data Types Processed

! Location

! Purpose

|-

| '''Hetzner'''

| Server infrastructure, web application data, user data, backups

| US/EU

| Primary hosting infrastructure

|-

| '''CloudFlare'''

| Analytics data, traffic patterns, security logs, attack mitigation data

| USA

| DDoS protection, CDN, security analytics

|-

| '''hCaptcha'''

| IP addresses, interaction data

| USA

| Spam prevention

|}

====7.1.1 Privacy statement for the service hCaptcha====

When accessing some sub-services of our website, additional information is processed.

Processed data categories: technical connection data of the server access (IP address, date, time, requested page, browser information), data about the use of the website, and the logging of clicks on individual elements.

Purpose of processing: avoid non-human and automated input.

The legal basis for processing: a legitimate interest that overrides the rights and freedoms of the data subject (Art. 6 (1) f GDPR).

Legitimate interests: strong economic interest in safe and functioning operation of the technical systems.

Data are transmitted: to the data processor Intuition Machines, Inc., 1065 SW 8th St #704, Miami FL 33130, USA (https://www.hcaptcha.com).

This may also mean a transfer of personal data to a country outside the European Union. The data are transferred to the USA on the basis of Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, since the data recipient has committed to comply with the data processing principles of the Data Privacy Framework (DPF).

Line 60:

Line 211:

Please read the hCaptcha's [https://www.hcaptcha.com/privacy full privacy policy] for more information.

==~~How~~ we ~~use your information~~==

====7.1.2 Privacy statement for the service Hetzner====

Our website infrastructure and web application are hosted on servers provided by Hetzner.

Processed data categories: Web application data, server infrastructure data, technical connection data (IP address, date, time, requested page, browser information), server configuration and usage metrics, network traffic data.

Purpose of processing: provision of hosting infrastructure for the web application, ensuring system availability and performance.

The legal basis for processing: a legitimate interest that overrides the rights and freedoms of the data subject (Art. 6 (1) f GDPR).

Legitimate interests: strong economic interest in reliable and functioning operation of the technical systems and infrastructure.

Data are transmitted: to the data processor Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (https://www.hetzner.com).

Hetzner operates servers in both the European Union and the United States. When US servers are used, data transfers are covered under standard contractual clauses.

Please read Hetzner's [https://www.hetzner.com/legal/privacy-policy full privacy policy] for more information.

====7.1.3 Privacy statement for the service CloudFlare====

Our website uses CloudFlare services for content delivery, security, and performance optimization. CloudFlare processes analytics and security-related data, but does not have access to user account data or personal information stored in our databases.

Processed data categories: Traffic routing data, HTTP request metadata (HTTP headers, user agent, query-string, path, host, HTTP method, HTTP version, TLS cipher version), request and error rates, DDoS attack patterns and mitigation data, aggregated analytics data about website usage, security threat intelligence data.

Purpose of processing: content delivery network (CDN) services, DDoS attack protection and mitigation, traffic routing and optimization, security monitoring and threat detection, performance analytics to improve website speed and user experience.

The legal basis for processing: a legitimate interest that overrides the rights and freedoms of the data subject (Art. 6 (1) f GDPR).

Legitimate interests: strong economic interest in secure, reliable, and functioning operation of the website, protection against cyber attacks, and optimization of service performance.

Data are transmitted: to the data processor Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA (https://www.cloudflare.com).

This may also mean a transfer of personal data to a country outside the European Union. The data are transferred to the USA on the basis of Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, since the data recipient has committed to comply with the data processing principles of the Data Privacy Framework (DPF).

Please read Cloudflare's [https://www.cloudflare.com/privacypolicy/ full privacy policy] for more information.

===7.2 Legal Requirements===

We may disclose data when required by law or to protect the rights and safety of users.

==8. Data Security==

We implement appropriate technical and organizational measures to protect personal data, including:

* Hashing and salting of passwords

* Regular security updates

* Access controls and authentication

* The full encryption of all backups made

===8.1 Data Breach Notification===

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

* Notify the relevant supervisory authority within 72 hours of becoming aware of the breach

* Notify affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms

* Document all breaches in accordance with GDPR requirements

==9. Automated Decision-Making==

We do not engage in automated decision-making that produces legal or similarly significant effects. Our anti-spam tools (hCaptcha) involve automated processing but:

* Do not produce significant effects on users

* Allow for easy appeals via email or Discord

We do not engage in profiling activities as defined under GDPR.

