ari/ari.lt
1
0
Fork 0
mirror of https://git.ari.lt/ari.lt/ari.lt.git synced 2025-02-04 09:39:25 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update legal framework language, make policies clearer.

Browse source 
Signed-off-by: Ari Archer <ari@ari.lt>
This commit is contained in:
Arija A. 2024-11-28 23:23:47 +02:00
parent 7482fffe69
commit 523b033755
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG key ID: A50D5B4B599AF8A2
3 changed files with 61 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
src/static/legal.sig
View file

Binary file not shown.

50
src/static/legal.txt
View file

@ -1,10 +1,10 @@
Legal information of Ari-web
Legal framework of Ari-web
This is the legal information of ari-web which covers topics such as logging policy, privacy policy, data control, data control compliance, as well as other legal aspects when it comes to using ari-web services. By using or requesting to use any ari-web services you agree to the legal framework outlined in this document, and agree to keep yourself updated with or without notice.
This is the legal framework of Ari-web which covers topics such as logging policy, privacy policy, data control, data control compliance, as well as other legal aspects when it comes to using Ari-web services. By using or requesting to use any Ari-web services you agree to the legal framework outlined in this document, and agree to keep yourself updated with or without notice.
This document serves as an agreement between you and Ari-web parties, regarding the use and management of Ari-web's services. It outlines the expectations, responsibilities, and limitations for both parties.
Visitor: 1625736
Visitor: 1625761
Created at: 2024-11-25 (YYYY-MM-DD)
Last updated: 2024-11-28 (YYYY-MM-DD)
OpenPGP signature of this document by the Authoritative party's OpenPGP key: legal.sig (Note: Only the text content found in legal.txt was signed. Use that text-only static copy of this document to verify the signature.)
@ -22,7 +22,7 @@ Full list of the parties involved:
Fediverse: @ari@ak.ari.lt
Contact form: https://ari.lt/#gb
OpenPGP key ID: 4FAD63E936B305906A6C4894A50D5B4B599AF8A2
Ari-web Members
Ari-web Members , coppa
Zayd (administrates and moderates Akkoma)
IRC: zayd on libera.chat
Session (not checked often): 05d790add6647a049f58ce81c80aacc476859880af911cad105cf34fb8757b8872
@ -67,16 +67,16 @@ Full list of the parties involved:
Email: jlajsek@gmail.com
Website: https://cubiq.dev/
Collectively, we are called Ari-web. You are an outside party using our free (libre and gratis) and open source services.
Collectively, we are called Ari-web. You are an outside party using our free (Libre and Gratis) and open source services. Although, responsibility for Ari-web goes to the Authoritative party.
# Liability Disclaimer
Ari-web disclaims all liability for any damages, data loss, dissatisfaction, or any other legal liability. You, as an individual user, are solely responsible for your actions, their consequences, and protecting yourself as well as your privacy and security.
In no event shall ari-web be liable for any indirect, special, incidental, or consequential damages related to your use of its services.
In no event shall Ari-web be liable for any indirect, special, incidental, or consequential damages related to your use of its services.
# Privacy and Data Protection
Ari-web will make reasonable efforts to protect your privacy unless circumstances call for access termination, transfer, or limitation with or without notice, such as in cases of legal compliance or suspected misuse of services. Ari-web reserves the right to manage your access at its discretion.
Ari-web will make reasonable efforts to protect your privacy unless circumstances call for access termination, transfer, or limitation with or without notice, such as in cases of legal compliance or suspected misuse of services. Ari-web reserves the right to manage your access at its discretion. We will report any violations of the law to the required authorities if needed with the information you have consented to be logged for genuine interest.
# Modifications and Exceptions
Ari-web reserves the right to modify these terms at any time without prior notice. Exceptions to these terms may be granted by the Authoritative party in writing with a digital signature, at their discretion.
@ -96,11 +96,11 @@ Ari-web reserves the right to modify these terms at any time without prior notic
ISP: HostHatch
Hardware: 1 vCPU core, 1024 MB of RAM, 1000 GB of HDD storage + 20 GB NVMe storage, 2500 GB of network bandwidth.
Purpose: Storing data
Access: Cut off from the rest of the internet except rate limited and strongly autheticated port 22 traffic for SSH.
Access: Cut off from the rest of the internet except rate limited and strongly authenticated port 22 traffic for SSH.
