Page MenuHomePhabricator
Differential D6394 Diff 21835 landing/privacy.react.js

Changeset View

Standalone View

View Options

landing/privacy.react.js

// @flow // @flow
import * as React from 'react'; import * as React from 'react';
import css from './legal.css'; import css from './legal.css';
function Privacy(): React.Node { function Privacy(): React.Node {
return ( return (
<div className={css.legal_container}> <div className={css.legal_container}>
<h1>Privacy Policy</h1> <h1>Privacy Policy</h1>
<p> <p>
Effective date: <strong>June 29, 2021</strong> Effective date: <strong>February 2, 2023</strong>
</p> </p>
<h2>Introduction</h2> <h2>Introduction</h2>
<p> <p>
We built Comm as a privacy-focused alternative to the cloud-based We built Comm as a privacy-focused alternative to the cloud-based
community chat apps that exist today. In order to protect the privacy of community chat apps that exist today. In order to protect the privacy of
user content, communities on Comm are hosted on private keyservers, and user content, communities on Comm are hosted on private keyservers, and
messages transmitted through the platform are encrypted, preventing us messages transmitted through the platform are encrypted, preventing us
from being able to access their contents. While Comm does collect a from being able to access their contents. While Comm does collect a
minimal amount of information as necessary to power and maintain the minimal amount of information as necessary to power and maintain the
Services, Comm will never be able to access or view your messages or Services, Comm will never be able to access or view the substance of
content. This Privacy Policy describes the limited ways in which Comm your Content. This Privacy Policy describes the limited ways in which
uses information in connection with its Services. Comm uses information in connection with its Services.
</p> </p>
<p> <p>
<strong> <strong>
By using or accessing our Services, you acknowledge that you accept By using or accessing our Services, you acknowledge that you accept
the practices and policies outlined below. the practices and policies outlined below.
</strong> </strong>
</p> </p>
<h2>Table of Contents</h2> <h2>Table of Contents</h2>
<ul> <ul>
<li> <li>
<strong>Information We Collect</strong> <strong>Information We Collect</strong>
</li> </li>
<li> <li>
<strong>Public Blockchain Information</strong>
</li>
<li>
<strong>How We May Share Your Information</strong> <strong>How We May Share Your Information</strong>
</li> </li>
<li> <li>
<strong>Retention of Information</strong> <strong>Retention of Information</strong>
</li> </li>
<li> <li>
<strong>Your Rights in the Personal Data You Provide to Us</strong> <strong>Your Rights in the Personal Data You Provide to Us</strong>
</li> </li>
Show All 16 Lines <div className={css.legal_container}>
<p> <p>
We collect the following categories of information, some of which might We collect the following categories of information, some of which might
constitute personal information: constitute personal information:
</p> </p>
<ol> <ol>
<li> <li>
<strong>Account Information.</strong> In order to use Comm, you will <strong>Account Information.</strong> In order to use Comm, you will
be required to create an account, and in doing so, will be required to be required to create an account, and in doing so, may be required to
provide a username and password to us. We only store salted and hashed provide a username and password to us. We only store salted and hashed
versions of your password we never store the plaintext version. No versions of your password we never store the plaintext version. No
other information is required to create an account and we do not want other information is required to create an account and we do not want
you to provide any other information. you to provide any other information.
</li> </li>
<li> <li>
<strong>Blockchain Account Information.</strong> You may instead
choose to log into Comm using a third-party blockchain provider (such
as, Sign-In with Ethereum or similar functionality), in which case you
will be required to provide your blockchain address to us. The only
information we collect as part of this process is information that is
already publicly available.
</li>
<li>
<strong>Backup Service.</strong> You have the option to back up your
Content on Comms hosted servers, allowing you to recover any
backed-up Content. If you do not opt out of the backup service, your
Content will be stored in our automated backup service.{' '}
<strong>
Your Content will always remain end-to-end encrypted, even when
stored through our backup service.
</strong>{' '}
You may recover your backed-up Content through an automatic recovery
process available through your account. If you request your Content,
Comm will verify your identity cryptographically to verify that the
Content you are requesting belongs to you; however, such request will
not allow Comm to collect or view any information that is not already
outlined in this Privacy Policy and your backed-up Content will only
be associated with your account. The backup service only allows Comm
to collect encrypted versions of your Content at no point will Comm
have the ability to access or view the substance of your Content nor
will Comm ever have the ability to decrypt your Content collected
through the backup service. You may opt-out of this backup service at
any time by doing so within the app.
</li>
<li>
<strong>Updates About the Services.</strong> If you choose to receive <strong>Updates About the Services.</strong> If you choose to receive
updates on Comms progress, you will be required to provide your email updates on Comms progress, you will be required to provide your email
address to us. These email addresses will not be associated with any address to us. If you choose to send any emails to us in response to
accounts, and will not be used for any purpose other than to provide such updates or otherwise, we may collect the content of such emails.
updates on Comm. These email addresses, and any emails received from you, will not be
associated with any accounts, and will not be used for any purpose
other than to provide updates on Comm and to otherwise respond to you.
</li> </li>
<li> <li>
<strong>Time Zone Detection.</strong> When responding to a web <strong>Time Zone Detection.</strong> When responding to a web
request, we use the requesters IP address in order to determine which request, we use the requesters IP address in order to determine which
time zone to render timestamps in. We do not store these IP addresses time zone to render timestamps in. We do not store these IP addresses
or associate them with specific accounts. or associate them with specific accounts.
</li> </li>
<li> <li>
<strong>Security, Fraud and Abuse.</strong> In order to detect and <strong>Security, Fraud and Abuse.</strong> In order to detect and
prevent abuse of our Services and cyberattacks, we keep track of prevent abuse of our Services and cyberattacks, we keep track of
request metadata, which includes requests made by IP addresses as well request metadata, which includes requests made by IP addresses as well
as the frequency of those requests. This data is only stored on a as the frequency of those requests. This data is only stored on a
short-term basis and is never associated with specific accounts, even short-term basis and is never associated with specific accounts, even
if the requests themselves originate from or are associated with if the requests themselves originate from or are associated with
specific accounts. Additionally, we may view and block certain IP specific accounts. Additionally, we may view and block certain IP
address ranges as necessary to comply with applicable United States address ranges as necessary to comply with applicable United States
export control laws and regulations. export control laws and regulations.
</li> </li>
<li> <li>
<strong>Optimizing the Services.</strong> In order to optimize the
Services provided to you, we keep track of which version of Comms
code you are running as well as the platform that you are using to run
Comms code (e.g., iOS, Android, web server, keyserver). We only
collect this information to provide the Services to you, and are not
able to access or view the substance of your Content in connection
with such collection.
</li>
<li>
<strong>Crash Reports.</strong> If you choose to send us a crash <strong>Crash Reports.</strong> If you choose to send us a crash
report, we may collect data from such reports for purposes of report, we may collect data from such reports for purposes of
debugging and system maintenance. These reports contain operational debugging and system maintenance. These reports contain operational
information such as telemetry data (e.g., information with respect to information such as telemetry data (e.g., information with respect to
the recent connection between the client and server), metadata (e.g., the recent connection between the client and server), metadata (e.g.,
time stamps from messages sent in a conversation or chat), and device time stamps from messages sent in a conversation or chat), and device
data (e.g., your devices operating system) but never contain the data (e.g., your devices operating system) but never contain the
content of your messages. content of your messages.
</li> </li>
<li> <li>
<strong>Push Notifications.</strong> If you choose to allow push <strong>Push Notifications.</strong> If you choose to allow push
notifications to your device, your devices operating systems notifications to your device, your devices operating systems
provider will know that you are using the Services and may be able to provider will know that you are using the Services and may be able to
see the content of the messages you transmit using the Services. We see the Content you transmit using the Services. We only collect push
only collect push tokens required to send you such notifications and tokens required to send you such notifications and these tokens do not
these tokens do not permit us to access or view the content of your permit us to access or view your Content.
messages.
