revsuine/revsuine.xyz
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

content/privacy_policy.md, layouts/partials/footer.html: added privacy policy

Browse source
This commit is contained in:
revsuine 2024-11-25 17:06:11 +00:00
parent c3e0127160
commit 6128596a8e
Signed by: revsuine
GPG key ID: 3F257B68F5BC9339
2 changed files with 98 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

95
content/privacy_policy.md Normal file
View file

@ -0,0 +1,95 @@
+++
draft = false
title = 'Privacy Policy'
+++
This is a privacy policy notice for anyone who happens to use any of the services I use.
# For all services
My server is a VPS with full disk encryption. This means that, if the disk is seized, e.g. by law enforcement, your
data will be unreadable to them. However, if the VPS host wishes to, they can dump the decryption keys from RAM and
read my disk. For most user services I host, there will be additional encryption at rest, including such that data is
never decrypted server-side.
The server is hosted in Romania.
I make local backups of server data which I physically possess. These backups are always on LUKS-encrypted drives (i.e.
same disclaimer as above about being unreadable should they be seized) stored in Britain. I reserve the right to keep
my backups for as long as I like, so any data you have deleted on my server may still exist in backups. If you have
accidentally uploaded sensitive data to my server which you want scrubbed, [contact me](/contact) and I will do my best
to remove it from backups. Please don't rely on this to delete data though, and just don't upload anything to my server
that absolutely can't persist.
My server uses fail2ban with a ban length of 1 day, so your IP address may be stored for a day if fail2ban bans you.
# Sharing data
If I am not forced to by law, I will never share the data of anyone who uses my hosted services with any third party.
Try not to use my server for anything that could get the cops on me, but in the event that I am approached by law
enforcement with a legally valid data access request/warrant/etc, I will do everything I safely can to avoid handing
over data, up to and including shutting down the service in question. This is no guarantee that I wouldn't comply if my
own safety/liberty/etc were at risk though, therefore you should not take it as a given that data stored on this server
cannot be shared if law enforcement is interested.
I will not go out of my way to read anyone's private data (e.g. email addresses on accounts), but if it is unencrypted,
I may stumble across it while doing server maintenance, reading logs, etc. If you have public data on my server, I may
access it from the public web as a member of the public.
# Web services
My web server is nginx. I log web requests without any identifying information. I log:
* Timestamps
* The type of request
* The resource accessed
* The status of the request
My logging config is:
```conf
log_format main '[$time_local] "$request" '
'$status $body_bytes_sent ';
```
Logs are rotated with logrotate with the following logrotate config:
```logrotate
/var/log/nginx/*.log {
missingok
sharedscripts
postrotate
/etc/init.d/nginx --quiet --ifstarted reopen
endscript
}
```
I also log errors.
# [My static website (revsuine.xyz)](https://revsuine.xyz/)
My static website does not collect data about you beyond nginx logging. It uses JavaScript for prism.js syntax
highlighting, and for the drop-down menu on mobile. To see the Javascript usage, look at [the GitHub repo for the
theme](https://github.com/search?q=repo%3Apanr%2Fhugo-theme-terminal++language%3AJavaScript&type=code). The site works
completely fine without JavaScript.
This website does not use cookies, tracking pixels, or anything of the sort.
# [Nextcloud](https://cloud.revsuine.xyz/)
Server-side encryption is enabled, meaning I can view an index of your files, but not read their content. End-to-end
encryption is also enabled.
I log errors, which may contain client IP addresses.
# [Forgejo](https://git.revsuine.xyz/)
There is no additional encryption at rest for anything hosted on Forgejo, so you shouldn't upload anything to my
Forgejo instance you don't want me to see. I can say I won't look at your private repos, but you'd have to take my word
for it, and I am *able* to look at them if I want to.
# Changes
This privacy policy was first written in 2024 and will be kept up-to-date. I reserve the right to update this privacy
policy whenever I like.

3
layouts/partials/footer.html
View file

@ -7,3 +7,6 @@
Generated with <a href="https://gohugo.io/">Hugo</a>. Website source available
<a href="https://git.revsuine.xyz/revsuine/revsuine.xyz/">here</a> and licensed under the
<a href="https://www.gnu.org/licenses/gpl-3.0.txt">GNU General Public Licence v3</a>.</p>
<p align="center"><a href="/privacy_policy">Privacy Policy</a></p>