# Transparency
Ari-web is committed to providing the utmost transparency in its operations and services wherever possible. This commitment includes, but is not limited to, clear communication regarding the use of data, service functionality, and any changes to terms or policies. While Ari-web strives to maintain this level of transparency, it acknowledges that certain circumstances may limit the extent of disclosure. Users are encouraged to reach out with any questions or concerns regarding transparency in the services provided. Ari-web will do their best to notify of changes of ToS, but it is your responsibility to keep up with the changes.
Ari-web is committed to providing the utmost transparency in its operations and services wherever possible. This commitment includes, but is not limited to, clear communication regarding the use of data, service functionality, and any changes to terms or policies. While Ari-web strives to maintain this level of transparency, it acknowledges that certain circumstances may limit the extent of disclosure. Users are encouraged to reach out with any questions or concerns regarding transparency in the services provided. Ari-web will do their best to notify of changes of the legal framework, but it is your responsibility to keep up with the changes.
# Services
This table lists all self-hosted software (semi-)open for the public that people are welcome to use.
@ -139,13 +139,13 @@ Forgejo instance for kappach.at Git forge instance of KappaChat - An extensibl
Ari-web is committed to complying with the General Data Protection Regulation (GDPR) (as well as COPPA (Children's Online Privacy Protection Rule) if you live in the U.S.) and the Digital Millennium Copyright Act (DMCA).
It adheres to the principles outlined in the GDPR, ensuring that all personal data is processed lawfully, fairly, and transparently. We collect and process personal data and logs only for specified, legitimate purposes and ensure that such data is accurate, up-to-date, and retained only as long as necessary for those purposes. Users have rights regarding their personal data, including access, rectification, and erasure, which we honor in accordance with GDPR requirements even for non-EU citizens. We believe that such freedom is an essential basic human right.
It adheres to the principles outlined in the GDPR, ensuring that all personal data is processed lawfully, fairly, and transparently. We collect and process personal data and logs only for specified, legitimate purposes and ensure that such data is accurate, up-to-date, and retained only as long as necessary for those purposes. Users have rights regarding their personal data, including access, rectification, and erasure, which we honor in accordance with GDPR requirements even for non-EU citizens. We believe that such freedom is a basic human right.
It also respects intellectual property rights and complies with the provisions of the DMCA. We have implemented procedures to address any claims of copyright infringement and provide a mechanism for copyright holders to report alleged infringements through contact by email. We take such claims seriously and will respond promptly to any notices of claimed infringement.
If you notice any resource or action violating the law, GDPR, COPPA, or DMCA, contact the Authoritative party with all information and full paths and URLs/URIs of the violating content. Without sufficient information, the Authoritative party cannot do anything about the violations, so you may be requested for more information to be able to process your request.
If you notice any resource or action violating the law, GDPR, COPPA, or DMCA, contact Ari-web with all information and full paths and URLs/URIs of the violating content. Without sufficient information, we cannot do anything about the violations, so you may be requested for more information to be able to process your request.
By using our services, you acknowledge our commitment to these regulations and understand that we will take all necessary steps to ensure compliance with the law, GDPR, COPPA, and DMCA. Furthermore, you acknowledge that you are the age of digital consent to allow your data to be processed, or that your legal guardians have consented to your data being processed for non-commential uses, for instance, instant messaging or serving of posts to provide functionality to our provided services.
By using our services, you acknowledge our commitment to these regulations and understand that we will take all necessary steps to ensure compliance with the law, GDPR, COPPA, and DMCA. Furthermore, you acknowledge that you are the age of digital consent and allow your data to be processed, or that your legal guardians have consented to your data being processed for non-commercial uses, for instance, instant messaging or serving of user-generated content to provide functionality to our provided services.
Contact us for any violations, questions, or various other things by either Authoritative party's contacts or by:
@ -157,29 +157,29 @@ Contact us for any violations, questions, or various other things by either Auth
By using our services, you agree that any data you send to Ari-web servers to be processed, stored, logged, and served. We reserve to change these policies at any point for genuine interest which includes service functionality, moderation, administration, or allowing extra features with or without prior notice.
You reserve the right to request mass data deletion of any data logged or stored, even if GDPR does not apply in your jurisdiction by simply sending a request to gdpr@ari.lt. Logs are mainly collected for moderation and service stability ensurance.
You reserve the right to request mass data deletion of any data logged or stored by simply sending a request to bye@ari.lt. Logs are mainly collected for moderation and service stability insurance.
Service Logged information Stored information Notes
All Your IP address (logs are rotated every 64 days), access URI, authentication attempts, timestamp, response code, and parameters Your IP address (temporarily for up to a week in-memory), all data you sent to be processed and expect it to be stored (such as comments, messages, files, ...), cookies You are responsible for your own privacy by using client-side encryption. Data on Ari-web is mninimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See OpenPGP). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. Most logs are rotated every 64 days.
All Your IP address (logs are rotated every 64 days), access URI, authentication attempts, timestamp, response code, and parameters Your IP address (temporarily for up to a week in-memory), all data you sent to be processed and expect it to be stored (such as comments, messages, files, ...), cookies You are responsible for your own privacy by using client-side encryption. Data on Ari-web is minimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See OpenPGP). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. Most logs are rotated every 64 days.
Computing (access to the server's compute resources) Everything you do on the system is logged, including file access, login attempts, and resource usage as well as the normal logs as described above ("All"). Stored information is all information you may put on the server, which includes (but is not limited to) files, logs, software, and code. These assets will not be served unless you choose to serve them yourself, in which case, you should request the Authoritative party to allow you to use certain ports and for them to be open to the open internet. You are responsible for ensuring your own privacy and not compromising the security of the compute resources, although, it will and is monitored to ensure best practices are being followed. You are responsible for managing your own resource usage without abusing them as well as adhering to Ari-web policies and initiating your own. You may not distribute or even read data or configuration that is not meant for you.
Matrix (matrix.ari.lt) Error reporting information with nonidenfiable or minimally idenfiable information. All Matrix rooms and events as well as files to be stored, federated or not. Federates the aforementioned events to other servers out of our control due to the nature of the mash nature of the Matrix protocol.
Matrix (matrix.ari.lt) Error reporting information with nonindefinable or minimally identifiable information. All Matrix rooms and events as well as files to be stored, federated or not. Federates the aforementioned events to other servers out of our control due to the nature of the mash nature of the Matrix protocol.
XMPP/Jabber (ari.lt ports 5222, 5269, 5223, 5270, and 5281) Client/server events (federated or not), including (but not limited to) connections and error reporting information. All XMPP events and multi-user chats as well as files to be stored, federated or not. XMPP has a unique way of storing various events, therefore, you are strongly encouraged to use private-only MUCs (multi-user chats) on muc.ari.lt with encryption with OMEMO or OpenPGP.
Git forge (Forgejo at git.ari.lt) Any events or actions taken by You on git Forge, including authenticating, creating repositories, organisations, using runners (actions), deleting repositories, commits, etc. All repositories (private and public) and their data as well as metadata, user profile data, authentication data, prefrences, blocked users, avatars, descriptions, emails, organizations, etc. Git forge is meant to store data like a versioned file store of sort (i.e. Git VCS), therefore, all you send there will be served, to public or not (depending on your prefrences).
Email mailboxes of Ari-web email using Mailcow (mail.ari.lt) All actions performed on email are agressively logged. This includes: Email subject, email headers, rSpamD scan result, ClamAV antivirus results, access and authentication of both email and web UI, sent and received mail, IP address spam statistics, mailbox spam statistics, email (and its body) spam statistics (fuzzy hashes and scores mainly). This ensures full stability and deliverability of the email server. All data related to your email is stored. This includes: IP address, email body, attachments, headers, spam scores and metadata, email threads, WebUI accounts (and their associated data), etc. Even though we try to ensure best security of emails as well as secure access and storage, you are responsible for ensuring your total privacy. We are NOT allowed to invade your privacy unless circumstances call for it, although, to be safe, we suggest public key encryption to be used. See Termination, Limitation, and Transfer for more details.
Semi-managed email using custom domains using Mailcow (goes to mail.ari.lt) All data related to email mailboxes is logged as described above. Although, email hosting with custom domains comes with its own caviates as well, for instance, you may be requested to add DMARC reports support to your domain. All administrator actions will also be logged and stored relating to your custom domain like login attempts, change of settings and rules as well as related events. Mailbox information is stored as described above. Administrator information is stored similarly to mailbox WebUI accounts, including authentication information and various domain-related information such as logs and private keys (like DKIM). You, as the domain administrator, are required to ensure best security practices when using Ari-web email and to not violate the described terms in this document. Your violation of these terms will be considered a breach, therefore, your access will be terminated with notice.
Git forge (Forgejo at git.ari.lt) Any events or actions taken by You on git Forge, including authenticating, creating repositories, organisations, using runners (actions), deleting repositories, commits, etc. All repositories (private and public) and their data as well as metadata, user profile data, authentication data, preferences, blocked users, avatars, descriptions, emails, organizations, etc. Git forge is meant to store data like a versioned file store of sort (i.e. Git VCS), therefore, all you send there will be served, to public or not (depending on your preferences).
