-
-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
📝 Simplify text, remove redundant statements Add link to FE privacy policy 📝 remove redundant header
- Loading branch information
Showing
2 changed files
with
94 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| # Privacy Policy | ||
|
|
||
| The Commonhaus Foundation (CF) is committed to respecting your privacy and protecting your personal information. | ||
| This Privacy Policy explains how we collect, use, and share information when you engage with our services, websites, and projects. | ||
|
|
||
| - [Information We Collect](#information-we-collect) | ||
| - [How We Use Your Information](#how-we-use-your-information) | ||
| - [Information Sharing and Disclosure](#information-sharing-and-disclosure) | ||
| - [How We Protect Your Information](#how-we-protect-your-information) | ||
| - [Data Security and Cross-border Transfers](#data-security-and-cross-border-transfers) | ||
| - [Data Retention](#data-retention) | ||
| - [Your Rights](#your-rights) | ||
| - [Changes to This Policy](#changes-to-this-policy) | ||
| - [Contact Us](#contact-us) | ||
| - [Additional Information for EEA, UK, and California Users](#additional-information-for-eea-uk-and-california-users) | ||
|
|
||
| ## Information We Collect | ||
|
|
||
| We collect only the data necessary to operate our services effectively. | ||
|
|
||
| 1. **Authentication and Identity Data**: We use GitHub for authentication and collect basic identity data, including your GitHub login and user ID. | ||
| If you serve on a CF committee, we may display your GitHub login, name, and profile bio publicly. | ||
| Members may also opt to provide an alternate display name or bio. | ||
|
|
||
| 2. **Email Forwarding Data**: For members using the [ForwardEmail service](https://forwardemail.net/en/privacy), we link your GitHub login to the forwarding email address(es) specified. | ||
| ForwardEmail stores the target address; CF does not retain this information. | ||
|
|
||
| 3. **Session Cookies and Analytics**: Our member section uses temporary session cookies solely for GitHub authentication. | ||
| We also collect anonymous, aggregated analytics to improve website performance and usability. | ||
|
|
||
| 4. **Legal and Contributor Data**: For legal agreements (e.g., asset transfers, fiscal hosting) and contributor verification (e.g., Contributor License Agreements or commit messages), we collect names, contact details, and any relevant contribution history. | ||
|
|
||
| ## How We Use Your Information | ||
|
|
||
| We use your information to: | ||
|
|
||
| - **Authenticate Access**: GitHub data is used to verify and provide secure access to CF services. | ||
| - **Public Display for Committees**: We publicly display committee members’ names and GitHub logins during their tenure. | ||
| - **Communication**: The ForwardEmail service facilitates communication via forwarding addresses provided by members. | ||
| - **Website Improvement**: Analytics help us assess website performance without identifying individual users. | ||
| - **Project and Contribution Oversight**: Contributor information supports project management and monitors adherence to contribution requirements, such as CLAs or DCOs. | ||
|
|
||
| ## Information Sharing and Disclosure | ||
|
|
||
| We do not sell or rent your personal information. | ||
| Information may be shared under the following circumstances: | ||
|
|
||
| - **Third-party Services**: We share your information with third-party services only when you opt-in, such as by using ForwardEmail, and only as necessary for those services to function. | ||
| - **Legal Requirements**: We may disclose information as required by law or in response to a valid legal request. | ||
|
|
||
| ## How We Protect Your Information | ||
|
|
||
| We take reasonable measures necessary to protect your personal data from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of your personal data. | ||
|
|
||
| ## Data Security and Cross-border Transfers | ||
|
|
||
| We take reasonable measures to protect your personal data from unauthorized access, alteration, or destruction. | ||
| Your data may be processed in various countries, including the U.S. and regions where we or our providers operate. | ||
| For transfers from the EU, UK, or Switzerland, we rely on Standard Contractual Clauses to ensure your data’s protection. | ||
|
|
||
| ## Data Retention | ||
|
|
||
| We retain data as long as necessary to fulfill the purposes outlined in this policy or as required by law. | ||
| Session cookies are temporary and expire when your session ends. | ||
|
|
||
| ## Your Rights | ||
|
|
||
| You have the right to request access to, correction of, or deletion of your personal information. | ||
| To exercise these rights, please email the [`legal` mailing list][CONTACTS.yaml]. | ||
|
|
||
| ## Changes to This Policy | ||
|
|
||
| We may update this Privacy Policy to reflect changes in our practices or legal obligations. | ||
| Significant updates will be posted on our website. | ||
|
|
||
| ## Contact Us | ||
|
|
||
| If you have any questions or concerns about this Privacy Policy, send an email to the [`legal` mailing list][CONTACTS.yaml]. | ||
|
|
||
| ## Additional Information for EEA, UK, and California Users | ||
|
|
||
| Users in the European Economic Area (“EEA”), United Kingdom (“UK”), and California have specific rights under their respective data protection laws. | ||
| These rights include, among others, access, correction, deletion, restriction of processing, and data portability in certain circumstances. | ||
|
|
||
| 1. **EEA and UK Users**: We process your data only where legally justified, including under contract fulfillment, legitimate interest (balanced against your privacy rights), consent, or legal compliance. | ||
| You may exercise rights to access, rectify, delete, or restrict your data, and you may object to processing or request data portability where applicable. | ||
| You also have the right to lodge a complaint with your local supervisory authority. | ||
|
|
||
| 2. **California Users**: Under the California Consumer Privacy Act (“CCPA”), you have the right to opt-out of data “sales” (CF does not sell personal data), and to access, delete, and correct your personal data. | ||
| CF will not discriminate against you for exercising these rights. | ||
| You may also make a request via an authorized agent; in such cases, CF may request additional verification to confirm your identity. | ||
|
|
||
| [CONTACTS.yaml]: https://github.com/commonhaus/foundation/blob/main/CONTACTS.yaml |