Draft Privacy Policy #3978
Draft Privacy Policy #3978
Conversation
docs/privacy-policy.rst
Outdated
|
|
||
| If you're **just browsing the website**, we collect the same basic information that most websites collect. | ||
| We use common internet technologies, such as cookies and web server logs. | ||
| This is stuff we collect from everybody, whether they have an account or not. |
There was a problem hiding this comment.
"This is stuff" reads weird. Not sure what it's referencing.
docs/privacy-policy.rst
Outdated
| the visitor's browser type, language preference, referring site, | ||
| additional websites requested, and the date and time of each visitor request. | ||
| We also collect potentially personally-identifying information | ||
| like Internet Protocol (IP) addresses. |
There was a problem hiding this comment.
This should be a bulleted list.
| User Personal Information from unauthorized access, alteration, or destruction; | ||
| maintain data accuracy; and help ensure the appropriate use of User Personal Information. | ||
| We follow generally accepted industry standards to protect the personal information | ||
| submitted to us, both during transmission and once we receive it. |
There was a problem hiding this comment.
Should we enumerate this? SSL & password hashing I assume are the big ones?
There was a problem hiding this comment.
I don't think it is necessary especially since we don't (yet) require SSL on docs sites.
|
I have updated the date to coincide with the GDPR effective date. |
|
Another question: do we need to email all our users when it's live? It seems to be standard practice to email people w/ Privacy Policy updates, but it will likely just get lost in the barrage around GDPR heh. |
| If you're a **child under the age of 13**, you may not have an account on Read the Docs. | ||
| Read the Docs does not knowingly collect information from or direct any of our content specifically to children under 13. | ||
| If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account. | ||
| We don't want to discourage you from writing software documentation, but those are the rules. |
There was a problem hiding this comment.
I'm not sure if we do it here in the docs, on signup, or both, but we should probably describe why this is.
At least, this last sentence seems harsh. "Those are the rules" could explain that because of GDPR and the information we collect, we can't allow signups from young users.
There was a problem hiding this comment.
I believe the GDPR requires permission if somebody is under 16! The US generally requires 13. This was essentially copied from GitHub's.
docs/privacy-policy.rst
Outdated
| We **do** share certain aggregated, non-personally identifying information | ||
| with others about how our users, collectively, use Read the Docs. | ||
| For example, we may compile statistics on the prevalence of | ||
| different types of documentation across Read the Docs. |
There was a problem hiding this comment.
My question as a user here would be "who does this go to?"
"others" could be more specific -- "advertising partners" or whatever.
docs/privacy-policy.rst
Outdated
| :doc:`advertising-details`. | ||
|
|
||
| We may share User Personal Information with your permission, | ||
| so we can perform services you have requested. |
There was a problem hiding this comment.
"Share with whom?" again here.
Perhaps "share" is wrong, "use" maybe. I like giving examples for clarification, like above. Perhaps we could do this for each section.
docs/privacy-policy.rst
Outdated
|
|
||
| We may share User Personal Information with a limited number of third-party vendors | ||
| who process it on our behalf to provide or improve our service, | ||
| and who have agreed to privacy restrictions similar to our own Privacy Statement. |
There was a problem hiding this comment.
Yeah same here. This feels intentionally open ended. An example might clarify this, or perhaps we use more specific language here.
Also, should link to the section below
docs/privacy-policy.rst
Outdated
|
|
||
| Should you choose to donate to Read the Docs or purchase a `Gold subscription`_, | ||
| your payment information and details will be processed by Stripe. | ||
| Read the Docs does not store your payment information. |
There was a problem hiding this comment.
Also readthedocs.com subscriptions.
There was a problem hiding this comment.
This privacy policy does not apply to readthedocs.com!
docs/privacy-policy.rst
Outdated
| readthedocs.com | ||
| This website is a commercial hosted offering for hosting private | ||
| documentation for corporate clients. It is governed by a separate | ||
| `policy and terms <https://readthedocs.com/terms/>`_. |
There was a problem hiding this comment.
We have a separate terms of service, but I think we can use a common privacy policy.
|
I made most of the changes based on the feedback. |
This policy would be linked from the site footer on readthedocs.org and from the version selector menu on documentation sites.
This privacy policy was heavily borrowed from GitHub's own privacy policy which is CC-0 licensed. This is a draft privacy policy and has not been committed to by Read the Docs.
If merged, this would fix #2602.
It is also a requirement for #3954 (although this policy may not be fully compliant)