Email mailboxes of Ari-web email using Mailcow (mail.ari.lt) All actions performed on email are logged. This includes: Email subject, email headers, rSpamD scan result, ClamAV antivirus results, access and authentication of both email and web UI, sent and received mail, IP address spam statistics, mailbox spam statistics, email (and its body) spam statistics (fuzzy hashes and scores mainly). This ensures full stability and deliverability of the email server. All data related to your email is stored. This includes: IP address, email body, attachments, headers, spam scores and metadata, email threads, WebUI accounts (and their associated data), etc. Even though we try to ensure best security of emails as well as secure access and storage, you are responsible for ensuring your total privacy. We are NOT allowed to invade your privacy unless circumstances call for it, although, to be safe, we suggest public key encryption to be used. See Termination, Limitation, and Transfer for more details.
Semi-managed email using custom domains using Mailcow (goes to mail.ari.lt) All data related to email mailboxes is logged as described above. Although, email hosting with custom domains comes with its own unique logging as well, for instance, you may be requested to add DMARC reports support to your domain. All administrator actions will also be logged and stored relating to your custom domain like login attempts, change of settings and rules as well as related events. Mailbox information is stored as described above. Administrator information is stored similarly to mailbox WebUI accounts, including authentication information and various domain-related information such as logs and private keys (like DKIM). You, as the domain administrator, are required to ensure best security practices when using Ari-web email and to not violate the described terms in this document. Your violation of these terms will be considered a breach, therefore, your access will be terminated with notice.
PrivateBin (pb.ari.lt) Logs your paste ID, although, does not log the private key used for encrypting the paste. Encrypted paste information is stored on the paste as sent by the client. When reporting a paste for violating content, please provide us with as much information as possible about the paste, including its ID and private key (all in the URL, which you can just supply to us).
RoundCube webmail (rc.ari.lt) Logs error information. Stores your sessions as well as your password in an encrypted format as well as user prefrences, identities, and other related webmail data.
RoundCube webmail (rc.ari.lt) Logs error information. Stores your sessions as well as your password in an encrypted format as well as user preferences, identities, and other related webmail data.
Matrix clients (schildi.ari.lt and cinny.ari.lt) All data and processing happens client-side.
Akkoma/fediverse instance (ak.ari.lt) All actions taken by administrators are logged as well as errors / warnings / faults related to various parts of the applications. Stores all data sent to the server, federated or not, such as user-generated content (posts, dms), descriptions, content warnings, avatars, alt texts, interractions, tags, avatars, uploads, etc. and federates them to other servers out of our control due to the nature of the mash nature of the ActivityPub protocol.
Akkoma/fediverse instance (ak.ari.lt) All actions taken by administrators are logged as well as errors / warnings / faults related to various parts of the applications. Stores all data sent to the server, federated or not, such as user-generated content (posts, DMs), descriptions, content warnings, avatars, alt texts, interactions, tags, avatars, uploads, etc. and federates them to other servers out of our control due to the nature of the mesh nature of the ActivityPub protocol.
# Service availability
Ari-web tries to provide the best uptime, although, there is zero guarantee on any sort of service availability in percentage. You get what you get essentially. Although, expect minor downtime monthly or bimonthly for maintenence tasks such as a maintenence reboot or a configuration change. This assumption is not to be construed as a guarantee.
Ari-web tries to provide the best uptime, although, there is zero guarantee on any sort of service availability in percentage. You get what you get essentially. Although, expect minor downtime monthly or bimonthly for maintenance tasks such as a maintenance reboot or a configuration change. This assumption is not to be construed as a guarantee.
Ari-web disclaims any liability for service interruptions or downtime, and users acknowledge that they are using the services at their own risk.
# Termination, Limitation, and Transfer
Ari-web reserves the right to terminate, limit, or transfer services, infrastructure, or general access in certain circumstances, as outlined below:
Termination or Limitation of Services: ari-web may terminate or limit services if Ari-web deems the service too difficult to control or moderate, or if a constant pattern of violations or one extreme and severe violation is detected. For individuals, services may be terminated without notice if they continue to violate the terms of service or engage in behaviour that Ari-web considers unacceptable. Such decisions will be based on the outlines in this document as well as Ari-web interpretation of this document and their own discretion.
