mirror of
https://git.ari.lt/ari.lt/ari.lt.git
synced 2025-02-04 09:39:25 +01:00
Improve legal policies regarding privacy, logging, and scraping of data.
Signed-off-by: Ari Archer <ari@ari.lt>
This commit is contained in:
parent
0d937c9a53
commit
d5719a6395
3 changed files with 108 additions and 38 deletions
Binary file not shown.
|
|
@ -5,7 +5,7 @@ This is the legal framework of Ari-web which covers topics such as logging polic
|
|||
|
||||
This document serves as an agreement between you and Ari-web parties, regarding the use and management of Ari-web's services. It outlines the expectations, responsibilities, and limitations for both parties.
|
||||
|
||||
Visitor: 1713856
|
||||
Visitor: 1713959
|
||||
Authored at: 2024-11-04 (YYYY-MM-DD)
|
||||
Latest update: 2024-12-25 (YYYY-MM-DD)
|
||||
OpenPGP signature of this document by the Authoritative party's OpenPGP key: legal.sig (Note: Only the text content found in legal.txt was signed. Use that text-only static copy of this document to verify the signature.)
|
||||
|
|
@ -78,7 +78,13 @@ Ari-web disclaims all liability for any damages, data loss, dissatisfaction, or
|
|||
In no event shall Ari-web be liable for any indirect, special, incidental, or consequential damages related to your use of its services.
|
||||
# Privacy and Data Protection
|
||||
|
||||
Ari-web will make reasonable efforts to protect your privacy unless circumstances call for access termination, transfer, or limitation with or without notice, such as in cases of legal compliance or suspected misuse of services. Ari-web reserves the right to manage your access at its discretion. We will report any violations of the law to the required authorities if needed with the information you have consented to be logged for genuine interest.
|
||||
By using our services, you agree that any data you send to Ari-web servers is to be processed, stored, logged, and served, provided there is genuine interest behind those actions. We reserve to change these policies at any point for genuine interest which includes service functionality, moderation, administration, or allowing extra features with or without prior notice.
|
||||
|
||||
Ari-web will make reasonable efforts to protect your privacy unless circumstances call for access termination, transfer, or limitation of service with or without notice. Such as in cases of legal compliance or suspected misuse of services. Ari-web reserves the right to manage your access at its discretion with genuine interest. We will report any violations of the law to the required authorities if we are legally obliged to do so. Moreover, no data will ever be shared with third parties and we will not sell your information in any capacity. However, we may share your information with relevant authorities in case we are legally obliged in accordance to the law. We do not share your information with any unauthorized parties or for any other illegitimate purposes.
|
||||
|
||||
We shall undertake all reasonable measures to safeguard your privacy and maintain the confidentiality as well as security of your information. The protection of your security and privacy is our paramount priority and we believe in the open source seucurity model wherever possible. Contact security@ari.lt if you have found concerns regarding the security of the Ari-web infrastructure and we will promptly review your inquiry.
|
||||
|
||||
You reserve the right to request (mass) data or log deletion of any data logged or stored by simply sending a request to bye@ari.lt - this policy is independent of your jurisdiction as we believe data control is a basic human right. Please provide us with a reason of why you want the data to be deleted if possible if you are requesting data or logs to be deleted, although, it is not required.
|
||||
# Modifications and Exceptions
|
||||
|
||||
Ari-web reserves the right to modify these terms at any time without prior notice. Exceptions to these terms may be granted by the Authoritative party in writing with a digital signature, at their discretion.
|
||||
|
|
@ -155,15 +161,13 @@ Contact us for any violations, questions, or various other things by either Auth
|
|||
COPPA: coppa@ari.lt
|
||||
DMCA: dmca@ari.lt
|
||||
|
||||
# Logging, privacy, and data processing
|
||||
# Logging and data processing
|
||||
|
||||
By using our services, you agree that any data you send to Ari-web servers to be processed, stored, logged, and served. We reserve to change these policies at any point for genuine interest which includes service functionality, moderation, administration, or allowing extra features with or without prior notice.
|
||||
We log data for various purposes, for instance, ensuring data security and preventing attacks as well as moderation/administation of various services. Data processing part is the service you are requesting to use, therefore, it is to be expected and you consent to these policies by using the services. For any questions, contact the Authoritative party.
|
||||
|
||||
No data will ever be shared with 3rd parties and we will not sell your information in any capacity. However, we may share your information with relevant authorities in case we are legally obliged in accordance to the law. We do not share your information with any unauthorized parties or for any other illegitimate purposes.
|
||||
|
||||
You reserve the right to request mass data deletion of any data logged or stored by simply sending a request to bye@ari.lt. Logs are mainly collected for moderation and service stability insurance.
|
||||
Genuine interest can include moderation/administation, providing of services, ensuring service stability, and other typically genuine interest goals when providing services. Genuine interest does not cover corporate gain, law violation, invasive statistics, or other illegitimate and irrational purposes you would not usually expect.
|
||||
Service Logged information Stored information Notes Purposes
|
||||
All Your IP address (logs are rotated every 64 days), access URI, authentication attempts, timestamp, response code, and parameters Your IP address (temporarily for up to a week in-memory), all data you sent to be processed and expect it to be stored (such as comments, messages, files, ...), cookies You are responsible for your own privacy by using client-side encryption. Data on Ari-web is minimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See OpenPGP). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. Most logs are rotated every 64 days. This data is baseline collection for ensuring service stability and our ability to moderate content as well as access to resources. This data is not used for analytical purposes, but rather for security and stability ensurance.
|
||||
All Your IP address (logs are rotated every 64 days), access URI, authentication attempts, timestamp, response code, and parameters Your IP address (temporarily for up to a week in-memory), all data you sent to be processed and expect it to be stored (such as comments, messages, files, ...), cookies You are responsible for your own privacy by using client-side encryption. Data on Ari-web is minimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See OpenPGP). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. These logs are rotated every 64 days. This data is baseline collection for ensuring service stability and our ability to moderate content as well as access to resources. This data is not used for analytical purposes, but rather for security and stability ensurance.
|
||||
Computing (access to the server's compute resources) Everything you do on the system is logged, including file access, login attempts, and resource usage as well as the normal logs as described above ("All"). Stored information is all information you may put on the server, which includes (but is not limited to) files, logs, software, and code. These assets will not be served unless you choose to serve them yourself, in which case, you should request the Authoritative party to allow you to use certain ports and for them to be open to the open internet. You are responsible for ensuring your own privacy and not compromising the security of the compute resources, although, it will and is monitored to ensure best practices are being followed. You are responsible for managing your own resource usage without abusing them as well as adhering to Ari-web policies and initiating your own. You may not distribute or even read data or configuration that is not meant for you. The purpose of this information is for ensuring no unauthorised access or tampering is going on - this is to ensure upmost security and privacy of everyone. Data storage and processing, even though mostly done by you, still depend on Ari-web resources, and is the purpose of the service - therefore, you acknowledge that data is still stored and served on Ari-web.
|
||||
Matrix (matrix.ari.lt) Error reporting information with nonindefinable or minimally identifiable information. All Matrix rooms and events as well as files to be stored, federated or not. Federates the aforementioned events to other servers out of our control due to the nature of the mash nature of the Matrix protocol. Collection of error messages is for issue resolution and detection, for example, federation errors or database errors could indicate various problems with the server to be addresed. The data you send is stored to ensure service since the sole purpose of instant messaging is for the messages to be stored and served, as well as federated in case of Matrix.
|
||||
XMPP/Jabber (ari.lt ports 5222, 5269, 5223, 5270, and 5281) Client/server events (federated or not), including (but not limited to) connections, authentication, and error reporting information. All XMPP events and multi-user chats as well as files to be stored, federated or not. XMPP has a unique way of storing various events, therefore, you are strongly encouraged to use private-only MUCs (multi-user chats) on muc.ari.lt with encryption with OMEMO or OpenPGP. Logging of events and their status is for the purpose of preventing brute-force attacks as well as (D)DoS attacks by rate limiting events and connections. Data storage is for service providing purposes and it is to be expected if you are requesting or are using Ari-web XMPP.
|
||||
|
|
@ -213,11 +217,28 @@ Any member (volunteer) considered an Ari-web member (volunteer) is affiliated wi
|
|||
All affiliate content on Ari-web share a part of the Ari-web license set, which usually includes copyright to the Authoritative party provided by licenses such as MIT, GPL, AGPL, BSD, or CC-BY-SA, or no copyright at all as provided by public domain licenses such as Unlicense, CC0, or WTFPL. Ari-web shalt never produce proprietary assets licensed under a proprietary license with greatly restricts others' ability to copy, modify, publish, use, compile, or distribute parts or full of it in source code form.
