qwik-website/privacy.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <link rel="apple-touch-icon" sizes="180x180" href="/favicons/apple-touch-icon.png">
    <link rel="icon" type="image/png" sizes="32x32" href="/favicons/favicon-32x32.png">
    <link rel="icon" type="image/png" sizes="16x16" href="/favicons/favicon-16x16.png">
    <link rel="manifest" href="/favicons/site.webmanifest">
    <link rel="mask-icon" href="/favicons/safari-pinned-tab.svg" color="#3ddf89">
    <link rel="shortcut icon" href="/favicons/favicon.ico">
    <meta name="msapplication-TileColor" content="#181833">
    <meta name="msapplication-config" content="/favicons/browserconfig.xml">
    <meta name="theme-color" content="#3ddf89">

    <link rel="stylesheet" type="text/css" href="./styles/main.css">
    <link rel="stylesheet" type="text/css" href="./styles/privacy.css">
    <title>qwik's privacy policy</title>
</head>
<body>
    <div class="container">
        <header>Privacy Policy</header>
        <i style="color: var(--primary); text-align: center; display: block;">Last updated 25th July 2021</i>
        
        <h1>Introduction</h1>
        <p>
            We want to keep this short but informative, but a <i>tl;dr</i>: <br>
            We do not want to collect data, and all data collected <i>should be logical.</i> 
            (i.e. emails for a <a href="https://git.qwik.space">gitea</a> account or so). <br><br>
            We will change this Privacy Policy from time to time to reflect the current situation. Please keep an eye out.
        </p>
        


        <h1>Some extra words</h1>
        <p>
            This notice is very general and there might be exceptions for each individual service we offer.
            Consider reading about the services before you use them, but they are all doing their best to
            be privacy friendly. <br><br>

            We will list some exceptions further down the privacy policy.
        </p>



        <h1>Data collection</h1>
        <h2>IP Addresses and User Agents</h2>
        <p>
            We do not keep nginx access logs - so we can't see who has connected. However, our main server uses
            modsecurity to protect against different types of attacks. If one of your requests is flagged as an
            attack, modsecurity will write to an audit log. This will <b>log your User Agent</b>.
        </p>
        
        <h2>Cookies</h2>
        <p>
            Our main page (<a href="https://qwik.space">qwik.space</a>) does not have any cookies.
        </p>
        
        <h1>Data retention</h1>
        <p>
            The modsecurity log is kept until we clear it from time to time.
        </p>
        


        <h1>Data sharing</h1>
        <p>
            We do not share any data with third parties unless we have to by law or state otherwise.
        </p>
        


        <h1>Exceptions</h1>
        <p>
            Here are some services that make exceptions to the above statements:
        </p>
        <h2>XMPP</h2>
        <p>
            Our XMPP server caches messages and uploads for up to seven days. If your client uses
            encryption (such as OMEMO) the cached messages and uploads will be encrypted. We <b>strongly</b>
            advise using encryption.
        </p>
        
        <h2>Gitea</h2>
        <p>
            Gitea will collect your email upon registration. (Sadly we don't know any way to disable this.) However,
            the email isn't used for anything so it can be whatever. We would maybe even advise you to use a temporary
            or throwaway email. <br><br>
            Gitea will require a username on signup, which you might consider personal. We would advise
            you to not use your real name and instead use an alias. <br><br>
            Gitea also uses some cookies, but this is for your comfort. For example keeping you signed in and remembering
            your settings or what not.
        </p>
        
        <h2>Nitter, Bibliogram, Libreddit, Searx</h2>
        <p>
            These services all use cookies to remember your settings.
        </p>
        


        <h1>Recommendations</h1>
        <p>
            The internet <b>is not a good place</b> when it comes to privacy. If you want to limit
            the risks of <i>something or someone</i> invading your privacy online, we recommend:
            <ul>
                <li>Use Tor (properly)</li>
                <li>Use throwaway emails when signing up for stuff</li>
                <li>Use fake names or aliases to protect your name</li>
                <li>(Generally) don't give out personal information online...</li>
            </ul>
        </p>
    </div>
</body>
</html>