vikarti.anatra/safing-web
1
0
Fork 0
mirror of https://github.com/safing/web synced 2025-04-25 13:19:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions1
safing-web/privacy/index.md
Daniel 0a90ce2474 Point to Wiki instead of Docs
2023-06-01 13:46:45 +02:00

628 lines
30 KiB
Markdown
Raw Blame History

---
layout: legal_container
title: Privacy Policy
heading: Privacy Policy
---
**Introduction**
As the SPN product/service provided by Safing ICS Technologies GmbH is a
new service, and one of a kind at present, the following Privacy Policy
is comprehensive, it has been compiled to better serve those who have
concerns about how their 'Personally identifiable information' (pii) and
other data is being used online.
Pii, is used in privacy law and information security around the world
and is information that can be used on its own or with other information
to identify, contact, or locate a single person, or to identify an
individual in context. We do apologise for the length of our policies;
however, it is necessary to cover new ground.
Please read this privacy policy carefully to get a clear understanding
of how we collect, use, protect or otherwise handle your Personally
Identifiable Information in accordance with our services.
We have been open and transparent on the ways we collect, hold, use, and
protect your PII/data, should you have any concerns arising from this
privacy policy, please [use the contact email address in **Article 19.**](#article-19-contact) to contact us, we are always happy to hear
your comments and suggestions.
## Contents
- [Article 1. Where we collect Data/PII from](#article-1-where-we-collect-datapii-from)
- [Article 2. Personal Identifiable Information & Data we collect](#article-2-personal-identifiable-information--data-we-collect)
- [Article 3. How we store and protect your PII & Data](#article-3-how-we-store-and-protect-your-pii--data)
- [Article 4. How we use your PII & Data](#article-4-how-we-use-your-pii--data)
- [Article 5. Third party websites and links](#article-5-third-party-websites-and-links)
- [Article 6. Third Party Disclosure](#article-6-third-party-disclosure)
- [Article 7. General Data Protection Regulation (GDPR) explained](#article-7-general-data-protection-regulation-gdpr-explained)
- [Article 8. California Online Privacy Protection Act, (CalOPPA) explained](#article-8-california-online-privacy-protection-act-caloppa-explained)
- [Article 9. Fair Information Practices, explained](#article-9-fair-information-practices-explained)
- [Article 10. Children's Online Privacy Protection Act (COPPA)](#article-10-childrens-online-privacy-protection-act-coppa)
- [Article 11. Do not track](#article-11-do-not-track)
- [Article 12. Mobile devices](#article-12-mobile-devices)
- [Article 13. No logs policy](#article-13-no-logs-policy)
- [Article 14. Cookies](#article-14-cookies)
- [Article 15. Third party behavioural tracking](#article-15-third-party-behavioural-tracking)
- [Article 16. Data request](#article-16-data-request)
- [Article 17. Jurisdiction and Applicable Law](#article-17-jurisdiction-and-applicable-law)
- [Article 18. Amendments to the Privacy Policy](#article-18-amendments-to-the-privacy-policy)
- [Article 19. Contact](#article-19-contact)
## Article 1. Where we collect Data/PII from
At present, Safing ICS Technologies GmbH runs four (4) services, these are as follows, Website, Forum, SPN, and Portmaster update server: these
services collect different levels of data, however we aim to collect as
little as possible, and all data received by us is treated with the
strictest of confidence with privacy always in mind, all data is held
securely.
## Article 2. Personal Identifiable Information & Data we collect
Although the information collected is basic and may not be classed as PII, we treat all data with the same respect and as such have listed all the data we collect from the services we provide.
### Websites and other Web Services
Safing operates these websites, hosted and managed by GitHub ([Pages](https://pages.github.com/)):
- Website: https://safing.io
- Documentation: https://wiki.safing.io
You can [read GitHub's privacy policy](https://docs.github.com/en/github/site-policy/github-privacy-statement) to see how they handle your data.
<br>
Safing additionally operates and manages the following websites:
- Account Service: https://account.safing.io
- Account API Service: https://api.account.safing.io
- Asset Server: https://assets.safing.io
- Update Server: https://updates.safing.io
- Support Server: https://support.safing.io
- Self-Hosted [Plausible](https://github.com/plausible/analytics) Server: https://plausible.safing.io
The following personal identifiable information (PII) is held for technical reasons and is deleted after 72 hours:
- IP Address
- User Agent
This is how the 72 hours are broken up:
- Up to 24 hours until the raw logs are processed.
- Another 24 hours for processing in technical and operational systems.
- Another 24 hours for guaranteed full deletion.
While 72 hours is the maximum holding time period we guarantee, the time to deletion is usually a lot shorter.
<br>
Independently from this process, we always reduce PII as early as possible to reduce the time it is held and also reduce the number of systems the information is exposed to in the first place.
In some cases we even manage to delete IP addresses within an hour.
### Your Account
If you register for and use an account on https://account.safing.io, we additionally collect this information:
- User name, supplied by you, not your real name.
- Email address, required for some payment methods, our contact with you for account related information.
- Country, and country calling code, required for Austrian taxation law.
- Transaction identifiers necessary for processing, supplied to us by third party payment providers.
- Password, always stored in an encrypted (hashed) form.
This service also includes the domain https://api.account.safing.io, which hosts the API that the Portmaster interacts with.
### The Portmaster Software
The Portmaster software runs locally on your device and monitors your network traffic in order to block unwanted connections.
While it handles a lot of PII internally, at no point does the Portmaster software share any PII with us or anyone else, with the exception of the following cases:
The Portmaster interacts with the following **Web Services by Safing**: https://updates.safing.io, https://support.safing.io, https://account.safing.io, https://api.account.safing.io
Please refer to the previous sections to learn about these services.
If you choose to report an issue or give feedback via the **support system** within the Portmaster software, it sends your request with all its attached data to https://support.safing.io, which then forwards it to your chosen support channel.
If you use the **Safing Privacy Network (SPN)** module of the Portmaster, it supplies the username and password you enter to https://api.account.safing.io in order to log in.
These credentials are not provided to any server in the SPN, but an authorization token is used instead.
In the network itself, only the initial server knows and handles your IP address, which is never logged.
Please note that not all servers in the SPN are operated by Safing. If the Portmaster makes use of **servers that are operated by the community** (ie. a third party), we cannot guarantee how your information is handled by these operators. While we need to make you aware of this policy-wise, there is no privacy risk associated with this, as the SPN is built to protect your privacy in exactly this case and every server only receives minimal and only parts of the connection data, so that no server can both identify you and identify what you do online.
As the Portmaster is also a **DNS Client**, it sends DNS queries to the configured DNS Providers.
When you start using or configuring the Portmaster, please read the privacy policy of the configured DNS Providers.
### Customer Support
Safing ICS Technologies GmbH run customer support services for its users, customer support covers all aspects of
the services provided, including and not limited to: accounts, Portmaster, SPN, general enquiries and questions
about our policies etc. The information received, gathered, collected and held whilst running this service is as
follows:
- **Emails**, received by Safing ICS Technologies GmbH, to aid enquiries and for future reference.
- **Email address**, required for customer service replies etc. our contact with you for account related information.
- **Email content**, held for the purposes of site and service enhancement.
### Forum
At present the forum is run on a third party service, however, with
respect to being open and transparent, our forum when running, is
usually on the Reddit platform, we have no control on how their service
collects, stores, shares, handles, or uses data, and as such, you are
advised to read any and all privacy policies of the sites you intend to
use.
### Surveys
Safing ICS Technologies GmbH run surveys both continuous and in limited
time scope in order to best know and understand the needs of our
customers, these are used for development and enhancement of our
services, data supplied by users is kept until a user deletes it, these
surveys only collect basic information and not PII, by way of example
and not limited to, \"Which Operating Systems do you use?\".
### Newsletter
Safing ICS Technologies GmbH periodically sends out a newsletter, when
signing up to this service, you agree that Rapidmail will store your
email address, and that we have access to said email address. Rapidmail
is a GDPR compliant company based in Germany, to read their privacy
policy and how they deal with your PII, please follow the link below.
<https://www.rapidmail.de/datenschutz>
As with any third parties, we take no responsibility for your actions
when using said services, it is within your best interests to read all
policies on the third party sites you use or visit.
## Article 3. How we store and protect your PII & Data
**Data Storage:**
All data, including and not limited to data listed in [Article 2. Personal Identifiable Information & Data we collect](#article-2-personal-identifiable-information--data-we-collect) is stored in a protected database on a specially guarded server. The server is operated by us and hosted by Hetzner.
**Data Linking:**
Information/data used for the purpose of linking payments to a specific
user to enable services are as follows:
- Valid email address, if or when required.
- User name, not your real name.
- Payment identifiers, transaction code sent to us via the payment
gateway used.
**Data Retention:**
we are required by law to keep payment records for a period of 7 years,
for taxation purposes, even in the event that the account is deleted, we
are required to keep the transaction identifiers for this period.
Payment records are only linked to your account until it is deleted, or
expired, they then become orphaned and cannot be linked back to your
account.
Payments of up to 400€ (incl. Taxes) do not require customer
information, i.e. your invoices will be anonymous.
**Data Protection:**
In Transit: All traffic between the Customer and Safing ICS Technologies
GmbH is encrypted using modern Transport Layer Security (TLS). TLS is a
cryptographic protocol designed to provide communications security over
a computer network and aims primarily to provide confidentiality and
data integrity between two communicating computer applications.
At rest: Hot data (in use) is protected on our server, cold data
(backups) are encrypted.
## Article 4. How we use your PII & Data
The information collected whilst subscribing to the SPN or using the
website is basic in nature and only used for the specific reasons of
software development and the administration of your account.
- Valid email address: If or when required, Used for the
administration of your account.
- Transaction identifier, sent by payment gateway: Used for the
administration of your account.
- The internet browser and operating system you are using: Used for
software development purposes.
- The language set by the browser: Used for software development
purposes.
- The part of the IP address that designates country: Used for
software development and administration purposes.
- Referrer: How did you find the site? Used for software development
purposes.
## Article 5. Third party websites and links
- **Hetzner:** Hosting Provider.
- **GitHub:** Hosting Provider.
- **PayPal:** Payment gateway.
- **Stripe:** Payment gateway.
- **Sparkasse Baden: Bank:** Payments, wire transfer.
- **Mailbox.org:** Email provider.
## Article 6. Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties, your
personally identifiable information. This does not include website
hosting partners and other parties who assist us in operating our
website, conducting our business, or servicing you, so long as those
parties agree to keep this information confidential as per their privacy
policies and terms of service.
Information we gain through payment gateways for the purpose of linking
to your account are limited to transaction identifiers, please refer to:
[**Article 3.**](#article-3-how-we-store-and-protect-your-pii-data)
(how we protect your PII Data).
We may release your information when we believe release is appropriate
to comply with the law, enforce our site policies, or protect ours or
others' rights, property, privacy, or safety.
## Article 7. General Data Protection Regulation (GDPR) explained
The General Data Protection Regulation (GDPR) is the toughest privacy
and security law in the world. Though it was drafted and passed by the
European Union (EU), it is now implemented in many countries worldwide,
it imposes obligations onto organizations anywhere, so long as they
target or collect data related to people in the EU. The regulation was
put into effect on May 25, 2018, and grants users' certain rights under
the GDPR policy, these are set out below and clarified in [**Article 16.**](#article-16-data-request), alternatively, to read more about
GDPR please visit the following link:
<https://gdpr-info.eu/>
In line with the GDPR, we collect and process the data outlined in this
Privacy Policy on the following grounds, for the purposes of fulfilling
our contractual obligations to users, including:
- Providing users with the Services they have requested.
- Managing user subscriptions and processing payments.
- Providing customer support.
For a legitimate interest associated with the operation and development
of our services and business, including:
- Enhancing the quality, reliability, and effectiveness of our website
and Services.
- Communicating with customers to provide information and feedback
related to our Services and website.
- With the consent of users, which users can withdraw at any time.
You can exercise your rights under the GDPR to access, transfer,
correct, delete, or object to the processing of your personal
information by contacting us at:
<support@safing.io>
## Article 8. California Online Privacy Protection Act, (CalOPPA) explained
CalOPPA is the first state law in the United States of America to
require commercial websites and online services to post a privacy
policy.
