added data policy

[ASoTNetworks]

partially addresses hyphacoop/hypha.coop#5. Draft: https://hackmd.io/yqaEYFZpSFytZfxc4--oHw

PR should address:

• jtisi + bbb
• website
• chat ("consensed to purge policy cron job running weekly, purge anything beyond 3 months, for all private and public hypha rooms, add to data policy, we are using tomesh infra, and the content is federated)="

[dcwalk]

How long?
Are they backed up?
What info might exist in these logs?
e.g.

• IP address
• Timestamp of visit
  ...?

[benhylau]

@ASoTNetworks please refer to https://jitsi.org/meet-jit-si-privacy/ to see what is relevant to us here.

In terms of format, I think the link @dcwalk put in this comment is the right tone hyphacoop/hypha.coop#5 (comment)

[dcwalk]

Added some thoughts @ASoTNetworks I think there might be more details we want to capture on:

• what data (what is in logs?)
• where stuff is
• is jitsi backed up?
• how long are jitsi logs kept?

[benhylau]

@ASoTNetworks please refer to https://jitsi.org/meet-jit-si-privacy/ to see what is relevant to us here.

In terms of format, I think the link @dcwalk put in this comment is the right tone hyphacoop/hypha.coop#5 (comment)

[dcwalk]

Picking up my comment from #246 here:

@ASoTNetworks can you share the pad you are drafting in? I will add parts about how the hypha.coop website and handbook (don't) collect data

[ASoTNetworks]

@dcwalk here is the link for the drafting pad https://hackmd.io/yqaEYFZpSFytZfxc4--oHw

[garrying]

From the 2020-05-20 standup:

• #todo add to data policy, we are using tomesh infra, and the content is federated

(edit: bl added this to data policy)

[benhylau]

Looking at this section from BBB privacy policy:

To make our Sites, Apps, and Services more useful to you, our servers (which may be hosted by a third party service provider) collect information from you, including browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit. Our BigBlueButton hosting will collect first name, last name, length you stayed in a session and any information you share during your session, which includes audio, response to polls, raise hand, chat messages and video. We also use cookies and web beacons (as described below) and URLs to gather information regarding the date and time of your visit, the solutions and information for which you searched and which you viewed. Like most Internet services, we automatically gather this data and store it in log files each time you visit our Sites, use our Apps, or access your account on our network. We may link this automatically-collected data to personally identifiable information.

“COOKIES” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Sites.

“WEB BEACONS” are digital images we use to log information on our Sites and in our emails. We use web beacons to manage cookies, count visits, and to learn what marketing works and what does not. We also use web beacons to tell if you open or act on our emails.

“FLASH COOKIES” are used to store your preferences such as volume control or to display content based upon what you view on our websites to personalize your visit. Third party partners who provide certain features on our websites, such as videos, may place Flash cookies on your device. They may use Flash cookies to track your Web browsing activity and to display personalized advertising. Flash cookies are different from other cookies because of the amount of, type of, and way in which data is stored. Cookie management tools provided by your browser usually will not remove Flash cookies. To learn more about Flash cookies, who has placed Flash cookies on your device, and how to manage privacy and storage settings for Flash cookies click here:

I don't think we use web beacons or flash cookies, but we probably use cookies (not for analytics or tying PII) but for storing user preferences across browser sessions. This is probably built in to apps like BBB / Loomio?

[benhylau]

Suggested change

	- [How We Use Data](#how-we-use-data)
	- [About Hypha](#about-hypha)

[benhylau]

We cannot use md for the <li>?

[dcwalk]

might be because despite being kramdown, gitbook doesn't process md in the same way jekyll does...

should test whether this works correctly regardless, might need whole list in html, sometimes mg doesn't render as expected alongside html

[dcwalk]

look at how we stylize elsewhere, I'm also not particularly worried about emails in plaintext (e.g., data@hypha.coop)

Suggested change

	If you have a concern, please email `data [at] hypha.coop`.
	If you have a concern, please email `data@hypha.coop`.

[dcwalk]

What is the status on this? Ready for another review @ASoTNetworks ?

[dcwalk]

Suggested change

	_The outline and format of this page is adopted from [Projects by IF: How IF uses data](https://www.projectsbyif.com/how-if-uses-data/)._
	_This page's outline and format is adopted from [Projects by IF: How IF uses data](https://www.projectsbyif.com/how-if-uses-data/)._

Would move this below the header matter, typically we've handled crediting not at the top

[dcwalk]

Would put crediting line here.

Suggested change

	This page was last updated on May 25, 2020. You can see previous versions on [GitHub](https://github.com/hyphacoop/handbook/).
	This page was last updated on June 2, 2020. You can see previous versions on [GitHub](https://github.com/hyphacoop/handbook/).

[benhylau]

@dcwalk this lgtm. feel free to merge if looks ok to you.

[dcwalk]

This is great for a first pass -- it doesn't comment at all about visitors to hypha.coop, link.hypha.coop, covid19.hypha.coop.... , spawning a new issue for that => #86

[dcwalk]

Tho will need revision soon per comment above.