~sircmpwn/sr.ht-discuss

1

[pages] Privacy policy missing for websites under srht.site

Details
Message ID
<hQtX6Xkyi_BAJUiIM6ZSFT6WVZuA6Pg63Q_7VmplrBH8N3bVGqCwXjaT1qvISAAs9dSVhT6TWRS0_Fx9G8hDpMQ4xneX0l7Twy3lbu8WasE=@tlambert.be>
DKIM signature
missing
Download raw message
The privacy policy of SourceHut does not mention anything regarding
the data collected about visitors of websites hosted under
<username>.srht.site, nor for visitors of websites with a custom domain
but hosted on sourcehut.

I am not a lawyer, but I think the GDPR impose website administrators
to identify all that stuff properly. I assume that, as for the rest
of the service, only minimal data is collected (IP ?) and for a short
period of time. But this is still something that should be addressed
publicly so it can be easier for website admins to be 100% compliant.

In general, the privacy policy does not really differentiate the
logged-in users with an account and the website visitors. So it is
unclear as well in that aspect (from my understanding, IANAL).
Maybe this could be made a bit clearer as well?
Details
Message ID
<CLOLYS1DZ4CT.1ZA1AX1PRPO7Z@taiga>
In-Reply-To
<hQtX6Xkyi_BAJUiIM6ZSFT6WVZuA6Pg63Q_7VmplrBH8N3bVGqCwXjaT1qvISAAs9dSVhT6TWRS0_Fx9G8hDpMQ4xneX0l7Twy3lbu8WasE=@tlambert.be> (view parent)
DKIM signature
missing
Download raw message
The global privacy policy applies here:

https://man.sr.ht/privacy.md

We don't collect any additional information and we prevent most tracking
by user sites via the CSP. However, any additional privacy policy which
may be necessary is the responsibility of each site owner.
Reply to thread Export thread (mbox)