The law's reach stretches well beyond California and requires a person
or company in the United States (and conceivably the world) that
operates websites/online services collecting personally identifiable
information from California consumers to post a conspicuous privacy
policy on its website, that states exactly the information being
collected and those individuals with whom it is being shared. If you
would like to read more about this policy, please visit:
<https://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf>
**in conjunction with CalOPPA, we agree to the following:**
Users can visit our site anonymously, but will need to subscribe to the
service, to use said service. Users will be notified of any privacy
policy changes as and when they happen and can keep up to date by
clicking the link named, (Privacy Policy) at the bottom of our home
page. To see what data, we collect from subscribers please refer to:
[**Article 2**.](#article-2-personal-identifiable-information-data-we-collect)
Personal Identifiable Information & Data we collect.
## Article 9. Fair Information Practices, explained
The Fair Information Practices Principles, form the backbone of privacy
law in the United States and the concepts they include have played a
significant role in the development of data protection laws around the
world, understanding the Fair Information Practice Principles and how
they should be implemented is critical to comply with the various
privacy laws that protect personal information. In order to be in line
with Fair Information Practices we will take the following responsive
action, should a data breach occur:
• We will notify the users via email within 1 business day.
• We will notify the users via in site notification within 1 business
day.
We also agree to the individual redress principle, which requires that
individuals have a right to pursue legally enforceable rights against
data collectors and processors who fail to adhere to the law. This
principle requires not only that individuals have enforceable rights
against data users, but also that individuals have recourse to courts or
a government agency to investigate and/or prosecute non-compliance by
data processors.
Safing ICS Technologies GmbH will not share or dispose of member's
information to third parties as per the data protection act 1998, this
can be read by following the link below:
<https://www.legislation.gov.uk/ukpga/1998/29/data.pdf>
## Article 10. Children's Online Privacy Protection Act (COPPA)
The SPN provided by Safing ICS Technologies GmbH is in no way targeted
for use in any way shape or form towards minors/children under the age
of 18 years, however, as our service does not require data upon
subscription concerning age, real name, or home address, we cannot, and
will not be held responsible for your child's actions whilst online, all
data collected by us is treated in the same manner, protected behind
numerous layers of encryption, used to provide the service to you, and
not shared with any third parties.
## Article 11. Do not track
In conjunction with CalOPPA and the 2013 amendments, we do not track
users of our SPN (Safing Privacy Network), in this case we do not
respond to, do not track signals or requests from you, on the
understanding that, our service does not track users' actions or usage
whilst on the SPN service. Please read [**Article 13.**](#article-13-no-logs-policy) No logs policy.
## Article 12. Mobile devices
At present we do not provide any mobile applications for our services,
however as it is possible to connect to our SPN service using your
mobile devices internet browser, the following applies: We do not track,
or collect any data from your mobile devices other than information
provided by you to subscribe to our service, please refer to: [**Article 2.**](#article-2-personal-identifiable-information-data-we-collect)
Personal Identifiable Information (PII/Data), we collect, and [**Article 3.**](#article-3-how-we-store-and-protect-your-pii-data) How we store
and protect your PII/Data.
## Article 13. No logs policy
We do not log or store records on user activity using our SPN Service,
we are committed to your privacy and DO NOT collect or log browsing
history, traffic destination, data content, IP addresses, or DNS queries
from Subscribers connected to our SPN.
For the avoidance of all doubt, should any government body or law
enforcement agency compel Safing ICS Technologies GmbH to release such
subscribed user information, listed above, we cannot supply this
information as the data does not exist, and is therefore not in our
possession.
## Article 14. Cookies
Our service uses cookies required to operate, by way of example and not
limited to, when logging in, below you will find an explanation on our
cookie usage. Cookies used on our site are on site only; we do not use
third party cookies, or transmit information collected, information
collected by our cookies are used on our service only.
**What are cookies?**
Cookies are small text files which a website/service may put on to a
member's computer or mobile device when you first visit a site, service,
or page. The cookie helps the website, to recognize your device the next
time you visit. There are many functions cookies serve, for example they
can help us to remember your username and preferences.
Session cookies last only for the duration of your visit and are deleted
when you close your browser, these facilitate various tasks such as
allowing a website/service to identify that a user of a particular
device is navigating from page to page, supporting website security or
basic functionality.
Persistent cookies last after you have closed your browser and allow a
website to remember your actions and preferences. Sometimes persistent
cookies are used by websites/services to provide targeted advertising
based upon the browsing history of the device, we DO NOT use targeted
advertising cookies of any description.
**What do we use cookies for?**
We use first party cookies (our own) on our services, for the following
purposes:
**Login:** Once you login to our website/service, a cookie is set
containing your encrypted credentials, required to recognize you between
page visits.
You can disable this cookie by deselecting "Remember me" in the login
form.
**Session:** Upon first visit of our website/service, the system will
create a new unique session for you which will be saved using a cookie
on your computer.
Sessions are required to recognize users between page accesses. It is a
temporary cookie which will be deleted once you close your internet
browser.
**Third-Party Services:** Displayed ads or sharing content through
social networks or comparable actions might cause a cookie created by
them, we DO NOT use third parties in that respect, therefor cookies in
this category can only be added by the member using a third-party site
etc. this is not recommended by Safing ICS Technologies GmbH.
**How to disable or delete cookies?**
Your internet browser offers specialized options to manage and remove
cookies and also offer settings to reject many or all cookies. Please
refer to the instructions for your internet browser from the list below.
- Google Chrome <https://support.google.com/chrome/answer/95647?hl=en>
- Mozilla Firefox
<https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer>
- Opera
[https://help.opera.com/en/latest/web-preferences/](https://help.opera.com/Windows/12.00/en/cookies.html)
- Safari <https://support.apple.com/kb/ph17191?locale=en_US>
- Internet Explorer
<https://windows.microsoft.com/en-US/internet-explorer/delete-manage-cookies#ie=ie-11>
## Article 15. Third party behavioural tracking
Our SPN service DOES NOT use third-party tracking in any form, however,
sites we may direct you to during subscription, by way of example only,
the payment gateways we use, Stripe, PayPal, or wire transfer, may use
such tracking on their services, for the avoidance of all doubt, it is
your responsibility to check any third party sites you visit and read
their privacy policy.
## Article 16. Data request
In compliance with the GDPR, you can request a list of the information
we hold on your account, however at this time it is best to remember
that any information held by us, is the information freely given by you
when you subscribe to our services, in this case data requests must be
made using the information given to us, by way of example only, email
address if used, in an email, requesting the information to:
<support@safing.io>
As the data we collect is solely used to run and administer your
account, you can ask at any time for us to stop processing, or to erase
the data held on your account, however in these aforementioned cases,
this will result in the removal of your account from our services, this
course of action does not automatically trigger a refund under **Terms of Service. Article 10** your right to cancel, and **Article 11** refunds. For cases of this type please contact us with your request at:
<cancellations@safing.io> or <support@safing.io>
for the avoidance of all doubt, we are a company based around privacy
and security, any and all data collected on a members account is basic,
by way of example only and not limited to, a verifiable email address,
if required, and transaction id's, these are protected behind
encryption.
Information/data held by us on any subscriber is basic and minimal, any
and all data requests made by Government, or law enforcement agencies
can be applied for, however, this is in the form of single account data
only and not by block.
By forwarding the required paperwork, in this case, a written request
and reason, with a current court order covering the correct jurisdiction
attached, Safing ICS Technologies GmbH will comply with the law, applied
by the Austrian court's jurisdiction under European law.
## Article 17. Jurisdiction and Applicable Law
As Safing ICS Technologies GmbH is registered in Austria, any and all
disputes will be decided only through the Austrian court system
following European law as our guideline. It is important to note: the
SPN provided by Safing ICS Technologies GmbH does not collect any IP
addresses, browsing history, traffic data, or DNS queries that could be
used to identify any specific user.
## Article 18. Amendments to the Privacy Policy
This privacy policy is classed as a living document, and will change
from time to time due to changes in laws concerning privacy around the
world, as such we reserve the rights to amend/change our Privacy Policy
as and when required, without prior notice to you, to remain consistent
with applicable privacy laws and principles.