Termination or Limitation of Services: Ari-web may terminate or limit services if Ari-web deems the service too difficult to control or moderate, or if a constant pattern of violations or one extreme and severe violation is detected. For individuals, services may be terminated without notice if they continue to violate the terms of service or engage in behaviour that Ari-web considers unacceptable. Such decisions will be based on the outlines in this document as well as Ari-web interpretation of this document and their own discretion.
Transfer of Services: Ari-web will only transfer access to services in two scenarios:
@ -191,7 +191,7 @@ In both cases, the Authoritative party reserves the right to make the final dete
Users acknowledge and agree that the Authoritative party's decisions regarding service termination, limitation, and transfer are final and not subject to appeal or legal action.
# Governing law
Ari-web and its services are subject to international laws as well as the laws of the United States of America, Lithuania, and Sweden. Users acknowledge that these jurisdictions govern the use of ari-web services and any disputes that may arise in connection with them. This statement is intended to clarify the legal framework applicable to the services offered by ari-web and does not create any binding obligations beyond this acknowledgment.
Ari-web and its services are subject to international laws as well as the laws of the United States of America, Lithuania, and Sweden. Users acknowledge that these jurisdictions govern the use of Ari-web services and any disputes that may arise in connection with them. This statement is intended to clarify the legal framework applicable to the services offered by Ari-web and does not create any binding obligations beyond this acknowledgment.
We are also subject to the terms of HostHatch which you can read at:
@ -201,7 +201,7 @@ We are also subject to the terms of HostHatch which you can read at:
# Affiliations
Any member (volunteer) considered an Ari-web member (volunteer) is affiliated with Ari-web in a way where they are related and working on making Ari-web a better place for everyone at their own discretion. Furthermore, Ari-web as a non-legally-formed organization of individuals, cannot be affiliated with any legal entities. Affiliations are handled by the Authoritative party inidividually, and all benifits from that affiliation will be used at the Authoritative party's discretion whether it be by using it to support Ari-web, other projects, or for personal use.
Any member (volunteer) considered an Ari-web member (volunteer) is affiliated with Ari-web in a way where they are related and working on making Ari-web a better place for everyone at their own discretion. Furthermore, Ari-web as a non-legally-formed organization of individuals, cannot be affiliated with any legal entities. Affiliations are handled by the Authoritative party individually, and all benefits from that affiliation will be used at the Authoritative party's discretion whether it be by using it to support Ari-web, other projects, or for personal use.
All affiliate content on Ari-web share a part of the Ari-web license set, which usually includes copyright to the Authoritative party provided by licenses such as MIT, GPL, AGPL, BSD, or CC-BY-SA, or no copyright at all as provided by public domain licenses such as Unlicense, CC0, or WTFPL. Ari-web shalt never produce proprietary assets licensed under a proprietary license with greatly restricts others' ability to copy, modify, publish, use, compile, or distribute parts or full of it in source code form.
# Data scraping
@ -223,7 +223,7 @@ Ari-web is fully funded by the Authoritative party and volunteer donations by Cr
Nobody shall ever, unless a change of status in Ari-web, be forced to pay for a publicly available service to use it unless it is by their own discretion through direct (monetary, which are logged in a public donation log) or indirect (code and help) donations.
Ari-web, as a project almost exclussively out of the Authoritative party's pocket, costs as follows:
Ari-web, as a project almost exclusively out of the Authoritative party's pocket, costs as follows:
Purpose Payment model Annual cost
Processing server 0 (mail.ari.lt) Quarterly ($45/qr) $180
Storage server 0 (cdn.ari.lt) Quarterly ($15/qr) $60

70
src/templates/legal.j2
View file

@ -2,9 +2,9 @@
{% block title %}Legal{% endblock %}
{% block description %}Legal information of ari-web.{% endblock %}
{% block description %}Legal framework of Ari-web.{% endblock %}
{% block keywords %}ari::web, services, foss services, homepage, portfolio, resume, matrix, says, https, email, guestbook, legal, privacy policy, privacy, logging, gdpr, dmca, anti-ai policies{% endblock %}
{% block keywords %}ari::web, services, foss services, homepage, portfolio, resume, matrix, says, https, email, guestbook, legal, privacy policy, privacy, logging, gdpr, dmca, anti-ai policies, coppa{% endblock %}
{% block head %}
<link rel="stylesheet" href="{{ url_for("static", filename="fonts/Hack.css") }}" type="text/css" referrerpolicy="no-referrer" />
@ -42,14 +42,14 @@
{% endblock %}
{% block header %}
<h1>Legal information of Ari-web</h1>
<h1>Legal framework of Ari-web</h1>
{% endblock %}
{% block main %}
<p>
This is the legal information of ari-web which covers topics such as logging policy,
This is the legal framework of Ari-web which covers topics such as logging policy,
privacy policy, data control, data control compliance, as well as other legal aspects
when it comes to using ari-web services. By using or requesting to use any ari-web services
when it comes to using Ari-web services. By using or requesting to use any Ari-web services
you agree to the legal framework outlined in this document, and agree to keep yourself updated
with or without notice.
</p>
@ -99,7 +99,7 @@
</li>
<li>
Ari-web Members
Ari-web Members , coppa
<ul>
<li>
@ -196,7 +196,8 @@
</ul>
<p>
Collectively, we are called <b>Ari-web</b>. You are an outside party using our free (libre and gratis) and open source services.
Collectively, we are called <b>Ari-web</b>. You are an outside party using our free (Libre and Gratis) and open source services.
Although, responsibility for Ari-web goes to the Authoritative party.
<p>
<h2 id="liability"><a href="#liability">#</a> Liability Disclaimer</h2>
@ -208,7 +209,7 @@
</p>
<p>
In no event shall ari-web be liable for any indirect, special, incidental, or consequential damages related to your
In no event shall Ari-web be liable for any indirect, special, incidental, or consequential damages related to your
use of its services.
</p>
@ -217,7 +218,8 @@
<p>
Ari-web will make reasonable efforts to protect your privacy unless circumstances call for access termination,
transfer, or limitation with or without notice, such as in cases of legal compliance or suspected misuse of services.
Ari-web reserves the right to manage your access at its discretion.
Ari-web reserves the right to manage your access at its discretion. We will report any violations of the law to the
required authorities if needed with the information you have consented to be logged for genuine interest.
</p>
<h2 id="modification"><a href="#privacy">#</a> Modifications and Exceptions</h2>
@ -258,7 +260,7 @@
<li>ISP: HostHatch</li>
<li>Hardware: 1 vCPU core, 1024 MB of RAM, 1000 GB of HDD storage + 20 GB NVMe storage, 2500 GB of network bandwidth.</li>
<li>Purpose: Storing data</li>
<li>Access: Cut off from the rest of the internet except rate limited and strongly autheticated port 22 traffic for SSH.</li>
<li>Access: Cut off from the rest of the internet except rate limited and strongly authenticated port 22 traffic for SSH.</li>
</ul>
</ul>
</li>
@ -272,7 +274,7 @@
any changes to terms or policies. While Ari-web strives to maintain this level of transparency,
it acknowledges that certain circumstances may limit the extent of disclosure. Users are encouraged to reach out with any
questions or concerns regarding transparency in the services provided. Ari-web will do their best to notify of changes
of ToS, but it is your responsibility to keep up with the changes.
of the legal framework, but it is your responsibility to keep up with the changes.
</p>
<h2 id="services"><a href="#services">#</a> Services</h2>
@ -378,7 +380,7 @@
We collect and process personal data and logs only for specified, legitimate purposes and ensure that such data is accurate, up-to-date, and
retained only as long as necessary for those purposes. Users have rights regarding their personal data, including access,
rectification, and erasure, which we honor in accordance with GDPR requirements even for non-EU citizens. We believe that such freedom
is an essential basic human right.
is a basic human right.
</p>
<p>
@ -388,15 +390,16 @@
</p>
<p>
If you notice any resource or action violating the law, GDPR, COPPA, or DMCA, contact the Authoritative party with all information and
full paths and URLs/URIs of the violating content. Without sufficient information, the Authoritative party cannot do anything about
If you notice any resource or action violating the law, GDPR, COPPA, or DMCA, contact Ari-web with all information and
full paths and URLs/URIs of the violating content. Without sufficient information, we cannot do anything about
the violations, so you may be requested for more information to be able to process your request.
</p>
<p>
By using our services, you acknowledge our commitment to these regulations and understand that we will take all necessary steps to ensure compliance with the law, GDPR, COPPA, and DMCA.
Furthermore, you acknowledge that you are the age of digital consent to allow your data to be processed, or that your legal guardians have consented to your data being processed
for non-commential uses, for instance, instant messaging or serving of posts to provide functionality to our provided services.
By using our services, you acknowledge our commitment to these regulations and understand that we will take all necessary steps to ensure
compliance with the law, GDPR, COPPA, and DMCA. Furthermore, you acknowledge that you are the age of digital consent and allow your data to be processed,
or that your legal guardians have consented to your data being processed for non-commercial uses, for instance, instant messaging or serving of
user-generated content to provide functionality to our provided services.
