Bitcoin Forum
April 22, 2019, 07:27:22 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Advice wanted: Privacy Policy for multibit.org  (Read 2183 times)
jim618
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000



View Profile WWW
February 21, 2013, 03:53:45 PM
Last edit: February 21, 2013, 05:20:06 PM by jim618
 #1

Hi,

I have produced a draft Privacy Policy for the multibit.org site/machine and would like this sub-forum to review it for improvements please.  The basic idea is to collect only the minimal amount of data necessary and that I automatically delete IP logs after a set period of time "X weeks" (not that I have this implemented yet.) It is based on the hushmail.com Privacy Policy.

Please post any comments or suggestions for improvements on this thread.

Thanks,

Jim

------------------------------------------------------
Privacy Policy

Who we are
Multibit.org is a privately run site hosting the MultiBit software. Multibit.org runs on a dedicated server located in a data centre in Strasbourg, France. This machine is owned and managed by www.server4you.com. In this Privacy Policy, “We” or "us" means any user with SSH access to this server. As of Feb 2013, the only user with SSH access to this server is Jim Burton. It is a condition of being given SSH access to this machine that you agree to comply with this privacy policy.

By visiting our website and downloading MultiBit, you consent to the collection and use of information as outlined in this privacy policy.


Your data
We take steps where possible to limit the personal data we collect. The following are the ways in which we may collect personal data:

Visiting our website. We keep records of the activity that takes place on our website, including a record of Internet Protocol Addresses (IP addresses) used by website visitors. We use this information to analyse market trends, gather broad demographic information, and to prevent abuse of our services.

Downloading our software. When you download MultiBit, we record the IP address you used to download it.

Communicating with us. When you communicate with us, you may provide us with personal data about yourself. Your communication with us may be retained by us.

Accessing MultiBit help.
The MultiBit help files are hosted on the multibit.org server. When you access MultiBit help, we record your IP address.


How long do we retain your data?
The following outlines how our data retention policy affects any data we store about you:

We delete your access logs after approximately X weeks.
Any email communication you make with us we may retain indefinitely.
Summary statistics (which will not show individual user data) we may retain indefinitely.


Disclosure of user data
Under normal circumstances, we do not and will never disclose user data to anyone other than that user. We will always attempt to authenticate any requests that require the disclosure of user data to ensure they come from the user. If we are unable to successfully authenticate a request, we do not disclose any user data.

We will only disclose user data in the following circumstances:
If we receive an order enforceable under the laws of France, compelling us to disclose user data for a specific user. Because such orders generally state that we are not permitted to disclose the existence of the order to a user, we will not disclose to any user the existence, or nonexistence, of any order we may have received.

We do not use cookies to manage your sessions.

We take reasonable steps to ensure that the third-party services we use do not share information with other third parties. You should, however, verify this yourself by reviewing each site’s Privacy Policy.

Advertising
We do not use any third-party advertising providers on our website.

Use of Twitter
We use a Twitter signup on our website and hence access of the multibit.org index.html page will appear in the twitter.com IP logs.

Constant improvement
This privacy policy is under constant review and may be modified and updated in the future.

Contact us
We value your opinions and appreciate your comments. If you have any questions or concerns, please contact as described at: https://multibit.org/team.html

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
1555918042
Hero Member
*
Offline Offline

Posts: 1555918042

View Profile Personal Message (Offline)

Ignore
1555918042
Reply with quote  #2

1555918042
Report to moderator
1555918042
Hero Member
*
Offline Offline

Posts: 1555918042

View Profile Personal Message (Offline)

Ignore
1555918042
Reply with quote  #2

1555918042
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1555918042
Hero Member
*
Offline Offline

Posts: 1555918042

View Profile Personal Message (Offline)

Ignore
1555918042
Reply with quote  #2

1555918042
Report to moderator
jim618
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000



View Profile WWW
March 10, 2013, 03:47:35 PM
 #2

Hello HELP.org,

Thanks for your feedback.
multibit.org is not a company. It is basically:
1) I am some other people have written some open source software and put it on a site for you to download.
2) If you download it we will know these various things about you and your usage.
3) this is what we will do with the data from 2).
4) If you are not happy with what we will use your data for, then don't use it.

Agreed that SSH should be defined.
That section is basically saying that anyone who is given remote access to the server will have to agree with the terms of the data collection and usage. It is the scope of application of the T and Cs (on the multibit.org personnel side).

In the Windows and Linux installer I have a Do you accept the licence ? Click box so I can refer to the privacy policy there. I would have to put something in for Mac.  I guess the privacy policy at time of acceptance is the one they are agreeing to. I think you are saying that if it was changed then the user hasn't actively agreed to the new policy so the old one stands. I could probably live with that and put on the privacy page date stamped 'what changed' text.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
jim618
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000



View Profile WWW
March 10, 2013, 05:20:45 PM
 #3

Hello HELP.org,

That is exactly the sort of advice this subforum is great for !

I think you are right that there should be a limited liability "something" behind multibit.
Previously I have had UK limited companies set up for various things. I am not sure UK law is the best for anything internet related as I don't think we have very good privacy laws. (Things like RIPA about key disclosure don't help).

France actually has the right to privacy in their constitution and the server is in France so perhaps it would be better incorporated there.

Having some limited liability structure for multibit is probably the best first step for me to take.

If anybody reading this has experience in this area I would be very interested to hear how you organise your own project's liability.

Thanks for your advice.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!