1 Do Not Track Compliance Policy
5 This domain complies with user opt-outs from tracking via the "Do Not Track"
6 or "DNT" header [http://www.w3.org/TR/tracking-dnt/]. This file will always
7 be posted via HTTPS at https://example-domain.com/.well-known/dnt-policy.txt
12 This policy document allows an operator of a Fully Qualified Domain Name
13 ("domain") to declare that it respects Do Not Track as a meaningful privacy
14 opt-out of tracking, so that privacy-protecting software can better determine
15 whether to block or anonymize communications with this domain. This policy is
16 intended first and foremost to be posted on domains that publish ads, widgets,
17 images, scripts and other third-party embedded hypertext (for instance on
18 widgets.example.com), but it can be posted on any domain, including those users
19 visit directly (such as www.example.com). The policy may be applied to some
20 domains used by a company, site, or service, and not to others. Do Not Track
21 may be sent by any client that uses the HTTP protocol, including websites,
22 mobile apps, and smart devices like TVs. Do Not Track also works with all
23 protocols able to read HTTP headers, including SPDY.
25 NOTE: This policy contains both Requirements and Exceptions. Where possible
26 terms are defined in the text, but a few additional definitions are included
31 When this domain receives Web requests from a user who enables DNT by actively
32 choosing an opt-out setting in their browser or by installing software that is
33 primarily designed to protect privacy ("DNT User"), we will take the following
34 measures with respect to those users' data, subject to the Exceptions, also
37 1. END USER IDENTIFIERS:
39 a. If a DNT User has logged in to our service, all user identifiers, such as
40 unique or nearly unique cookies, "supercookies" and fingerprints are
41 discarded as soon as the HTTP(S) response is issued.
43 Data structures which associate user identifiers with accounts may be
44 employed to recognize logged in users per Exception 4 below, but may not
45 be associated with records of the user's activities unless otherwise
48 b. If a DNT User is not logged in to our service, we will take steps to ensure
49 that no user identifiers are transmitted to us at all.
53 a. Logs with DNT Users' identifiers removed (but including IP addresses and
54 User Agent strings) may be retained for a period of 10 days or less,
55 unless an Exception (below) applies. This period of time balances privacy
56 concerns with the need to ensure that log processing systems have time to
57 operate; that operations engineers have time to monitor and fix technical
58 and performance problems; and that security and data aggregation systems
61 b. These logs will not be used for any other purposes.
65 a. If this domain transfers identifiable user data about DNT Users to
66 contractors, affiliates or other parties, or embeds from or posts data to
67 other domains, we will either:
69 b. ensure that the operators of those domains abide by this policy overall
70 by posting it at /.well-known/dnt-policy.txt via HTTPS on the domains in
75 ensure that the recipient's policies and practices require the recipient
76 to respect the policy for our DNT Users' data.
80 obtain a contractual commitment from the recipient to respect this policy
81 for our DNT Users' data.
83 NOTE: if an “Other Domain” does not receive identifiable user information
84 from the domain because such information has been removed, because the
85 Other Domain does not log that information, or for some other reason, these
86 requirements do not apply.
88 c. "Identifiable" means any records which are not Anonymized or otherwise
89 covered by the Exceptions below.
91 4. PERIODIC REASSERTION OF COMPLIANCE:
93 At least once every 12 months, we will take reasonable steps commensurate
94 with the size of our organization and the nature of our service to confirm
95 our ongoing compliance with this document, and we will publicly reassert our
100 a. If we are required by law to retain or disclose user identifiers, we will
101 attempt to provide the users with notice (unless we are prohibited or it
102 would be futile) that a request for their information has been made in
103 order to give the users an opportunity to object to the retention or
106 b. We will attempt to provide this notice by email, if the users have given
107 us an email address, and by postal mail if the users have provided a
110 c. If the users do not challenge the disclosure request, we may be legally
111 required to turn over their information.
113 d. We may delay notice if we, in good faith, believe that an emergency
114 involving danger of death or serious physical injury to any person
115 requires disclosure without delay of information relating to the
120 Data from DNT Users collected by this domain may be logged or retained only in
121 the following specific situations:
123 1. CONSENT / "OPT BACK IN"
125 a. DNT Users are opting out from tracking across the Web. It is possible
126 that for some feature or functionality, we will need to ask a DNT User to
127 "opt back in" to be tracked by us across the entire Web.
129 b. If we do that, we will take reasonable steps to verify that the users who
130 select this option have genuinely intended to opt back in to tracking.
131 One way to do this is by performing scientifically reasonable user
132 studies with a representative sample of our users, but smaller
133 organizations can satisfy this requirement by other means.
135 c. Where we believe that we have opt back in consent, our server will
136 send a tracking value status header "Tk: C" as described in section 6.2
137 of the W3C Tracking Preference Expression draft:
139 http://www.w3.org/TR/tracking-dnt/#tracking-status-value
143 If a DNT User actively and knowingly enters a transaction with our
144 services (for instance, clicking on a clearly-labeled advertisement,
145 posting content to a widget, or purchasing an item), we will retain
146 necessary data for as long as required to perform the transaction. This
147 may for example include keeping auditing information for clicks on
148 advertising links; keeping a copy of posted content and the name of the
149 posting user; keeping server-side session IDs to recognize logged in
150 users; or keeping a copy of the physical address to which a purchased
151 item will be shipped. By their nature, some transactions will require data
152 to be retained indefinitely.
154 3. TECHNICAL AND SECURITY LOGGING:
156 a. If, during the processing of the initial request (for unique identifiers)
157 or during the subsequent 10 days (for IP addresses and User Agent strings),
158 we obtain specific information that causes our employees or systems to
159 believe that a request is, or is likely to be, part of a security attack,
160 spam submission, or fraudulent transaction, then logs of those requests
161 are not subject to this policy.
163 b. If we encounter technical problems with our site, then, in rare
164 circumstances, we may retain logs for longer than 10 days, if that is
165 necessary to diagnose and fix those problems, but this practice will not be
166 routinized and we will strive to delete such logs as soon as possible.
170 a. We may retain and share anonymized datasets, such as aggregate records of
171 readership patterns; statistical models of user behavior; graphs of system
172 variables; data structures to count active users on monthly or yearly
173 bases; database tables mapping authentication cookies to logged in
174 accounts; non-unique data structures constructed within browsers for tasks
175 such as ad frequency capping or conversion tracking; or logs with truncated
176 and/or encrypted IP addresses and simplified User Agent strings.
178 b. "Anonymized" means we have conducted risk mitigation to ensure
179 that the dataset, plus any additional information that is in our
180 possession or likely to be available to us, does not allow the
181 reconstruction of reading habits, online or offline activity of groups of
182 fewer than 5000 individuals or devices.
184 c. If we generate anonymized datasets under this exception we will publicly
185 document our anonymization methods in sufficient detail to allow outside
186 experts to evaluate the effectiveness of those methods.
190 From time to time, there may be errors by which user data is temporarily
191 logged or retained in violation of this policy. If such errors are
192 inadvertent, rare, and made in good faith, they do not constitute a breach
193 of this policy. We will delete such data as soon as practicable after we
194 become aware of any error and take steps to ensure that it is deleted by any
195 third-party who may have had access to the data.
197 ADDITIONAL DEFINITIONS
199 "Fully Qualified Domain Name" means a domain name that addresses a computer
200 connected to the Internet. For instance, example1.com; www.example1.com;
201 ads.example1.com; and widgets.example2.com are all distinct FQDNs.
203 "Supercookie" means any technology other than an HTTP Cookie which can be used
204 by a server to associate identifiers with the clients that visit it. Examples
205 of supercookies include Flash LSO cookies, DOM storage, HTML5 storage, or
206 tricks to store information in caches or etags.
208 "Risk mitigation" means an engineering process that evaluates the possibility
209 and likelihood of various adverse outcomes, considers the available methods of
210 making those adverse outcomes less likely, and deploys sufficient mitigations
211 to bring the probability and harm from adverse outcomes below an acceptable
214 "Reading habits" includes amongst other things lists of visited DNS names, if
215 those domains pertain to specific topics or activities, but records of visited
216 DNS names are not reading habits if those domain names serve content of a very
217 diverse and general nature, thereby revealing minimal information about the
218 opinions, interests or activities of the user.
projects / github / Chocobozzz / PeerTube.git / blob