|
||||
# Data scraping
|
||||
|
||||
You shall not scrape any data from Ari-web for unethical, wasteful, or abusive scraping purposes. For example, any scraping of data for training corporate AI models or Large Language Models using our Data and/or User Content in any way is prohibited and not deemed acceptable. You may scrape data solely for the purpose of indexing to improve searchability or for the development of client applications that utilize Ari-web services, as well as for education or entertainment purposes that would be considered reasonable and okay in most other applications, so long as it does not violate privacy, freedom, or rights of others and complies to our terms.
|
||||
You shall not scrape any data from Ari-web for unethical, wasteful, or abusive scraping purposes, or that violates the license terms, access, and/or protections of the data in question. There are instances where data scraping is deemed acceptable and expected, refer to the list below for more details.
|
||||
|
||||
Should you fail to comply to these policies, you hereby acknowledge and agree that in situations where data scraping is found to be a breach of these terms, you agree to pay a fee of 1 euro per byte (8 bits) of digital data scraped from Ari-web, directly to the Authoritative Party, after which the finances will be treated and used donations - to support Ari-web, the Authoritative party, and also giving back to the people who's content was stolen. This clause is designed to prevent unethical and wasteful practices that not only harm the environment but also infringe upon the rights of our users and our organization.
|
||||
Provided you adhere to the other terms outlined in this document and scrape data responsibly without overwhelming the server, generally acceptable data scraping purposes include (but are not limited to):
|
||||
Indexing for searchability (search engines, public indexers that do not violate user privacy, etc.)
|
||||
Developing of client applications (like aggregators or tools that enhance user experience)
|
||||
Educational purposes (educational projects, research, personal learning experiences, etc.)
|
||||
Publicly accessible data (publicly available sources for personal use or analysis)
|
||||
Non-commercial personal projects or research (given that they do not harm the website's functionality)
|
||||
Other generally accepted scraping that is done so responsibly and is typically practiced outside gray area.
|
||||
Generally unaccepted data scraping purposes include (but are not limited to):
|
||||
Scraping data to train corporate AI models or Large Language Models (LLMs).
|
||||
Unauthorised use or access of personal or restricted data.
|
||||
Scraping of information that can be deemed sensitive.
|
||||
Aggressively scraping data that impact the stability or performance of the service.
|
||||
Reselling of scraped data.
|
||||
Other generally non-accepted or irresponsible scraping or gray area scraping that has not been explicitly consented for.
|
||||
|
||||
If you are unsure whether or not you may scrape data for a certain purpose on Ari-web, you should contact scraping@ari.lt with your enquiries listing what purpose the data will be scraped for, what data will be scraped, and what you promise to do to protect the rights of others with your data scraping acts.
|
||||
Should you fail to comply to these policies, you hereby acknowledge and agree that in situations where data scraping is found to be a breach of these terms, you agree to pay a fee of 1 euro per byte (8 bits) of digital data scraped from Ari-web, directly to the Authoritative Party, after which the finances will be treated and used donations - to support Ari-web and also giving back to the people who's content was essentially stolen from. We will make reasonable efforts to fairly share the fee with the authors of the original content as well as cover the wasted computing resources or other harm/waste that your unauthorised scraping caused.
|
||||
|
||||
This clause is designed to prevent unethical and wasteful practices that not only harm the environment but also infringe upon the rights of our users and our volunteer organization. We stand for human rights.
|
||||
|
||||
If you are unsure whether or not you may scrape data for a certain purpose on Ari-web, you should contact scraping@ari.lt with your enquiries listing what purpose the data will be scraped for, what data will be scraped, and what you promise to do to protect the rights of others with your data scraping acts. We will not consent for the authors, rather we can give guidance or a definitive answer regarding your questions.
|
||||
# Finances
|
||||
|
||||
Ari-web is fully funded by the Authoritative party and volunteer donations by Cryptocurrency. This includes:
|
||||
|
|
|
|||
|
|
@ -221,13 +221,37 @@
|
|||
<h2 id="privacy"><a href="#privacy">#</a> Privacy and Data Protection</h2>
|
||||
|
||||
<p>
|
||||
Ari-web will make reasonable efforts to protect your privacy unless circumstances call for access termination,
|
||||
transfer, or limitation with or without notice, such as in cases of legal compliance or suspected misuse of services.
|
||||
Ari-web reserves the right to manage your access at its discretion. We will report any violations of the law to the
|
||||
required authorities if needed with the information you have consented to be logged for genuine interest.
