- Changes/deletions to trust ratings and settings are currently not saved.
Probably a good idea to start recording those.
I agree. 1) why not? and 2) we should always remember abusive cases like Inaba.
Topic: Request for forum privacy policy statement (Read 538 times)
Probably a good idea to start recording those.
I agree. 1) why not? and 2) we should always remember abusive cases like Inaba.
- Logged IPs are kept forever. However, not all IPs that you use to access the forum end up getting logged.
- There are no per-user access logs (aside from what you're doing now, the last-read post in topics, etc.). There are normal web server access logs, but these can't be reliably tied to specific users; these logs tend to be deleted after a month, but no guarantees.
- Deleted posts are kept forever. Edit logs are kept forever. But if I ever start running low on space, I reserve the right to delete some of this.
- PMs are deleted from the database when everyone who can read the PM deletes it, except for certain users who for legal reasons have additional retention. These users are warned of this condition (except where required by law), though there's no warning when communicating with such users.
- Changes/deletions to trust ratings and settings are currently not saved.
Note also that data deleted from the database may still exist in backups, potentially forever.
- There are no per-user access logs (aside from what you're doing now, the last-read post in topics, etc.). There are normal web server access logs, but these can't be reliably tied to specific users; these logs tend to be deleted after a month, but no guarantees.
- Deleted posts are kept forever. Edit logs are kept forever. But if I ever start running low on space, I reserve the right to delete some of this.
- PMs are deleted from the database when everyone who can read the PM deletes it, except for certain users who for legal reasons have additional retention. These users are warned of this condition (except where required by law), though there's no warning when communicating with such users.
- Changes/deletions to trust ratings and settings are currently not saved.
Note also that data deleted from the database may still exist in backups, potentially forever.
It might not be a bad idea to contact a lawyer and have him help you write a policy out for your own personal liability reasons. I know you usually shy away from this kind of stuff if you can, but it could cause you and the forum problems down the road if you don't. Making a TOS for the site also protects you.
- Changes/deletions to trust ratings and settings are currently not saved.
Probably a good idea to start recording those.
- Logged IPs are kept forever. However, not all IPs that you use to access the forum end up getting logged.
- There are no per-user access logs (aside from what you're doing now, the last-read post in topics, etc.). There are normal web server access logs, but these can't be reliably tied to specific users; these logs tend to be deleted after a month, but no guarantees.
- Deleted posts are kept forever. Edit logs are kept forever. But if I ever start running low on space, I reserve the right to delete some of this.
- PMs are deleted from the database when everyone who can read the PM deletes it, except for certain users who for legal reasons have additional retention. These users are warned of this condition (except where required by law), though there's no warning when communicating with such users.
- Changes/deletions to trust ratings and settings are currently not saved.
Note also that data deleted from the database may still exist in backups, potentially forever.
- There are no per-user access logs (aside from what you're doing now, the last-read post in topics, etc.). There are normal web server access logs, but these can't be reliably tied to specific users; these logs tend to be deleted after a month, but no guarantees.
- Deleted posts are kept forever. Edit logs are kept forever. But if I ever start running low on space, I reserve the right to delete some of this.
- PMs are deleted from the database when everyone who can read the PM deletes it, except for certain users who for legal reasons have additional retention. These users are warned of this condition (except where required by law), though there's no warning when communicating with such users.
- Changes/deletions to trust ratings and settings are currently not saved.
Note also that data deleted from the database may still exist in backups, potentially forever.
I second this request, in particular to defining a data retention policy for items such as:
- user access logs
- cookies, IP address and user agent
- deleted posts and messages
- archived database backups
For example, if the policy states that deleted posts are first soft-deleted and kept one the database for 5 years before hard deletion, and database backups are kept for 2 years before being destroyed, then it would be clear to everyone that deleted posts can be recovered for up to 7 years after the initial deletion.
It can be a liability for the forum to keep data around indefinitely.
- user access logs
- cookies, IP address and user agent
- deleted posts and messages
- archived database backups
For example, if the policy states that deleted posts are first soft-deleted and kept one the database for 5 years before hard deletion, and database backups are kept for 2 years before being destroyed, then it would be clear to everyone that deleted posts can be recovered for up to 7 years after the initial deletion.
It can be a liability for the forum to keep data around indefinitely.
Hello,
in response to the answer to my question about registration IP address storage policy in this thread, I would request a forum privacy policy statement about what user specific data is stored for what reason how long and who has access to it, and if there is any data retention policy. The posts are stored, obviously, but what about other data, especially data, that the user cannot see himself.
I think this forum provider, as taking part of the high technical profile of the Bitcoin spirit should be an example for having a good transparent privacy policy and therefore should create and state this privacy policy in a permanent link, readble for everyone, if registered or not, and that link should be advised for every user that wants to register.
in response to the answer to my question about registration IP address storage policy in this thread, I would request a forum privacy policy statement about what user specific data is stored for what reason how long and who has access to it, and if there is any data retention policy. The posts are stored, obviously, but what about other data, especially data, that the user cannot see himself.
I think this forum provider, as taking part of the high technical profile of the Bitcoin spirit should be an example for having a good transparent privacy policy and therefore should create and state this privacy policy in a permanent link, readble for everyone, if registered or not, and that link should be advised for every user that wants to register.
Jump to: