From 1c4fcff942a1e30402361f24ce098b963a80ca72 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Wed, 30 May 2018 20:13:56 -0400 Subject: Add terms of service and privacy policy --- builds.sr.ht/manifest.md | 3 ++ index.md | 3 ++ privacy.md | 112 ++++++++++++++++++++++++++++++++++++++++++ terms.md | 123 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 241 insertions(+) create mode 100644 privacy.md create mode 100644 terms.md diff --git a/builds.sr.ht/manifest.md b/builds.sr.ht/manifest.md index 871f42e..a6f7972 100644 --- a/builds.sr.ht/manifest.md +++ b/builds.sr.ht/manifest.md @@ -84,6 +84,9 @@ Task names must use only lowercase alphanumeric characters or underscores and must be <=128 characters in length. Tasks are executed in the order specified. +Each task is run in a separate login session, so if you modify the groups of the +`build` user they will be effective starting from the subsequent task. + ## triggers *list* (of *trigger*) diff --git a/index.md b/index.md index 2224d54..a992989 100644 --- a/index.md +++ b/index.md @@ -50,3 +50,6 @@ places. + +Please review the sr.ht [terms of service](terms.md) and [privacy +policy](privacy.md). diff --git a/privacy.md b/privacy.md new file mode 100644 index 0000000..3bf468e --- /dev/null +++ b/privacy.md @@ -0,0 +1,112 @@ +If you have any questions, please reach out to Drew DeVault via +email. + +# What we collect and why + +The only data we require of your account is your email address; a username of +your choosing, which must be unique among all users; and a password. Your email +and username are stored in "plain text". Your password is stored after +processing with bcrypt, from which the original password cannot be devised +without a computationally expensive process. However, given your password, we +can determine that it matches our stored key without expensive processing. The +purpose of this step is to ensure that should our database become compromised, +your original password will be difficult to recover. Regardless, you are +strongly encouraged to use a unique password for your sr.ht account. + +You may choose to to give us additional information, which is shown publicly on +the site. This includes: + +- Your location +- A URL to any website +- A short biography + +You may omit or provide fictitious data for this information. + +You may be required to provide the following information in order to +successfully operate some parts of the service, some of which may be used to +uniquely identify you: + +- SSH keys +- PGP keys +- Two factor authorization keys + +You may delete this information at any time by visiting your [account +details](https://meta.sr.ht). If you provide a PGP key, you may choose to have +email communications from sr.ht encrypted before being sent to you. + +We also obtain some information from your web browser as you use our services +and store it for up to 30 days: + +- Your IP address +- When you accessed the site +- What you did on the site + +This information is available to you as an [audit +log](https://meta.sr.ht/security). You are not able to delete this information. +The purpose of this data collection is to inform both you and sr.ht of any +unknown activity on your account. If we permitted deletion of this information, +someone who obtains unauthorized access to your account would be able to delete +it, too. + +We also store various other kinds of information that you explicitly choose to +give us, including (but not limited to): + +- repositories on git.sr.ht +- tickets on todo.sr.ht +- build logs and secrets on builds.sr.ht + +To faciliate automated access to your account for third-party service or your +personal use, we also generate and store API keys which can be used to authorize +use of your account. A portion of these keys are stored in plaintext - not +enough to gain access to your account, but enough for us to quickly look up your +account details given the key. The full key is stored only after processing with +bcrypt, similar to the process used for your password. + +If you choose to use our paid services, we will store a token which is used to +bill your payment method. Information like your credit card number cannot be +recovered from this token. + +We also use cookies to store long-lived authorization data, to remember that +you're logged into your account between visits without prompting you for your +password again. We also use cookies to store short-lived information, like the +fact that we have to tell you on the next page you load that we completed some +operation sucessfully for you. + +## How we share your information with third-parties + +Aside from information you choose to make public in the course of your use of +sr.ht and information you explicitly choose to share with specific +third parties, none of your information is shared with third parties. We do not +embed third-party content in our website. + +We permit user-generated content to include images from and links to third-party +sites. On pages displaying this content, information may be sent to these +third-parties. This information includes: + +- Your IP address +- Information about your web browser, such as whether you use Firefox or Chrome +- The URL on sr.ht you visited when you saw this content + +We are not responsible for any additional information your web browser may send +to these third parties. + +If you use any of our paid services, we will transmit your payment information +to a third-party payment processor. You will be notified of this before the +information is transmitted, and given an opportunity to prevent its +transmission. We will be unable to provide you with paid services if you decline +to transmit this information. + +We may also be required to remit your data upon receiving an order from a court +of the United States. If permitted by the order, you will be notified if this +happens. + +## How to access and control the information we've collected + +You may submit a request via email to Drew DeVault to request an +archive of the information we've collected about you, or to request that we +remove any information we've collected about you. + +## Changes to this document + +We may make changes to this document with no less than 2 weeks notice. Notice of +these changes will be sent to the email on file for your account. diff --git a/terms.md b/terms.md new file mode 100644 index 0000000..f809d3f --- /dev/null +++ b/terms.md @@ -0,0 +1,123 @@ +These are the terms of service for sr.ht; please read them before using sr.ht. + +If you have any questions, please reach out to Drew DeVault via +email. + +## tl;dr + +- You need to be old enough to have an account and you are responsible for + your account. We can cut you off at any time. +- Use our services in good faith and don't get us in trouble. +- You grant us enough rights to your content to provide our services. +- We can terminate service at any time. +- Some services may require payment. +- We'll email you before these terms change. + +For full details, read on. + +## Definitions + +The "services" are any software, application, product, or service provided by +sr.ht. Collectively they are also referred to as the "network". + +"sr.ht", "we", and "us" refers to sr.ht and its authorized agents. + +The "user", "you", and "your" refers to any individual or organization which +accesses our services. + +"Content" refers to any content displayed by our services, including but not +limited to text, source code, images, data, and so on. "User generated content" +refers to content created or uploaded by our users. "Your content" refers to +content you created or own. + +## Account Terms + +Accounts are only available to users who are 13 years of age or older, or the +minimum age for accessing internet services in their country, whichever is +older. You must also be a human, accounts registered through automated means +are not permitted. Accounts utilized by an automated process are permitted, so +long as the initial account registration was manually performed by a human. + +You are responsible for your account, any activity performed with it, and the +security of your account credentials. + +Your account may be disabled without notice at any time, temporarily or +permanently, for any reason. + +We require an email address to register an account. This email address must be +kept up-to-date and we must be able to reach you for official communication at +this address. If we are unable to reach you, your account may be terminated. + +## Permissible use + +You must obey all local and US laws in the course of using the service. You will +not utilize the service to transmit or store content which is unlawful. The +following additional types of content are explicitly prohibited: + +- explicit sexual content +- malware in executable form; or in source form without obvious disclaimers + describing the legal and practical risks of use +- any content which utilizes our platform for malware delivery or activation +- content which infringes on any copyright, patent, or trademark you do not own + +You must not deliberately use the services for the purpose of: + +- impacting service availability for other users +- obtaining or disclosing private information of other users +- impersonating any person other than yourself or organizations you are + authorized to represent +- spamming, unsolicited advertising, or solicitation + +You may use automated tools to obtain public information from the services for +the purposes of archival or open-access research. You may not use this data for +recruiting, solicitation, or profit. + +## Content rights + +You are solely responsible for any content you provide to the service. Upon +upload, you grant sr.ht a non-exclusive and indefinite license to use and +display your content in ways required for the appropriate operation of our +services. If you make your content public through privacy tools on our services, +you grant other users of the network the right to view and use your content +through the tools provided by our services. + +You may grant additional rights on your content, for example by providing a +LICENSE or COPYING file in git repositories hosted on git.sr.ht. + +You may request an archive of all of your content on the service by writing an +email to Drew DeVault and allowing up to 2 weeks for an archive +to be prepared. + +## Service availability + +We may disable or terminate all or part of our services, permanently or +temporarily, at any time with or without notice. + +This software is provided by the copyright holders and contributors "as is" and +any express or implied warranties, including, but not limited to, the implied +warranties of merchantability and fitness for a particular purpose are +disclaimed. In no event shall the copyright holder or contributors be liable for +any direct, indirect, incidental, special, exemplary, or consequential damages +(including, but not limited to, procurement of substitute goods or services; +loss of use, data, or profits; or business interruption) however caused and on +any theory of liability, whether in contract, strict liability, or tort +(including negligence or otherwise) arising in any way out of the use of this +software, even if advised of the possibility of such damage. + +## Payments + +Some services require payment for service, or for different degrees of service. +When you request paid services, you are billed immediately for the displayed +term. These services will be remitted to you at the displayed price, which will +not change during the payment term. If you authorize us to automatically renew +your service at the end of the term, you will be notified at least 1 week in +advance of renewal when the price has changed during the previous payment term. + +No refunds are given for partial service or when you request your services are +downgraded. In the event that your services are downgraded, you are billed the +reduced price at the start of the next billing term. + +## Changes to these terms + +We may make changes to these terms with no less than 2 weeks notice. Notice of +changes to these terms will be sent to the email on file for your account. -- cgit