|
||||
By using our services, you agree that any data you send to Ari-web servers is to be processed, stored, logged, and served,
|
||||
provided there is genuine interest behind those actions. We reserve to change these policies at any point for genuine interest
|
||||
which includes service functionality, moderation, administration, or allowing extra features with or without prior notice.
|
||||
</p>
|
||||
|
||||
<h2 id="modification"><a href="#privacy">#</a> Modifications and Exceptions</h2>
|
||||
<p>
|
||||
Ari-web will make reasonable efforts to protect your privacy unless circumstances call for access termination,
|
||||
transfer, or limitation of service with or without notice. Such as in cases of legal compliance or suspected misuse of services.
|
||||
Ari-web reserves the right to manage your access at its discretion with genuine interest.
|
||||
We will report any violations of the law to the required authorities if we are legally obliged to do so.
|
||||
Moreover, no data will ever be shared with third parties and we will not sell your information in any capacity.
|
||||
However, we may share your information with relevant authorities in case we are legally obliged in accordance to the law.
|
||||
We do not share your information with any unauthorized parties or for any other illegitimate purposes.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
We shall undertake all reasonable measures to safeguard your privacy and maintain the confidentiality as well as security of your information.
|
||||
The protection of your security and privacy is our paramount priority and we believe in the open source seucurity model wherever possible.
|
||||
Contact <a href="mailto:security@ari.lt">security@ari.lt</a> if you have found concerns regarding the security of the Ari-web infrastructure
|
||||
and we will promptly review your inquiry.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
You reserve the right to request (mass) data or log deletion of any data logged or stored by simply sending a request to
|
||||
<a href="mailto:bye@ari.lt">bye@ari.lt</a> - this policy is independent of your jurisdiction as we believe data control is a basic human right.
|
||||
Please provide us with a reason of <i>why</i> you want the data to be deleted if possible if you are requesting data or logs to be deleted,
|
||||
although, it is not required.
|
||||
</p>
|
||||
|
||||
|
||||
<h2 id="modification"><a href="#modification">#</a> Modifications and Exceptions</h2>
|
||||
|
||||
<p>
|
||||
Ari-web reserves the right to modify these terms at any time without prior notice.
|
||||
|
|
@ -417,23 +441,18 @@
|
|||
<li>DMCA: <a href="mailto:dmca@ari.lt">dmca@ari.lt</a></li>
|
||||
</ul>
|
||||
|
||||
<h2 id="data"><a href="#data">#</a> Logging, privacy, and data processing</h2>
|
||||
<h2 id="data"><a href="#data">#</a> Logging and data processing</h2>
|
||||
|
||||
<p>
|
||||
By using our services, you agree that any data you send to Ari-web servers to be processed, stored, logged, and served.
|
||||
We reserve to change these policies at any point for genuine interest which includes service functionality, moderation,
|
||||
administration, or allowing extra features with or without prior notice.
|
||||
We log data for various purposes, for instance, ensuring data security and preventing attacks as well as moderation/administation of
|
||||
various services. Data processing part is the service you are requesting to use, therefore,
|
||||
it is to be expected and you consent to these policies by using the services. For any questions, contact the Authoritative party.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
No data will ever be shared with 3rd parties and we will not sell your information in any capacity.
|
||||
However, we may share your information with relevant authorities in case we are legally obliged in accordance to the law.
|
||||
We do not share your information with any unauthorized parties or for any other illegitimate purposes.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
You reserve the right to request mass data deletion of any data logged or stored by simply sending a request to
|
||||
<a href="mailto:bye@ari.lt">bye@ari.lt</a>. Logs are mainly collected for moderation and service stability insurance.
|
||||
Genuine interest can include moderation/administation, providing of services, ensuring service stability, and other typically genuine
|
||||
interest goals when providing services. Genuine interest does not cover corporate gain, law violation, invasive statistics,
|
||||
or other illegitimate and irrational purposes you would not usually expect.