As your continued use of the website or Services constitutes your
acceptance of our Privacy Policy, we recommend that subscribers check
for updates and reads said content of any amended policies we might make
in the future.
<br>
### Amendment 0.1. on 05.08.2020
Due to the Court of Justice of the European Union ruling on data transfers, invalidating the Privacy Shield and GDPR compliance of such a ruling.
it is here by stated that Safing ICS Technologies GmbH, does not hold or transfer any data to any servers held in the United States of America, however, due to the operating nature of the SPN, we cannot and will not be held responsible for any private nodes held within the United States of America that you choose to use.
<br>
### Amendment 0.2. on 18.08.2020
As per update to CalOPPA/CCPA (California Consumer Privacy Act) 14/08/2020, this amendment applies to Privacy Policy Articles [8](#article-8-california-online-privacy-protection-act-caloppa-explained),[11](#article-11-do-not-track),[13](#article-13-no-logs-policy) & [16](#article-16-data-request).
**Authorized Agents:** When a consumer uses an authorized agent to submit a request to know, or a request to delete data of any kind, Safing ICS Technologies GmbH may require that the consumer do the following:
Provide the authorized agent, signed permission to access any form of data/information.
**In the case of anonymous users:** users must verify their own identity directly with Safing ICS Technologies GmbH.
Users must directly confirm with Safing ICS Technologies GmbH that they have provided the authorized agent permission to submit any such request.
Authorized agents must also provide a current, verifiable identification and all necessary documentation to access any information or data, users and agents are however reminded that: Safing ICS Technologies GmbH, does not collect or log browsing history, traffic destination, data content, IP addresses, or DNS queries from users/subscribers connected to our SPN, we cannot provide information or data we do not hold.
<br>
### Amendment 0.3. on 22.01.21
[Addition to Article 2](#article-2-personal-identifiable-information--data-we-collect), Personal Identifiable Information & Data we collect: the addition of customer support, data
received, gathered, collected and held.
[Alteration to Article 3](#article-3-how-we-store-and-protect-your-pii--data), How we store and protect your PII & Data: alteration to main body text 1st paragraph.
<br>
### Amendment 0.4. on 25.05.2021
[Removal from Article 2](#article-2-personal-identifiable-information--data-we-collect), Personal Identifiable Information & Data we collect. Removal of a sentence about future potential Portmaster telemetry.
This sentence was originally added for legal flexibility, intended to cover such a potential feature. We honestly forgot that it was there. But to make things clear: No official Portmaster release will ever have telemetry functions implemented. Hence the removal.
<br>
### Amendment 0.5. on 07.07.2021
[Revision of Article 2](#article-2-personal-identifiable-information--data-we-collect) according to current developments:
- Revised and unified Web Services, Account and Portmaster Software sections.
- Refer to Github's Privacy Policy for Github Pages content, instead of making statements from our perspective.
- Added support service.
[Removal from Article 5](#article-5-third-party-websites-and-links): The third party service "Stripe" was removed, as integration was aborted a while ago.
### Amendment 0.6. on 29.11.2021
[Revision from Article 5](#article-5-third-party-websites-and-links): The third party service "Stripe" was added after reevaluating the payment service.
### Amendment 0.7. on 17.08.2022
[Revision of Article 2](#article-2-personal-identifiable-information--data-we-collect): Added Self-Hosted Plausible Server
We now run a self-hosted installation of [Plausible Analytics](https://github.com/plausible/analytics) to collect some anonymous usage data for statistical purposes.
The goal is to track overall trends in our website traffic, it is not to track individual visitors.
All the data is in aggregate only. No personal data is collected.
## Article 19. Contact
If you have any questions regarding our Privacy Policy and how we handle
your information, please feel free to contact Safing ICS Technologies
GmbH at the email address below, please state your enquiry in as much
detail as possible and we will reply as soon as we can, normally within
24 hours of receipt of request:
<privacymatters@safing.io>
Please note: whereas we cannot change our policies to suit every
individual, we will listen to your concerns and reply in a timely
manner.
Thank you for taking the time to read our policies on how we operate our
service and collect, use and protect all of your data.
© Safing ICS Technologies GmbH
2020/21
All rights reserved.
Reference in a new issue View git blame Copy permalink