</p>
<p>
@ -418,9 +421,8 @@
</p>
<p>
You reserve the right to request mass data deletion of any data logged or stored, even if GDPR does not apply in your
jurisdiction by simply sending a request to <a href="mailto:gdpr@ari.lt">gdpr@ari.lt</a>.
Logs are mainly collected for moderation and service stability ensurance.
You reserve the right to request mass data deletion of any data logged or stored by simply sending a request to
<a href="mailto:bye@ari.lt">bye@ari.lt</a>. Logs are mainly collected for moderation and service stability insurance.
</p>
<div class="table">
@ -436,7 +438,7 @@
<td>All</td>
<td>Your IP address (logs are rotated every 64 days), access URI, authentication attempts, timestamp, response code, and parameters</td>
<td>Your IP address (temporarily for up to a week in-memory), all data you sent to be processed and expect it to be stored (such as comments, messages, files, ...), cookies</td>
<td>You are responsible for your own privacy by using client-side encryption. Data on Ari-web is mninimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See <a href="https://www.openpgp.org/">OpenPGP</a>). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. Most logs are rotated every 64 days.</td>
<td>You are responsible for your own privacy by using client-side encryption. Data on Ari-web is minimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See <a href="https://www.openpgp.org/">OpenPGP</a>). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. Most logs are rotated every 64 days.</td>
</tr>
<tr>
@ -448,7 +450,7 @@
<tr>
<td>Matrix (matrix.ari.lt)</td>
<td>Error reporting information with nonidenfiable or minimally idenfiable information.</td>
<td>Error reporting information with nonindefinable or minimally identifiable information.</td>
<td>All <a href="https://matrix.org/docs/matrix-concepts/rooms_and_events/">Matrix rooms and events</a> as well as files to be stored, federated or not. Federates the aforementioned events to other servers out of our control due to the nature of the mash nature of the Matrix protocol.</td>
<td></td>
</tr>
@ -463,20 +465,20 @@
<tr>
<td>Git forge (Forgejo at git.ari.lt)</td>
<td>Any events or actions taken by You on git Forge, including authenticating, creating repositories, organisations, using runners (actions), deleting repositories, commits, etc.</td>
<td>All repositories (private and public) and their data as well as metadata, user profile data, authentication data, prefrences, blocked users, avatars, descriptions, emails, organizations, etc.</td>
<td>Git forge is meant to store data like a versioned file store of sort (i.e. <a href="https://git-scm.com/">Git VCS</a>), therefore, all you send there will be served, to public or not (depending on your prefrences).</td>
<td>All repositories (private and public) and their data as well as metadata, user profile data, authentication data, preferences, blocked users, avatars, descriptions, emails, organizations, etc.</td>
<td>Git forge is meant to store data like a versioned file store of sort (i.e. <a href="https://git-scm.com/">Git VCS</a>), therefore, all you send there will be served, to public or not (depending on your preferences).</td>
</tr>
<tr>
<td>Email mailboxes of Ari-web email using <a href="https://mailcow.email/">Mailcow</a> (mail.ari.lt)</td>
<td>All actions performed on email are agressively logged. This includes: Email subject, email headers, rSpamD scan result, ClamAV antivirus results, access and authentication of both email and web UI, sent and received mail, IP address spam statistics, mailbox spam statistics, email (and its body) spam statistics (fuzzy hashes and scores mainly). This ensures full stability and deliverability of the email server.</td>
<td>All actions performed on email are logged. This includes: Email subject, email headers, rSpamD scan result, ClamAV antivirus results, access and authentication of both email and web UI, sent and received mail, IP address spam statistics, mailbox spam statistics, email (and its body) spam statistics (fuzzy hashes and scores mainly). This ensures full stability and deliverability of the email server.</td>
<td>All data related to your email is stored. This includes: IP address, email body, attachments, headers, spam scores and metadata, email threads, WebUI accounts (and their associated data), etc.</td>
<td>Even though we try to ensure best security of emails as well as secure access and storage, you are responsible for ensuring your total privacy. We are <b>NOT</b> allowed to invade your privacy unless circumstances call for it, although, to be safe, we suggest public key encryption to be used. See <a href="#termination">Termination, Limitation, and Transfer</a> for more details.</td>
</tr>
<tr>
<td>Semi-managed email using custom domains using <a href="https://mailcow.email/">Mailcow</a> (goes to mail.ari.lt)</td>
<td>All data related to email mailboxes is logged as described above. Although, email hosting with custom domains comes with its own caviates as well, for instance, you may be requested to add DMARC reports support to your domain. All administrator actions will also be logged and stored relating to your custom domain like login attempts, change of settings and rules as well as related events.</td>
<td>All data related to email mailboxes is logged as described above. Although, email hosting with custom domains comes with its own unique logging as well, for instance, you may be requested to add DMARC reports support to your domain. All administrator actions will also be logged and stored relating to your custom domain like login attempts, change of settings and rules as well as related events.</td>
<td>Mailbox information is stored as described above. Administrator information is stored similarly to mailbox WebUI accounts, including authentication information and various domain-related information such as logs and private keys (like DKIM).</td>
<td>You, as the domain administrator, are required to ensure best security practices when using Ari-web email and to not violate the described terms in this document. Your violation of these terms will be considered a breach, therefore, your access will be terminated with notice.</td>
</tr>
@ -491,7 +493,7 @@
<tr>
<td>RoundCube webmail (rc.ari.lt)</td>
<td>Logs error information.</td>
<td>Stores your sessions as well as your password in an encrypted format as well as user prefrences, identities, and other related webmail data.</td>
<td>Stores your sessions as well as your password in an encrypted format as well as user preferences, identities, and other related webmail data.</td>
<td></td>
</tr>
@ -505,7 +507,7 @@
<tr>
<td>Akkoma/fediverse instance (ak.ari.lt)</td>
<td>All actions taken by administrators are logged as well as errors / warnings / faults related to various parts of the applications.</td>
<td>Stores all data sent to the server, federated or not, such as user-generated content (posts, dms), descriptions, content warnings, avatars, alt texts, interractions, tags, avatars, uploads, etc. and federates them to other servers out of our control due to the nature of the mash nature of the ActivityPub protocol.</td>
<td>Stores all data sent to the server, federated or not, such as user-generated content (posts, DMs), descriptions, content warnings, avatars, alt texts, interactions, tags, avatars, uploads, etc. and federates them to other servers out of our control due to the nature of the mesh nature of the ActivityPub protocol.</td>
<td></td>
</tr>
</table>
@ -516,7 +518,7 @@
<p>
Ari-web tries to provide the best uptime, although, there is zero guarantee on any sort of
service availability in percentage. You get what you get essentially. Although, expect minor
downtime monthly or bimonthly for maintenence tasks such as a maintenence reboot or a configuration
downtime monthly or bimonthly for maintenance tasks such as a maintenance reboot or a configuration
change. This assumption is not to be construed as a guarantee.
</p>
@ -532,7 +534,7 @@
</p>
<p>
Termination or Limitation of Services: ari-web may terminate or limit services if Ari-web deems the service too difficult to control or moderate,
Termination or Limitation of Services: Ari-web may terminate or limit services if Ari-web deems the service too difficult to control or moderate,
or if a constant pattern of violations or one extreme and severe violation is detected. For individuals, services may be terminated without notice if they continue
to violate the terms of service or engage in behaviour that Ari-web considers unacceptable. Such decisions will be based on the outlines in this document
as well as Ari-web interpretation of this document and their own discretion.
@ -561,8 +563,8 @@
<p>
Ari-web and its services are subject to international laws as well as the laws of the United States of America, Lithuania, and Sweden.
Users acknowledge that these jurisdictions govern the use of ari-web services and any disputes that may arise in connection with them.
This statement is intended to clarify the legal framework applicable to the services offered by ari-web and does not create any
Users acknowledge that these jurisdictions govern the use of Ari-web services and any disputes that may arise in connection with them.
This statement is intended to clarify the legal framework applicable to the services offered by Ari-web and does not create any
binding obligations beyond this acknowledgment.
</p>
@ -582,7 +584,7 @@
Any member (volunteer) considered an Ari-web member (volunteer) is affiliated with Ari-web in a way where they are related
and working on making Ari-web a better place for everyone at their own discretion. Furthermore, Ari-web as a non-legally-formed
organization of individuals, cannot be affiliated with any legal entities. Affiliations are handled by the Authoritative party
inidividually, and all benifits from that affiliation will be used at the Authoritative party's discretion whether it be by
individually, and all benefits from that affiliation will be used at the Authoritative party's discretion whether it be by
using it to support Ari-web, other projects, or for personal use.
</p>
@ -644,7 +646,7 @@
</p>
<p>
Ari-web, as a project almost exclussively out of the Authoritative party's pocket, costs as follows:
Ari-web, as a project almost exclusively out of the Authoritative party's pocket, costs as follows:
</p>
<div class="table">