|
||||
</p>
|
||||
|
||||
<div class="table">
|
||||
|
|
@ -450,7 +469,7 @@
|
|||
<td>All</td>
|
||||
<td>Your IP address (logs are rotated every 64 days), access URI, authentication attempts, timestamp, response code, and parameters</td>
|
||||
<td>Your IP address (temporarily for up to a week in-memory), all data you sent to be processed and expect it to be stored (such as comments, messages, files, ...), cookies</td>
|
||||
<td>You are responsible for your own privacy by using client-side encryption. Data on Ari-web is minimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See <a href="https://www.openpgp.org/">OpenPGP</a>). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. Most logs are rotated every 64 days.</td>
|
||||
<td>You are responsible for your own privacy by using client-side encryption. Data on Ari-web is minimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See <a href="https://www.openpgp.org/">OpenPGP</a>). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. These logs are rotated every 64 days.</td>
|
||||
<td>This data is baseline collection for ensuring service stability and our ability to moderate content as well as access to resources. This data is not used for analytical purposes, but rather for security and stability ensurance.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -630,25 +649,55 @@
|
|||
<h2 id="scraping"><a href="#scraping">#</a> Data scraping</h2>
|
||||
|
||||
<p>
|
||||
You shall not scrape any data from Ari-web for unethical, wasteful, or abusive scraping purposes. For example, any scraping of data for
|
||||
training corporate AI models or Large Language Models using our Data and/or User Content in any way is prohibited and not deemed acceptable.
|
||||
You may scrape data solely for the purpose of indexing to improve searchability or for the development of client applications
|
||||
that utilize Ari-web services, as well as for education or entertainment purposes that would be considered reasonable and okay in
|
||||
most other applications, so long as it does not violate privacy, freedom, or rights of others and complies to our terms.
|
||||
You shall not scrape any data from Ari-web for unethical, wasteful, or abusive scraping purposes, or that violates the license terms, access, and/or protections of the data in question.
|
||||
There are instances where data scraping is deemed acceptable and expected, refer to the list below for more details.
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
Provided you adhere to the other terms outlined in this document and scrape data responsibly without overwhelming the server, generally acceptable data scraping purposes include (but are not limited to):
|
||||
|
||||
<ul>
|
||||
<li>Indexing for searchability (search engines, public indexers that do not violate user privacy, etc.)</li>
|
||||
<li>Developing of client applications (like aggregators or tools that enhance user experience)</li>
|
||||
<li>Educational purposes (educational projects, research, personal learning experiences, etc.)</li>
|
||||
<li>Publicly accessible data (publicly available sources for personal use or analysis)</li>
|
||||
<li>Non-commercial personal projects or research (given that they do not harm the website's functionality)</li>
|
||||
<li>Other generally accepted scraping that is done so responsibly and is typically practiced outside gray area.</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
Generally unaccepted data scraping purposes include (but are not limited to):
|
||||
|
||||
<ul>
|
||||
<li>Scraping data to train corporate AI models or Large Language Models (LLMs).</li>
|
||||
<li>Unauthorised use or access of personal or restricted data.</li>
|
||||
<li>Scraping of information that can be deemed sensitive.</li>
|
||||
<li>Aggressively scraping data that impact the stability or performance of the service.</li>
|
||||
<li>Reselling of scraped data.</li>
|
||||
<li>Other generally non-accepted or irresponsible scraping or gray area scraping that has not been explicitly consented for.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
Should you fail to comply to these policies, you hereby acknowledge and agree that in situations where data scraping is found to be a
|
||||
breach of these terms, you agree to pay a fee of 1 euro per byte (8 bits) of digital data scraped from Ari-web, directly to the Authoritative Party,
|
||||
after which the finances will be treated and used donations - to support Ari-web, the Authoritative party, and also giving back to the people
|
||||
who's content was stolen. This clause is designed to prevent unethical and wasteful practices that not only harm the environment but also
|
||||
infringe upon the rights of our users and our organization.
|
||||
after which the finances will be treated and used donations - to support Ari-web and also giving back to the people
|
||||
who's content was essentially stolen from. We will make reasonable efforts to fairly share the fee with the authors of the original
|
||||
content as well as cover the wasted computing resources or other harm/waste that your unauthorised scraping caused.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
This clause is designed to prevent unethical and wasteful practices that not only harm the environment but also infringe upon the rights of our users and our volunteer organization.
|
||||
We stand for human rights.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If you are unsure whether or not you may scrape data for a certain purpose on Ari-web, you should contact <a href="mailto:scraping@ari.lt">scraping@ari.lt</a> with
|
||||
your enquiries listing what purpose the data will be scraped for, what data will be scraped, and what you promise to do to protect the rights of others with your
|
||||
data scraping acts.
|
||||
data scraping acts. We will not consent for the authors, rather we can give guidance or a definitive answer regarding your questions.
|
||||
</p>
|
||||
|
||||
<h2 id="finances"><a href="#finances">#</a> Finances</h2>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue