-
-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
123 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,122 @@ | ||
| # Commonhaus Foundation Privacy Policy | ||
|
|
||
| The Commonhaus Foundation (CF) is committed to respecting your privacy and protecting your personal information. | ||
| This Privacy Policy explains how we collect, use, and share information when you engage with our services, websites, and projects. | ||
|
|
||
| - [Information We Collect](#information-we-collect) | ||
| - [Data for Foundation operations](#data-for-foundation-operations) | ||
| - [Legal and Contributor Data](#legal-and-contributor-data) | ||
| - [How We Use Your Information](#how-we-use-your-information) | ||
| - [Information Sharing and Disclosure](#information-sharing-and-disclosure) | ||
| - [How We Protect Your Information](#how-we-protect-your-information) | ||
| - [Cross-border data transfers](#cross-border-data-transfers) | ||
| - [Data Retention](#data-retention) | ||
| - [Your Rights](#your-rights) | ||
| - [Changes to This Policy](#changes-to-this-policy) | ||
| - [Contact Us](#contact-us) | ||
| - [Additional Information for EEA and UK Users](#additional-information-for-eea-and-uk-users) | ||
| - [Additional Information for California Users](#additional-information-for-california-users) | ||
|
|
||
| ## Information We Collect | ||
|
|
||
| We are committed to collecting only the minimum necessary data to operate our services effectively. | ||
|
|
||
| ### Data for Foundation operations | ||
|
|
||
| 1. **GitHub Data**: We use GitHub for authentication and collect your GitHub login and user ID. | ||
| If you serve on a CF committee, your GitHub login, full name, and bio (as defined in your GitHub profile) will be displayed publicly during your tenure. | ||
| You may opt to provide an alternate display name and bio. | ||
|
|
||
| 2. **ForwardEmail Service**: For members using ForwardEmail, we maintain a link between your GitHub login and the associated forwarding email address(es). | ||
| The target email address, specified by you, is stored by ForwardEmail, not the foundation. | ||
|
|
||
| 3. **Session Cookies**: Our member section uses session cookies solely for GitHub authentication. | ||
| These cookies are temporary and facilitate secure access to member-specific features on our website. | ||
|
|
||
| 4. **Analytics**: We use aggregated and anonymous analytics to understand how visitors use our website. | ||
| This data helps us improve our website performance and user experience. | ||
|
|
||
| ### Legal and Contributor Data | ||
|
|
||
| 1. **Legal Agreements**: We collect personal information, such as names and contact details, necessary for asset transfers, fiscal hosting, or other legal agreements signed with the foundation. | ||
|
|
||
| 2. **Contributor Information**: We collect information from contributors who sign Contributor License Agreements (CLAs), including names and email addresses. | ||
| Personal data, such as names and email addresses, included in commit messages or source code may also be processed as part of foundation or project operations. | ||
|
|
||
| ## How We Use Your Information | ||
|
|
||
| The information we collect is used to: | ||
|
|
||
| - **Authenticate and Provide Access**: We use GitHub data to authenticate users and provide access to the member section of our website and other services. | ||
| - **Committee and Member Display**: We publicly display committee members’ full names and GitHub logins (or alternate display names if specified) during their tenure. | ||
| - **Communication**: For members using the ForwardEmail service, we facilitate communication through the provided forwarding addresses. | ||
| - **Website Improvement**: Analytics data helps us improve our website’s usability and performance without identifying individual users. | ||
| - **Project Management and Contribution Oversight**: We use contributor information to help projects monitor contribution activity, ensure adherence to contribution requirements (such as CLAs or DCOs), and assess overall project health. | ||
|
|
||
| ## Information Sharing and Disclosure | ||
|
|
||
| We do not sell or rent your personal information. Information is shared under the following circumstances: | ||
|
|
||
| - **Third-party services**: We do not proactively share your personal information with third-party service providers. | ||
| If you opt to use services like ForwardEmail, your information may be shared with those services as needed for their operation. | ||
| This sharing only occurs with your consent when you choose to use these services. | ||
| - **Legal Requirements**: We may disclose information if required by law or in response to a valid legal request. | ||
|
|
||
| ## How We Protect Your Information | ||
|
|
||
| We take reasonable measures necessary to protect your personal data from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of your personal data. | ||
|
|
||
| ## Cross-border data transfers | ||
|
|
||
| We may store and process your personal data in your region, in the United States, and in any other country where we or our service providers operate facilities. | ||
|
|
||
| We may transfer personal data from the European Union, the United Kingdom, and Switzerland to other countries, some of which have not yet been determined by the European Commission to have an adequate level of data protection. | ||
| For example, their laws may not guarantee you the same rights, or there may not be a privacy supervisory authority there that is capable of addressing your complaints. | ||
| When we engage in such transfers, we use the Standard Contractual Clauses approved by the European Commission to help protect your rights and enable these protections to travel with your data. | ||
|
|
||
| ## Data Retention | ||
|
|
||
| We retain information for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. | ||
| Session cookies are temporary and expire once your session ends. | ||
|
|
||
| ## Your Rights | ||
|
|
||
| You have the right to request access to, correction, or deletion of your personal information. | ||
| If you wish to exercise these rights, send an email to the [`legal` mailing list][CONTACTS.yaml]. | ||
|
|
||
| ## Changes to This Policy | ||
|
|
||
| We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations. | ||
| We will notify you of any significant changes by posting the updated policy on our website. | ||
|
|
||
| ## Contact Us | ||
|
|
||
| If you have any questions or concerns about this Privacy Policy, send an email to the [`legal` mailing list][CONTACTS.yaml]. | ||
|
|
||
| ## Additional Information for EEA and UK Users | ||
|
|
||
| Users in the European Economic Area (“EEA”) and United Kingdom (“UK”) have the right to request access to, rectification of, or erasure of their personal data; to data portability in certain circumstances; to request restriction of processing; to object to processing; and to withdraw consent for processing where they have previously provided consent. These rights can be exercised as described in the "Your Rights" section above. EEA users also have the right to lodge a complaint with their local supervisory authority. | ||
|
|
||
| As required by applicable law, we collect and process information about individuals in the EEA and UK only where we have a legal basis for doing so. Our legal bases depend on the Services you use and how you use them. We process your information where: | ||
|
|
||
| - It is necessary to fulfill our contract with you, including to provide, operate, and improve the Services, provide customer support, personalize features and to protect the safety and security of the Services; | ||
| - It satisfies a legitimate interest (which is not overridden by your data protection interests), such as preventing fraud, ensuring network and information security, enforcing our rules and policies, protecting our legal rights and interests, research and development, personalizing the Services, and marketing and promoting the Services; | ||
| - You have consented for us to do so for a specific purpose; or | ||
| - We need to process your information to comply with our legal obligations. | ||
|
|
||
| ## Additional Information for California Users | ||
|
|
||
| The California Consumer Privacy Act (“CCPA”), as amended, requires us to provide California residents with some additional information, which we address in this section. | ||
|
|
||
| In the last 12 months, we collected the following categories of personal information from California residents: | ||
|
|
||
| - Information about project maintainers and contributors, including email address, phone number, IP address, and cookie information. | ||
| - Internet or other electronic network activity information, such as information about your activity on our website. | ||
| - Geolocation information based on your IP address and browser location information. | ||
| - Inferences we make based on other collected data, for purposes such as recommending content and analytics. | ||
|
|
||
| If you are a California resident, you have additional rights under the CCPA, including the right to opt out of any sales or sharing of your personal information, to request access to and information about our data practices, and to request deletion or correction of your personal information, as well as the right not to be discriminated against for exercising your privacy rights. The Foundation does not “sell” or “share” personal information as those terms are defined under the CCPA. We do not use or disclose sensitive personal information except to provide you the Services or as otherwise permitted by the CCPA. | ||
|
|
||
| You may exercise your rights to access, delete, or correct your personal information as described in the “Your Rights” section of this notice. When you make a request, we will verify your identity by asking you to sign into your account or if necessary by requesting additional information from you. You may also make a rights request using an authorized agent. If you submit a rights request from an authorized agent who does not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you have any questions or concerns, you may reach us using the methods described under [Your Rights](#your-rights). | ||
|
|
||
| [CONTACTS.yaml]: https://github.com/commonhaus/foundation/blob/main/CONTACTS.yaml |