Consumer Rights Wiki:Privacy policy: Difference between revisions
formatting |
fixed formatting |
||
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
==Consumer Rights Wiki Privacy Policy== | ==Consumer Rights Wiki Privacy Policy== | ||
Last Updated: | Last Updated: June 7, 2025 | ||
This Privacy Policy explains how the Consumer Rights Wiki ("CRW," "we," "us," or "our"), our service providers, and our partners, collect, use, share, and protect Personally Identifying Information (PII), and other data, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. | This Privacy Policy explains how the Consumer Rights Wiki ("CRW," "we," "us," or "our"), our service providers, and our partners, collect, use, share, and protect Personally Identifying Information (PII), and other data, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. | ||
| Line 38: | Line 38: | ||
===3.1 Account Information=== | ===3.1 Account Information=== | ||
When you create an account, we collect: | When you create an account, we collect: | ||
* | * '''Username''' - Stored indefinitely, or until account deletion request | ||
* | * '''Email address''' - Stored indefinitely, or until account deletion request | ||
* | * '''Hashed password''' - Stored indefinitely, or until account deletion request | ||
===3.2 Contribution Data=== | ===3.2 Contribution Data=== | ||
* | * '''Edit history and contributions''' - Stored indefinitely as necessary for wiki functionality and attribution under legitimate interest | ||
* | * '''Timestamps of edits''' - Stored indefinitely as part of contribution history | ||
* | * '''Discussion posts and comments''' - Stored indefinitely as part of wiki content | ||
===3.3 Technical Data=== | ===3.3 Technical Data=== | ||
* | * '''IP addresses''' - Stored in server logs and backups for 90 days for security purposes, and indefinitely in edit history for attribution and anti-vandalism purposes | ||
* | * '''Browser type and version''' - Processed temporarily for technical compatibility and for generation of anonymized analytics | ||
* | * '''Device information''' - Processed temporarily for technical compatibility and for generation of anonymized analytics | ||
===3.4 Analytics Data (via Plausible Analytics)=== | ===3.4 Analytics Data (via Plausible Analytics)=== | ||
| Line 59: | Line 59: | ||
* Device type and browser information | * Device type and browser information | ||
'''Important''': Plausible does not use cookies or persistent identifiers, or create profiles. All data is aggregated and anonymous. | |||
===3.5 Security Services=== | ===3.5 Security Services=== | ||
'''hCaptcha''' processes the following when you interact with protected forms: | |||
* Technical connection data (IP address, timestamp) | * Technical connection data (IP address, timestamp) | ||
* Interaction data with the captcha interface | * Interaction data with the captcha interface | ||
| Line 86: | Line 86: | ||
| Server logs | Continuous | 30 days rolling | Access logs, error logs, security logs | | | Server logs | Continuous | 30 days rolling | Access logs, error logs, security logs | | ||
'''Important Notes on Backups:''' | |||
* All backups are fully encrypted | * All backups are fully encrypted | ||
* Deleted data may persist in backups until the backup retention period expires | * Deleted data may persist in backups until the backup retention period expires | ||
| Line 96: | Line 96: | ||
Our servers are hosted by Hetzner and DigitalOcean in the United States. This constitutes an international data transfer from the EU/EEA. We ensure appropriate safeguards through: | Our servers are hosted by Hetzner and DigitalOcean in the United States. This constitutes an international data transfer from the EU/EEA. We ensure appropriate safeguards through: | ||
* | * '''EU-US Data Privacy Framework''': Our hosting providers participate in the EU-US Data Privacy Framework, ensuring adequate protection for your personal data | ||
* | * '''hCaptcha transfers''': Data may be transferred to Intuition Machines, Inc. in the USA under the EU-US Data Privacy Framework (European Commission adequacy decision C(2023) 4745) | ||
==6. Your Rights Under GDPR== | ==6. Your Rights Under GDPR== | ||
| Line 134: | Line 134: | ||
| Service Provider | Data Types Processed | Location | Purpose | | | Service Provider | Data Types Processed | Location | Purpose | | ||
|-----------------|---------------------|----------|----------| | |-----------------|---------------------|----------|----------| | ||
| | | '''Hetzner''' | Server infrastructure, web application data | US/EU | Primary hosting infrastructure | | ||
| | | '''DigitalOcean''' | Database (all user accounts, contributions), file storage, system backups | USA | Database hosting, storage, backup services | | ||
| | | '''CloudFlare''' | Analytics data, traffic patterns, security logs, attack mitigation data | USA | DDoS protection, CDN, security analytics | | ||
| | | '''hCaptcha''' | IP addresses, interaction data | USA | Spam prevention | | ||
====7.1.1 Privacy statement for the service hCaptcha==== | ====7.1.1 Privacy statement for the service hCaptcha==== | ||
| Line 256: | Line 256: | ||
For any questions about this Privacy Policy or our data practices, please contact: | For any questions about this Privacy Policy or our data practices, please contact: | ||
'''Data Protection Contact''' | |||
Email: [email protected] | Email: [email protected] | ||
FULU Foundation | FULU Foundation | ||