</li> </li>
<li> <li>
<strong>Contact List.</strong> If you allow us to do so, we can <strong>Contact List.</strong> If you allow us to do so, we can
discover which contacts in your address book are Comm users by using discover which contacts in your address book are Comm users by using
technology designed to protect the privacy of you and your contacts. technology designed to protect the privacy of you and your contacts.
If you opt to discover other Comm users in your contact list, phone If you opt to discover other Comm users in your contact list, phone
numbers from the contacts on your device, as well as your own phone numbers from the contacts on your device, as well as your own phone
number, will be hashed and transmitted to Comm in order to match you number, will be hashed and transmitted to Comm in order to match you
and your friends on the Services. Since this contact information is and your friends on the Services. Since this contact information is
hashed, Comm cannot view or access the plaintext version. hashed, Comm cannot view or access the plaintext version.
</li> </li>
<li> <li>
<strong>Cookies.</strong> We only use a single cookie per user in <strong>Cookies.</strong> We only use a single cookie per user in
order to authenticate a user as being logged in to Comm. Most browsers order to authenticate a user as being logged in to Comm. Most browsers
allow you to decide whether to accept these cookies and whether to allow you to decide whether to accept these cookies and whether to
remove any cookies already on your device. If you disable these remove any cookies already on your device. If you disable these
cookies, you will not be able to stay logged into Comm. cookies, you will not be able to stay logged into Comm.
</li> </li>
<li> <li>
<strong>Content.</strong> Other Comm users may have access to all or <strong>Bots.</strong> We may communicate with you through the
some of the Content owned by you.{' '} Services by using bots, and we will have access to any information you
voluntarily provide in response to those bots. We only collect this
information to provide the Services to you, and are not able to access
or view the substance of any other Content in connection with such
collection.
</li>
<li>
<strong>Content.</strong> Other Comm users may have access to, and
have the ability to store, all or some of the Content owned by you.{' '}
<strong> <strong>
However, as this Content is end-to-end encrypted, we have no ability However, as this Content is end-to-end encrypted, we have no ability
to access, view or control your Content. to access or view the substance of your Content.
</strong>{' '} </strong>{' '}
For more information on how Comm works, please{' '} For more information on how Comm works, please{' '}
<a href="https://www.notion.so/How-Comm-works-d6217941db7c4237b9d08b427aef3234"> <a href="https://www.notion.so/How-Comm-works-d6217941db7c4237b9d08b427aef3234">
click here click here
</a> </a>
. .
</li> </li>
<li> <li>
<strong>Anonymized Data.</strong> We may create aggregated, <strong>Anonymized Data.</strong> We may create aggregated,
de-identified or anonymized data from the information we collect from de-identified or anonymized data from the information we collect from
you, including by removing information that makes the data personally you, including by removing information that makes the data personally
identifiable to you. We may use such aggregated, de-identified or identifiable to you. We may use such aggregated, de-identified or
anonymized data for our own lawful business purposes, including to anonymized data for our own lawful business purposes, including to
analyze, build and improve the Services and promote our business, analyze, build and improve the Services and promote our business,
provided that we will not use such data in a manner that could provided that we will not use such data in a manner that could
identify you. identify you.
</li> </li>
</ol> </ol>
<h2>Public Blockchain Information</h2>
<p>
Information posted on a blockchain is publicly available and auditable.
When you and other users use the Services, Comms applications will
automatically make calls to third-party blockchain providers using
users blockchain addresses (including yours) to access publicly
available information about those blockchain addresses (e.g., ENS name,
ENS avatar). Such publicly available information will then be displayed
through the Services to you and/or other Comm users. This information is
not shared or stored by Comm, and the only information accessible and
displayed is information that is publicly available on the blockchain.
</p>
<p>
Additionally, if you choose to use Comms applications, third-party
blockchain providers may also have access to your IP address. While your
IP address is not shared by Comm, it is automatically accessible by such
providers through your use of Comms applications, regardless of whether
you intend to make such information available. This access is required
in order to allow Comm users to make calls to third-party blockchain
providers, and Comm has no control over what such third-party blockchain
provider may do with your IP address.
</p>
<h2>How We May Share Your Information</h2> <h2>How We May Share Your Information</h2>
<p> <p>
We have no access to your Content and therefore have no ability to share We may share the information we collect with third parties for the
it. As for the very limited information we do collect, we would{' '} reasons listed below.{' '}
<strong>never</strong> sell, rent or monetize that information. However, <strong>
we may share this information with third parties for the following However, your Content will always remain end-to-end encrypted, even
reasons: when stored in the backup service, and Comm has no ability to decrypt
that information for any third party.{' '}
</strong>
Moreover, we will <strong>never</strong> sell, rent or monetize your
information.
</p> </p>
<ol> <ol>
<li> <li>
To fulfill our legal obligations under applicable law, regulation, To fulfill our legal obligations under applicable law, regulation,
court order or other legal process. court order or other legal process.
</li> </li>
<li> <li>
To protect the rights, property or safety of you, Comm Technologies or To protect the rights, property or safety of you, Comm Technologies or
another party as required or permitted by law. another party as required or permitted by law.
</li> </li>
<li>To enforce any agreements with you.</li> <li>To enforce any agreements with you.</li>
<li> <li>
Pursuant to a merger, acquisition, bankruptcy or other transaction in Pursuant to a merger, acquisition, bankruptcy or other transaction in
which that third party assumes control of our business (in whole or in which that third party assumes control of our business (in whole or in
part). part).
</li> </li>
</ol> </ol>
<p>
While sharing your email address is entirely optional, if you do choose
to share it, we may share that email address, and the contents of any
email sent by us or you, with our third-party service providers who may
assist us in providing updates to you. Such information would be shared
with such third-party service providers for the sole purpose of
providing you updates on Comm, and will never be associated with your
account or sold, rented or otherwise monetized.
</p>
<p>
Additionally, Comm uses third-party hosting providers to host its
central cloud servers, therefore we may share the information we collect
with such hosting providers in order for them to host this information.
This information will be shared with such hosting providers for the sole
purpose of providing the Services to you, and your Content will always
remain end-to-end encrypted when shared with such hosting providers,
even when stored in the backup service.
</p>
<h2>Retention of Information</h2> <h2>Retention of Information</h2>
<p> <p>
For any of your personal information that we collect, we retain such For any of your personal information that we collect, we retain such
personal information for as long as you have an open account with us or, personal information for as long as you have an open account with us or,
only with respect to the association between your username and public only with respect to the association between your account and public
key, as otherwise necessary to provide our Services. key, as otherwise necessary to provide our Services.
</p> </p>
<h1>Your Rights in the Personal Data You Provide to Us</h1> <h1>Your Rights in the Personal Data You Provide to Us</h1>
<h2>Your Rights</h2> <h2>Your Rights</h2>
<p> <p>
▲ Show 20 LinesShow All 61 Lines▼ Show 20 Lines <div className={css.legal_container}>
</p> </p>
<p> <p>
Termination of your account may or may not result in destruction of Termination of your account may or may not result in destruction of
Content associated with your account, and other Comm users may continue Content associated with your account, and other Comm users may continue
to have access to and control over your Content. to have access to and control over your Content.
</p> </p>
<p>
If you would like to delete any backed-up Content from our backup
service, you may do so at any time by making a request within the app.
</p>
<h2>Changes to this Privacy Policy</h2> <h2>Changes to this Privacy Policy</h2>
<p> <p>
We may update this Privacy Policy from time to time. If you use the We may update this Privacy Policy from time to time. If you use the
Services after any changes to the Privacy Policy have been posted, that Services after any changes to the Privacy Policy have been posted, that
means you agree to all of the changes. Use of information we collect is means you agree to all of the changes. Use of information we collect is
subject to the Privacy Policy in effect at the time such information is subject to the Privacy Policy in effect at the time such information is
collected. collected.
Show All 39 Lines