Author

Topic: Request for forum privacy policy statement (Read 562 times)

sr. member
Activity: 420
Merit: 250
Mmmh mhmhh mmmm.
- Changes/deletions to trust ratings and settings are currently not saved.

Probably a good idea to start recording those.

I agree. 1) why not? and 2) we should always remember abusive cases like Inaba.
legendary
Activity: 3318
Merit: 2008
First Exclusion Ever
- Logged IPs are kept forever. However, not all IPs that you use to access the forum end up getting logged.
- There are no per-user access logs (aside from what you're doing now, the last-read post in topics, etc.). There are normal web server access logs, but these can't be reliably tied to specific users; these logs tend to be deleted after a month, but no guarantees.
- Deleted posts are kept forever. Edit logs are kept forever. But if I ever start running low on space, I reserve the right to delete some of this.
- PMs are deleted from the database when everyone who can read the PM deletes it, except for certain users who for legal reasons have additional retention. These users are warned of this condition (except where required by law), though there's no warning when communicating with such users.
- Changes/deletions to trust ratings and settings are currently not saved.

Note also that data deleted from the database may still exist in backups, potentially forever.

It might not be a bad idea to contact a lawyer and have him help you write a policy out for your own personal liability reasons. I know you usually shy away from this kind of stuff if you can, but it could cause you and the forum problems down the road if you don't. Making a TOS for the site also protects you.
legendary
Activity: 1666
Merit: 1185
dogiecoin.com
- Changes/deletions to trust ratings and settings are currently not saved.

Probably a good idea to start recording those.
administrator
Activity: 5222
Merit: 13032
- Logged IPs are kept forever. However, not all IPs that you use to access the forum end up getting logged.
- There are no per-user access logs (aside from what you're doing now, the last-read post in topics, etc.). There are normal web server access logs, but these can't be reliably tied to specific users; these logs tend to be deleted after a month, but no guarantees.
- Deleted posts are kept forever. Edit logs are kept forever. But if I ever start running low on space, I reserve the right to delete some of this.
- PMs are deleted from the database when everyone who can read the PM deletes it, except for certain users who for legal reasons have additional retention. These users are warned of this condition (except where required by law), though there's no warning when communicating with such users.
- Changes/deletions to trust ratings and settings are currently not saved.

Note also that data deleted from the database may still exist in backups, potentially forever.
donator
Activity: 1617
Merit: 1012
I second this request, in particular to defining a data retention policy for items such as:
- user access logs
- cookies, IP address and user agent
- deleted posts and messages
- archived database backups

For example, if the policy states that deleted posts are first soft-deleted and kept one the database for 5 years before hard deletion, and database backups are kept for 2 years before being destroyed, then it would be clear to everyone that deleted posts can be recovered for up to 7 years after the initial deletion.

It can be a liability for the forum to keep data around indefinitely.
full member
Activity: 233
Merit: 100
Hello,

in response to the answer to my question about registration IP address storage policy in this thread, I would request a forum privacy policy statement about what user specific data is stored for what reason how long and who has access to it, and if there is any data retention policy. The posts are stored, obviously, but what about other data, especially data, that the user cannot see himself.

I think this forum provider, as taking part of the high technical profile of the Bitcoin spirit should be an example for having a good transparent privacy policy and therefore should create and state this privacy policy in a permanent link, readble for everyone, if registered or not, and that link should be advised for every user that wants to register.
Jump to: