From b5fc8fff6eeda72357d53b7e0563f3d84a323303 Mon Sep 17 00:00:00 2001 From: evazion Date: Tue, 26 May 2020 00:54:27 -0500 Subject: [PATCH] Add privacy policy (#4415). --- app/controllers/static_controller.rb | 3 + .../src/styles/specific/privacy_policy.scss | 5 + app/views/static/privacy_policy.html.erb | 479 ++++++++++++++++++ app/views/static/site_map.html.erb | 1 + config/danbooru_default_config.rb | 5 + config/routes.rb | 1 + test/functional/static_controller_test.rb | 7 + 7 files changed, 501 insertions(+) create mode 100644 app/javascript/src/styles/specific/privacy_policy.scss create mode 100644 app/views/static/privacy_policy.html.erb diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb index 1dcc272be..c3a992560 100644 --- a/app/controllers/static_controller.rb +++ b/app/controllers/static_controller.rb @@ -1,4 +1,7 @@ class StaticController < ApplicationController + def privacy_policy + end + def terms_of_service end diff --git a/app/javascript/src/styles/specific/privacy_policy.scss b/app/javascript/src/styles/specific/privacy_policy.scss new file mode 100644 index 000000000..e67ef1ce3 --- /dev/null +++ b/app/javascript/src/styles/specific/privacy_policy.scss @@ -0,0 +1,5 @@ +#c-static #a-privacy-policy { + .summary { + font-style: italic; + } +} diff --git a/app/views/static/privacy_policy.html.erb b/app/views/static/privacy_policy.html.erb new file mode 100644 index 000000000..798efa89f --- /dev/null +++ b/app/views/static/privacy_policy.html.erb @@ -0,0 +1,479 @@ +<% page_title "Privacy Policy" %> + +<% @app_name = Danbooru.config.canonical_app_name %> +<% @canonical_url = Danbooru.config.canonical_url %> +<% @contact_email = Danbooru.config.contact_email %> + +
+
+

Privacy Policy

+ +

Last updated: July 5, 2020

+ +

This privacy policy describes what information <%= @app_name %> + (collectively "we", "us", "our") collects about you when you use our website + or services (referred to as our "Site" or "Services"), how we use your + information, and what rights you have in relation to your information.

+ +

If there are any terms or conditions in this privacy policy that you do + not agree with, please discontinue your use of our Site and our Services. + If you have any questions or concerns about this policy, or our practices + in regards to your personal information, you may contact us at + <%= link_to @contact_email, "mailto:#{@contact_email}" %>.

+ +

What We Collect

+ +
Information You Provide To Us
+ +

Summary: We collect information you directly give us.

+ +

We collect information you directly provide to us when you use our + Services. What information we collect depends on how you use our Services. + The information we may collect includes:

+ +
    +
  • Account information. + We collect your username, password, and optionally your email address + when you create an account with us. We also store your account + preferences and settings. You may update your account information at + any time, including to change your username or to deactivate your + account, as described below. +
    • + +
  • Content you submit. + We collect content you submit to the Site. This includes images, + videos, or written content you post or upload to the Site, including + posts, comments, forum posts, translation notes, wiki pages, pools, + artist commentaries, and any other contributions you make to the Site. +
    • + +
  • Actions you take. + We collect information about actions you take when using the Site. This + includes favoriting or voting on content, flagging or reporting + content, sending private messages, saving searches, sending private + messages, and viewing forum threads. This also includes any edits or + changes you make to any content on the Site. +
    • + +
  • Payment information. + We collect information necessary to process your payment if you make a + purchase with us. This information includes your credit card number, + security code, and expiration date, your email address, your location + (such as your country, your postal code, your billing address, and your + location at time of purchase), and your IP address. All payment + information is securely stored by Stripe. You may find their privacy + policy at <%= external_link_to "https://stripe.com/privacy" %>. +
    • + +
  • + Other information. + You may choose to provide other information directly to us. For + example, we may collect information when you participate in surveys, + polls, promotions, giveaways, or other site-sponsored activities, or + you request support from us, or you contact us directly by email. +
    • +
+ +
Information We Collect Automatically
+ +

Summary: We collect some information about you + automatically, including your IP address, information about your computer, + and information about your site usage.

+ +
    +
  • Log and usage data. We may log information about you + when you visit or use our Services. This information may include your + IP address, browser type and version, computer or device type, device + characteristics such as screen resolution or operating system version, + language and timezone preferences, or your geolocation or country + information. This may also include information about your usage of the + Site, including posts you have viewed, pages you have visited, links + you have clicked, and searches you have performed. +
    • + +
  • Cookies. We may receive information from cookies, + which are pieces of data your browser stores and sends back to us when + making requests, and similar technologies. We use this information to + maintain login sessions and to store account settings and preferences. +
    • +
+ +
Information We Collect From Other Sources
+ +

Summary: If you choose to link other sites to your + <%= @app_name %> account, we will receive profile information about you + from those sites.

+ +

We may receive information about you from other sources and combine that + information with other information we have about you. For example, we may + give you the option to link your <%= @app_name %> account to your accounts + on other sites, such as your Google, Twitter, or other accounts. If you + choose to link a third-party account to your <%= @app_name %> account, we + will collect information about you from that account as described in the + section titled How We Handle Linked Accounts below.

+ +

How We Use Your Information

+ +

Summary: We use your information to provide services to + you, to operate the Site, and to enforce our Terms of Service.

+ +

We use your information to:

+ +
    +
  • + Provide services to you. + We may use your information to provide you with our Services, and to + provide you with support or customer service. +
    • + +
  • + Manage your account. + We may use your information to allow you to login and manage your + account, to store your account preferences, to help you recover access + to your account, and to send you administrative messages or notices + pertaining to you. +
    • + +
  • + Protect our Services. + We may use your information to maintain the safe and secure operation + of our Services, including to enforce our Terms of Service, to detect + and prevent abuse of our Services, to moderate our Services, to block + spam, to prevent fraud, and to debug and troubleshoot problems with the + Site. +
    • + +
  • + Monitor usage of our Services. + We may use your information to maintain and improve our Services, + to analyze trends, to monitor site usage and performance, to generate + internal reports and analytics, to research and develop new Services, + and to provide public reports about usage of the Site, including + information about popular searches, popular pages, and post view + counts. +
    • + +
  • + Facilitate account creation and login. + If you choose to link a third-party account (such as your Google or + Twitter account) to your <%= @app_name %> account, we may use the + information you allowed us to collect from those third parties to + create a new <%= @app_name %> account for you, or to allow you to login + to <%= @app_name %> using your third-party account. See the section + below titled How We Handle Linked Accounts for + further information. +
    • + +
  • + Respond to legal requests. + If we receive a subpoena or other legal request, we may need to inspect + the data we hold to determine how to respond. +
    • +
+ +

How Information About You Is Shared

+ +

Summary: Most activity on <%= @app_name %> is public. We + won't share your information with advertisers without your consent. We + won't share information about you with third parties, except as required + under certain conditions.

+ +

When you use the Site, certain information about you may be shared with + other users, with Site moderators or other authorized users, or with the + general public. For example:

+ +
    +
  • + Any content you create or submit to the Site will be visible to other + users and to the general public, unless stated otherwise. This includes + your uploads, comments, forum posts, pools, wiki pages, translation + notes, and any other contributions you make to the Site. +
    • + +
  • + Any edits you make to the Site will be visible to other users and to + the general public, unless stated otherwise. This includes your tag + edits, pool edits, wiki edits, translation note edits, artist edits, + commentary edits, and any other kind of edit, change, or modification + you make to any other content on the Site. +
    • + +
  • + Your other personal activities on the Site, such as your favorites, + favorite groups, and saved searches, will normally be visible to other + users and to the general public, unless stated otherwise, or you choose + to make these things private. +
    • + +
  • + Certain information, such as your favorites or favorite groups, you may + choose to make private. This information may still be visible to Site + moderators or to other authorized users in connection with legitimate + needs in operating the Site. +
    • + +
  • + Your username will be publicly associated with any content you create + or edit on the Site. The date and time you created or edited the + content will also be publicly visible. Moderators may also be able to + see the IP address associated with any content you create or edit on + the Site. +
    • + +
  • + When other users view your profile, they will be able to see + information about your activities on the Site, such as your username, + signup date, uploads, favorites, votes, post edit history, comments, + forum posts, Gold or Platinum status. +
    • + +
  • + When you send another user a private message, the recipient of that + message will be able to see the content of your message, your username, + and the date and time the message was sent. Recipients may choose to + share your message publicly or with other users. Recipients may + choose to have private messages forwarded to their email accounts and, + as a result, any messages received by those users will be subject to + the terms and policies of the user’s email provider. +
    • + +
  • + We may, at our sole discretion, allow Site moderators or other + authorized users to view private messages for legitimate needs in + connection with operating the Site, such as to prevent spam or to + enforce our Terms of Service. +
    • + +
  • + We may allow third parties to access, collect, archive, or redistribute + information collected from our API or from public data dumps we may + provide. This information may be stored by third parties even after it + has been removed from <%= @app_name %>. +
    • +
+ +

Otherwise, we do not share, sell, or give away your personal information + to third parties unless one of the following circumstances applies:

+ +
    +
  • + With your consent. + We may share your information with your consent or at your direction. +
    • + +
  • + With our service providers. + We may share information with vendors, consultants, and other service + providers (but not with advertisers or ad partners) who need access to + such information to carry out work for us. The partner's use of + personal data will be subject to appropriate confidentiality and + security measures. +
    • + +
  • + Aggregated or anonymized information. + We may share information about you that has been aggregated or anonymized + such that it cannot reasonably be used to identify you. For example, we + may show the total number of times a post has been visited without + identifying who the visitors were, or how many times a tag has been + searched without identifying who the searchers were. +
    • + +
  • + To enforce our policies and rights. + We may share information if we believe your actions are in violation of + our user agreements, rules, or other policies, or to protect the + rights, property, and safety of ourselves and others. +
    • + +
  • + To comply with the law. + We may share information in response to a request for information if we + believe disclosure is in accordance with, or required by, any applicable + law, regulation, legal process or governmental request, including, but not + limited to, meeting national security or law enforcement requirements. To + the extent the law allows it, we will attempt to provide you with prior + notice before disclosing your information in response to such a request. +
    • + +
  • + In an emergency. + We may share information if we believe it's necessary to prevent imminent + and serious bodily harm to a person. +
    • + +
  • + Business transfers. We may share or transfer your + information in connection with, or during negotiations of, any merger, + sale of company assets, financing, or acquisition of all or a portion + of our business to another company. +
    • +
+ +
How We Handle Linked Accounts
+ +

Summary: If you link other sites to your <%= @app_name %> + account, we will receive profile information about you from those sites. We + won't disclose any information about you to those sites.

+ +

We may offer you the ability to sign up or login using third-party + social media accounts (such as your Google or Twitter accounts), or to link + other third-party accounts to your <%= @app_name %> account. If you choose + to do this, we will receive certain profile information about you from the + third-party service. The profile information we receive may vary depending + on the service concerned, but will often include your username, email + address, profile picture, as well as other information included in your + public profile. + +

We will use the information we receive only for the purposes that are + described in this Privacy Policy, or to provide features that are described + to you when you link your account. You may unlink third-party accounts + from your account at any time, at which point we will delete any + information about you we have collected from these services.

+ +

We will not use any information collected about you from third-party + services for marketing purposes without your consent. We will not disclose + any information about you or your usage of our Site to any third-party + websites you have linked your <%= @app_name %> account with. Please note, + however, that we do not control, and are not responsible for, the behavior + of third-party websites. We recommend that you review their privacy + policies to understand how they collect, use and share your personal + information, and how you can set your privacy preferences on their sites + and apps.

+ +

Controlling Your Information

+ +
Accessing and Changing Your Information
+ +

If you would like to review or change the information in your account, + such as your user name, password, email address, or other settings, you + can visit your <%= link_to "account settings", settings_path %> and update + your settings.

+ +
Deleting Your Account
+ +

Summary: You may deactivate your account, but we may + retain your IP address and your public contributions to the Site.

+ +

If you would like to delete your account, you may request your + account to be deactivated <%= link_to "here", maintenance_user_deletion_path %>.

+ +

When your account is deactivated, we will delete your non-public personal + information from our active systems, including your email address, + password, account preferences, saved searches, and private favorites, and + we will disassociate your username from content you have submitted to + the Site, including your uploads, votes, comments, forum posts, private + messages, translation notes, wiki pages, tag edits, and other public + contributions you have made to the Site.

+ +

Please note that content that you have submitted to the Site will not + be removed from the Site after deactivating your account. In particular, + your uploads will not be removed from the Site, private messages you have + sent to other users will not be deleted, your comments and forum posts will + still be visible to others unless you delete them before deleting your + account. Comments, forum posts, or messages posted by other users + mentioning you by name or quoting you will still be visible to others.

+ +

We may retain certain other information about you even after you + deactivate your account, including your IP address, your user ID, your past + usernames, and other identifiers associated with your account. We may + retain this information as required by law or as necessary for legitimate + business needs, such as for preventing spam, abuse, or violations of our + Terms of Service.

+ +
Controlling Email Communications
+ +

If you would like to opt out of receiving emails from the Service, you + may unsubscribe by clicking on the unsubscribe link in the emails that we + send or by disabling email notifications in your + <%= link_to "account settings", settings_path %>. We may still send you + emails relating to the use or security of your account, such as when + resetting your password.

+ +
Controlling Cookies
+ +

Most web browsers are set to accept cookies by default. If you prefer, + you can usually choose to set your browser to remove or reject first- and + third-party cookies. Please note that if you choose to remove or reject + cookies, this could affect the availability and functionality of our + Site.

+ +

Other Information

+ +
Minors
+ +

Persons under the age of 18 are not allowed to create an account or + otherwise use our Services. By using our Services, you represent that you + are over the age required by the laws of your country to create an account + or otherwise use our Services.

+ +
Data Retention
+ +

Summary: We keep your information for as long as + necessary to fulfill the purposes outlined in this privacy policy, unless + otherwise required by law.

+ +

We store the information we collect for as long as it is necessary for + the purpose(s) for which we originally collected it. We may retain certain + information for legitimate business purposes or as required by law.

+ +

When we have no ongoing legitimate business need to process your + personal information, we will either delete or anonymize it, or, if this is + not possible (for example, because your personal information has been + stored in backup archives), then we will securely store your personal + information and isolate it from any further processing until deletion is + possible.

+ +
International Data Transfers
+ +

Summary: We store data in the United States and operate under US law.

+ +

We are based in the United States and we process and store information + on servers located in the United States. We may store information on + servers and equipment in other countries depending on a variety of factors, + including the locations of our users and service providers. By accessing or + using the Site or otherwise providing information to us, you consent to + the processing, transfer and storage of information in and to the U.S. and + other countries, where you may not have the same rights as you do under + local law.

+ +
Information Security
+ +

Summary: We take reasonable measures to secure your + data. We will promptly notify you of breaches of your personal + information.

+ +

We take reasonable measures to protect your personal information from + loss, theft, misuse, unauthorized access, disclosure, alteration, or + destruction. We also enforce technical and administrative access controls + to limit access to non-public personal information by staff members or + designated representatives of <%= @app_name %>. However, although we will + do our best to protect your personal information, transmission of personal + information to and from our Services is at your own risk. You should only + access our Services within a secure environment.

+ +

In the event that we become aware of a privacy breach which has resulted + or may result in unauthorized access, use or disclosure of your personal + information, we will investigate the matter and promptly notify you and the + applicable Supervisory Authority of the breach, unless the breach is + unlikely to result in a risk to the rights and freedoms of natural + persons.

+ +
Changes to this Policy
+ +

Summary: We may update this policy from time to time.

+ +

We may update this Privacy Policy from time to time. The updated policy + will be indicated by a new "Last updated" date at the top of this page. If + we make material changes to this Privacy Policy, we may, at our discretion, + notify you either by prominently posting a notice of such changes or by + directly sending you a notification. We encourage you to review this + Privacy Policy frequently to stay informed of how we handle your personal + information.

+ +

Changes to this Privacy Policy will go into effect as soon as the + updated Privacy Policy is accessible. By continuing to use our Services + after changes to our Privacy Policy go into effect, you agree to be bound + by the revised policy.

+
+
diff --git a/app/views/static/site_map.html.erb b/app/views/static/site_map.html.erb index bcbfe1208..fabd7675e 100644 --- a/app/views/static/site_map.html.erb +++ b/app/views/static/site_map.html.erb @@ -138,6 +138,7 @@
  • <%= link_to("Bans", bans_path) %>
  • <%= link_to("Feedback", user_feedbacks_path) %>
  • <%= link_to("Terms of Service", terms_of_service_path) %>
    • +
  • <%= link_to("Privacy Policy", privacy_policy_path) %>