==10. Children's Privacy==

The CRW is not intended for children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will promptly delete the data.

===~~Providing and improving the wiki~~===

==11. Cookies==

~~We use the collected information to:~~

*Enhance and maintain the wiki ~~platform~~

We do not use tracking cookies. The wiki may use strictly necessary session cookies for authentication, which are deleted when you close your browser.

*Analyze user behavior to improve content and functionality

*Understand general usage patterns through privacy-respecting analytics

==~~=Communication=~~==

==12. Changes to This Policy==

~~We may use your email address to:~~

*Send important notifications related to ~~your account~~

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The "Last Updated" date will always reflect the most recent version.

*Provide updates on wiki changes

*Respond to inquiries or ~~requests~~

~~==Information sharing and disclosure==~~

Previous versions of the policy can be seen by viewing the Privacy Policy page history.

~~We do not sell, trade, or otherwise transfer your personal information to third parties~~. ~~However, we may share information in the following instances:~~

*With your consent

==13. Data Protection Queries==

*When required by law

*To protect the safety and security of users and the CRW

~~Our analytics~~ data ~~collected through Plausible remains on our servers and is never shared with or sold to third parties.~~

For any questions about this Privacy Policy or our data practices, please contact:

==Data ~~security==~~

'''Data Protection Contact'''

~~We prioritize the security of your personal information and employ measures to protect against unauthorized access~~, ~~alteration~~, ~~disclosure, or destruction.~~

Email: [email protected]

FULU Foundation

FULU Foundation, Austin, Texas 78705

~~==Third-party links==~~

The CRW may contain links to third-party websites. We are not responsible for the privacy practices or content of these sites. We encourage users to review the privacy policies of external sites before providing any personal information.

==~~Children's privacy~~==

==14. Complaint Rights==

The CRW is not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If you believe that we have inadvertently collected information from a child, please contact us to rectify the situation.

~~==Changes~~ to ~~this Privacy Policy==~~

If you are unsatisfied with our response to your data protection query, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en

~~We may update this Privacy Policy periodically~~ to ~~reflect changes in our practices or legal requirements~~. ~~Users will be notified of significant updates~~, ~~and the latest version will be available on this page~~.

~~==Contact information==~~

---

~~For any questions or concerns regarding this Privacy Policy, please contact us at [email protected]~~

By using the ~~CRW~~, you ~~agree to the terms outlined in~~ this Privacy Policy.

By using the Consumer Rights Wiki, you acknowledge that you have read and understood this Privacy Policy.

[[Category:CRW]]

@@ Line 1: / Line 1: @@
 __NOTOC__
 ==Consumer Rights Wiki Privacy Policy==
-Last Updated: May 27, 2025
+Last Updated: January 20, 2026
-Welcome to the Privacy Policy of the Consumer Rights Wiki (hereafter abbreviated as the CRW). This document outlines how personal information is collected, used, and protected when you use our wiki platform. By accessing or contributing to the CRW Wiki, you agree to the terms outlined in this Privacy Policy.
+This Privacy Policy explains how the Consumer Rights Wiki ("CRW," "we," "us," or "our"), our service providers, and our partners, collect, use, share, and protect Personally Identifying Information (PII), and other data, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
-==Information we collect==
+==1. Data Controller==
+The data controller responsible for your personal data is:
-===Account information===
+'''FULU Foundation'''
-To contribute to the CRW, you may need to create an account. When registering, we collect:
+Fulu Foundation, Austin, Texas 78705
+Email: [email protected]
-*Username
+==2. Legal Basis for Processing==
-*Email address (for account verification and communication purposes)
+We process personal data based on the following legal grounds under Article 6 of the GDPR:
-===Contributions and interactions===
+'''Contract (Article 6(1)(b))'''
-We collect information about your contributions, edits, and interactions with the Consumer Rights Wiki, including:
+Data used for:
+* Account registration and management
+* User authentication and login
+* Enabling wiki contributions and editing
-*Edited content
+'''Legitimate Interests (Article 6(1)(f))'''
-*Discussions and comments
+Data used for:
-*Pages visited
+* IP address processing for security and anti-spam protection
+* Privacy-preserving analytics through Plausible Analytics
+* Maintaining the integrity and security of the wiki
+* Prevention of abuse and vandalism
-===Automatically collected information===
+===2.1 Data Minimization===
-We may collect certain information automatically, such as:
+We adhere to the principle of data minimization, collecting only the personal data that is necessary for the specific purposes outlined in this policy. We do not collect excessive or irrelevant data.
-*IP address
+===2.2 Special Categories of Data===
-*Browser type
+We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation). If such data is inadvertently collected through user-generated content, it is not processed by us for any purpose.
-*Device information
-===Analytics data===
+==3. PII and other data We Collect==
-We use a self-hosted instance of Plausible Analytics, a privacy-focused analytics platform, to understand how visitors use our wiki. Plausible collects:
-*Page views and site navigation patterns
-*Referrer information (how you arrived at our site)
-*Country of origin (derived from IP address, but IP addresses are not stored)
-*Device type (desktop, mobile, tablet)
-*Browser and operating system
-Important notes about our analytics:
+===3.1 Account Information===
-*Plausible does not use cookies or any persistent identifiers
+When you create an account, we collect:
-*No personal information is collected or stored
+* '''Username''' - Stored indefinitely, or until account deletion request
-*IP addresses are used only to determine country of origin and are immediately discarded
+* '''Email address''' - Stored indefinitely, or until account deletion request
-*All analytics data is aggregated and anonymous
+* '''Hashed and salted password''' - Stored indefinitely, or until account deletion request
-*Analytics data is stored on our own servers and is not shared with third parties
-===Privacy statement for the service hCaptcha===
+===3.2 Contribution Data===
+* '''Edit history and contributions''' - Stored indefinitely as necessary for wiki functionality and attribution under legitimate interest
+* '''Timestamps of edits''' - Stored indefinitely as part of contribution history
+* '''Discussion posts and comments''' - Stored indefinitely as part of wiki content
-When accessing some sub-services of our website, additional personal services are processed.
+===3.3 Technical Data===
+* '''IP addresses''' - Stored in server logs and backups for 90 days for security purposes, and indefinitely in edit history for attribution and anti-vandalism purposes
+* '''Browser type and version''' - Processed temporarily for technical compatibility and for generation of anonymized analytics
+* '''Device information''' - Processed temporarily for technical compatibility and for generation of anonymized analytics
-Processed data categories: technical connection data of the server access (IP address, date, time, requested page, browser information), data about the use of the website, and the logging of clicks on individual elements.
+===3.4 Analytics Data (via Plausible Analytics)===
+Our self-hosted Plausible Analytics instance collects:
+* Page views and navigation patterns
+* Referrer information
+* Country of origin (derived from IP addresses, which are immediately discarded)
+* Device type and browser information
-Purpose of processing: avoid non-human and automated input.
+'''Important''': Plausible does not use cookies or persistent identifiers, or create profiles. All data is aggregated and anonymous.
-The legal basis for processing: a legitimate interest that overrides the rights and freedoms of the data subject (Art. 6 (1) f GDPR).
+===3.5 Security Services===
+'''hCaptcha''' processes the following when you interact with protected forms:
+* Technical connection data (IP address, timestamp)
+* Interaction data with the captcha interface
-Legitimate interests: strong economic interest in safe and functioning operation of the technical systems.
+'''CloudFlare''' processes the following when you connect to the site:
+* Technical connection data (Traffic routing data, HTTP request metadata)
-Data are transmitted: to the data processor Intuition Machines, Inc., 1065 SW 8th St #704, Miami FL 33130, USA (https://www.hcaptcha.com).
+==4. Data Retention and Backup Schedule==
+===4.1 Primary Data Retention===
+{| class="wikitable"
+|-
+! Data Type
+! Retention Period
+! Justification
+|-
+| Account data (username, email, hashed and salted password)
+| Indefinitely until deletion request
+| Necessary to perform contract
+|-
+| Contribution history
+| Indefinitely
+| Legitimate interest in maintaining wiki integrity and attribution
+|-
+| IP addresses in server logs
+| 30 days
+| Security and anti-abuse purposes
+|-
+| IP addresses in edit history
+| Indefinitely until deletion request
+| Attribution and anti-vandalism
+|-
+| Analytics data (aggregated)
+| Indefinitely
+| Legitimate interest in service improvement
+|}
+===4.2 Backup and Recovery Schedule===
+{| class="wikitable"
+|-
+! Backup Type
+! Frequency
+! Retention Period
+! Data Included
+|-
+| Daily backups
+| Every 24 hours
+| 7 days
+| Full database, user accounts, contribution history, configuration
+|-
+| Monthly backups
+| 1st of each month
+| 6 months
+| Full database, user accounts, contribution history, configuration
+|-
+| Server logs
+| Continuous
+| 30 days rolling
+| Access logs, error logs, security logs
+|}
+'''Important Notes on Backups:'''
+* All backups are fully encrypted
+* Deleted data may persist in backups until the backup retention period expires
+* Maximum possible retention through backups: 6 months for monthly backups
+* After backup expiration, data is permanently deleted unless specifically retained under section 4.1
+==5. International Data Transfers==
+Our servers are hosted by Hetzner in the United States. This constitutes an international data transfer from the EU/EEA. We ensure appropriate safeguards through:
+* '''EU-US Data Privacy Framework''': Our hosting providers participate in the EU-US Data Privacy Framework, ensuring adequate protection for your personal data
+* '''hCaptcha transfers''': Data may be transferred to Intuition Machines, Inc. in the USA under the EU-US Data Privacy Framework (European Commission adequacy decision C(2023) 4745)
+==6. Your Rights Under GDPR==
+You have the following rights regarding your personal data:
+===6.1 Right of Access (Article 15)===
+You can request a copy of your personal data we hold.
+===6.2 Right to Rectification (Article 16)===
+You can request correction of inaccurate personal data.
+===6.3 Right to Erasure (Article 17)===
+You can request deletion of your personal data, subject to legal obligations and legitimate interests (e.g., contribution history may be retained for attribution).
+===6.4 Right to Restriction (Article 18)===
+You can request restriction of processing in certain circumstances.
+===6.5 Right to Object (Article 21)===
+You can object to processing based on legitimate interests.
+===6.6 Right to Data Portability (Article 20)===
+You can request your data in a structured, machine-readable format.
+===6.7 Right to Lodge a Complaint===
+You have the right to lodge a complaint with your local supervisory authority.
+To exercise any of these rights, contact us at: [email protected]
+==7. Data Sharing and Third Parties==
+We do not sell or rent your personal data. We share data only with:
+===7.1 Service Providers (Data Processors)===
+{| class="wikitable"
+|-
+! Service Provider
+! Data Types Processed
+! Location
+! Purpose
+|-
+| '''Hetzner'''
+| Server infrastructure, web application data, user data, backups
+| US/EU
+| Primary hosting infrastructure
+|-
+| '''CloudFlare'''
+| Analytics data, traffic patterns, security logs, attack mitigation data
+| USA
+| DDoS protection, CDN, security analytics
+|-
+| '''hCaptcha'''
+| IP addresses, interaction data
+| USA
+| Spam prevention
+|}
+====7.1.1 Privacy statement for the service hCaptcha====
+When accessing some sub-services of our website, additional information is processed.
+Processed data categories: technical connection data of the server access (IP address, date, time, requested page, browser information), data about the use of the website, and the logging of clicks on individual elements.
+Purpose of processing: avoid non-human and automated input.
+The legal basis for processing: a legitimate interest that overrides the rights and freedoms of the data subject (Art. 6 (1) f GDPR).
+Legitimate interests: strong economic interest in safe and functioning operation of the technical systems.
+Data are transmitted: to the data processor Intuition Machines, Inc., 1065 SW 8th St #704, Miami FL 33130, USA (https://www.hcaptcha.com).
 This may also mean a transfer of personal data to a country outside the European Union. The data are transferred to the USA on the basis of Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, since the data recipient has committed to comply with the data processing principles of the Data Privacy Framework (DPF).
@@ Line 60: / Line 211: @@
 Please read the hCaptcha's [https://www.hcaptcha.com/privacy full privacy policy] for more information.
-==How we use your information==
+====7.1.2 Privacy statement for the service Hetzner====
+Our website infrastructure and web application are hosted on servers provided by Hetzner.
+Processed data categories: Web application data, server infrastructure data, technical connection data (IP address, date, time, requested page, browser information), server configuration and usage metrics, network traffic data.
+Purpose of processing: provision of hosting infrastructure for the web application, ensuring system availability and performance.
+The legal basis for processing: a legitimate interest that overrides the rights and freedoms of the data subject (Art. 6 (1) f GDPR).
+Legitimate interests: strong economic interest in reliable and functioning operation of the technical systems and infrastructure.
+Data are transmitted: to the data processor Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (https://www.hetzner.com).
+Hetzner operates servers in both the European Union and the United States. When US servers are used, data transfers are covered under standard contractual clauses.
+Please read Hetzner's [https://www.hetzner.com/legal/privacy-policy full privacy policy] for more information.
+====7.1.3 Privacy statement for the service CloudFlare====
+Our website uses CloudFlare services for content delivery, security, and performance optimization. CloudFlare processes analytics and security-related data, but does not have access to user account data or personal information stored in our databases.
+Processed data categories: Traffic routing data, HTTP request metadata (HTTP headers, user agent, query-string, path, host, HTTP method, HTTP version, TLS cipher version), request and error rates, DDoS attack patterns and mitigation data, aggregated analytics data about website usage, security threat intelligence data.
+Purpose of processing: content delivery network (CDN) services, DDoS attack protection and mitigation, traffic routing and optimization, security monitoring and threat detection, performance analytics to improve website speed and user experience.
+The legal basis for processing: a legitimate interest that overrides the rights and freedoms of the data subject (Art. 6 (1) f GDPR).
+Legitimate interests: strong economic interest in secure, reliable, and functioning operation of the website, protection against cyber attacks, and optimization of service performance.
+Data are transmitted: to the data processor Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA (https://www.cloudflare.com).
+This may also mean a transfer of personal data to a country outside the European Union. The data are transferred to the USA on the basis of Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, since the data recipient has committed to comply with the data processing principles of the Data Privacy Framework (DPF).
+Please read Cloudflare's [https://www.cloudflare.com/privacypolicy/ full privacy policy] for more information.
+===7.2 Legal Requirements===
+We may disclose data when required by law or to protect the rights and safety of users.
+==8. Data Security==
+We implement appropriate technical and organizational measures to protect personal data, including:
+* Hashing and salting of passwords
+* Regular security updates
+* Access controls and authentication
+* The full encryption of all backups made
+===8.1 Data Breach Notification===
+In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
+* Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
+* Notify affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms
+* Document all breaches in accordance with GDPR requirements
+==9. Automated Decision-Making==
+We do not engage in automated decision-making that produces legal or similarly significant effects. Our anti-spam tools (hCaptcha) involve automated processing but:
+* Do not produce significant effects on users
+* Allow for easy appeals via email or Discord
+We do not engage in profiling activities as defined under GDPR.
+==10. Children's Privacy==
+The CRW is not intended for children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will promptly delete the data.
-===Providing and improving the wiki===
+==11. Cookies==
-We use the collected information to:
-*Enhance and maintain the wiki platform
+We do not use tracking cookies. The wiki may use strictly necessary session cookies for authentication, which are deleted when you close your browser.
-*Analyze user behavior to improve content and functionality
-*Understand general usage patterns through privacy-respecting analytics
-===Communication===
+==12. Changes to This Policy==
-We may use your email address to:
-*Send important notifications related to your account
+We may update this Privacy Policy to reflect changes in our practices or legal requirements. The "Last Updated" date will always reflect the most recent version.
-*Provide updates on wiki changes
-*Respond to inquiries or requests
-==Information sharing and disclosure==
+Previous versions of the policy can be seen by viewing the Privacy Policy page history.
-We do not sell, trade, or otherwise transfer your personal information to third parties. However, we may share information in the following instances:
-*With your consent
+==13. Data Protection Queries==
-*When required by law
-*To protect the safety and security of users and the CRW
-Our analytics data collected through Plausible remains on our servers and is never shared with or sold to third parties.
+For any questions about this Privacy Policy or our data practices, please contact:
-==Data security==
+'''Data Protection Contact'''
-We prioritize the security of your personal information and employ measures to protect against unauthorized access, alteration, disclosure, or destruction.
+Email: [email protected]
+FULU Foundation
+FULU Foundation, Austin, Texas 78705
-==Third-party links==
-The CRW may contain links to third-party websites. We are not responsible for the privacy practices or content of these sites. We encourage users to review the privacy policies of external sites before providing any personal information.
-==Children's privacy==
+==14. Complaint Rights==
-The CRW is not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If you believe that we have inadvertently collected information from a child, please contact us to rectify the situation.
-==Changes to this Privacy Policy==
+If you are unsatisfied with our response to your data protection query, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en
-We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Users will be notified of significant updates, and the latest version will be available on this page.
-==Contact information==
+---
-For any questions or concerns regarding this Privacy Policy, please contact us at [email protected]
-By using the CRW, you agree to the terms outlined in this Privacy Policy.
+By using the Consumer Rights Wiki, you acknowledge that you have read and understood this Privacy Policy.
 [[Category:CRW]]