1c4fcff942a1e30402361f24ce098b963a80ca72 — Drew DeVault 3 years ago cc70d13
Add terms of service and privacy policy
4 files changed, 241 insertions(+), 0 deletions(-)

M builds.sr.ht/manifest.md
M index.md
A privacy.md
A terms.md
M builds.sr.ht/manifest.md => builds.sr.ht/manifest.md +3 -0
@@ 84,6 84,9 @@ Task names must use only lowercase alphanumeric characters or underscores
and must be <=128 characters in length. Tasks are executed in the order

Each task is run in a separate login session, so if you modify the groups of the
`build` user they will be effective starting from the subsequent task.

## triggers

*list* (of *trigger*)

M index.md => index.md +3 -0
@@ 50,3 50,6 @@ places.

Please review the sr.ht [terms of service](terms.md) and [privacy

A privacy.md => privacy.md +112 -0
@@ 0,0 1,112 @@
If you have any questions, please reach out to Drew DeVault <sir@cmpwn.com> via

# What we collect and why

The only data we require of your account is your email address; a username of
your choosing, which must be unique among all users; and a password. Your email
and username are stored in "plain text". Your password is stored after
processing with bcrypt, from which the original password cannot be devised
without a computationally expensive process. However, given your password, we
can determine that it matches our stored key without expensive processing.  The
purpose of this step is to ensure that should our database become compromised,
your original password will be difficult to recover. Regardless, you are
strongly encouraged to use a unique password for your sr.ht account.

You may choose to to give us additional information, which is shown publicly on
the site. This includes:

- Your location
- A URL to any website
- A short biography

You may omit or provide fictitious data for this information.

You may be required to provide the following information in order to
successfully operate some parts of the service, some of which may be used to
uniquely identify you:

- SSH keys
- PGP keys
- Two factor authorization keys

You may delete this information at any time by visiting your [account
details](https://meta.sr.ht). If you provide a PGP key, you may choose to have
email communications from sr.ht encrypted before being sent to you.

We also obtain some information from your web browser as you use our services
and store it for up to 30 days:

- Your IP address
- When you accessed the site
- What you did on the site

This information is available to you as an [audit
log](https://meta.sr.ht/security). You are not able to delete this information.
The purpose of this data collection is to inform both you and sr.ht of any
unknown activity on your account. If we permitted deletion of this information,
someone who obtains unauthorized access to your account would be able to delete
it, too.

We also store various other kinds of information that you explicitly choose to
give us, including (but not limited to):

- repositories on git.sr.ht
- tickets on todo.sr.ht
- build logs and secrets on builds.sr.ht

To faciliate automated access to your account for third-party service or your
personal use, we also generate and store API keys which can be used to authorize
use of your account. A portion of these keys are stored in plaintext - not
enough to gain access to your account, but enough for us to quickly look up your
account details given the key. The full key is stored only after processing with
bcrypt, similar to the process used for your password.

If you choose to use our paid services, we will store a token which is used to
bill your payment method. Information like your credit card number cannot be
recovered from this token.

We also use cookies to store long-lived authorization data, to remember that
you're logged into your account between visits without prompting you for your
password again. We also use cookies to store short-lived information, like the
fact that we have to tell you on the next page you load that we completed some
operation sucessfully for you.

## How we share your information with third-parties

Aside from information you choose to make public in the course of your use of
sr.ht and information you explicitly choose to share with specific
third parties, none of your information is shared with third parties. We do not
embed third-party content in our website.

We permit user-generated content to include images from and links to third-party
sites. On pages displaying this content, information may be sent to these
third-parties. This information includes:

- Your IP address
- Information about your web browser, such as whether you use Firefox or Chrome
- The URL on sr.ht you visited when you saw this content

We are not responsible for any additional information your web browser may send
to these third parties.

If you use any of our paid services, we will transmit your payment information
to a third-party payment processor. You will be notified of this before the
information is transmitted, and given an opportunity to prevent its
transmission. We will be unable to provide you with paid services if you decline
to transmit this information.

We may also be required to remit your data upon receiving an order from a court
of the United States. If permitted by the order, you will be notified if this

## How to access and control the information we've collected

You may submit a request via email to Drew DeVault <sir@cmpwn.com> to request an
archive of the information we've collected about you, or to request that we
remove any information we've collected about you. 

## Changes to this document

We may make changes to this document with no less than 2 weeks notice. Notice of
these changes will be sent to the email on file for your account.

A terms.md => terms.md +123 -0
@@ 0,0 1,123 @@
These are the terms of service for sr.ht; please read them before using sr.ht.

If you have any questions, please reach out to Drew DeVault <sir@cmpwn.com> via

## tl;dr

- You need to be old enough to have an account and you are responsible for
  your account. We can cut you off at any time.
- Use our services in good faith and don't get us in trouble.
- You grant us enough rights to your content to provide our services.
- We can terminate service at any time.
- Some services may require payment.
- We'll email you before these terms change.

For full details, read on.

## Definitions

The "services" are any software, application, product, or service provided by
sr.ht. Collectively they are also referred to as the "network".

"sr.ht", "we", and "us" refers to sr.ht and its authorized agents.

The "user", "you", and "your" refers to any individual or organization which
accesses our services.

"Content" refers to any content displayed by our services, including but not
limited to text, source code, images, data, and so on. "User generated content"
refers to content created or uploaded by our users. "Your content" refers to
content you created or own.

## Account Terms

Accounts are only available to users who are 13 years of age or older, or the
minimum age for accessing internet services in their country, whichever is
older. You must also be a human, accounts registered through automated means
are not permitted. Accounts utilized by an automated process are permitted, so
long as the initial account registration was manually performed by a human.

You are responsible for your account, any activity performed with it, and the
security of your account credentials.

Your account may be disabled without notice at any time, temporarily or
permanently, for any reason.

We require an email address to register an account. This email address must be
kept up-to-date and we must be able to reach you for official communication at
this address. If we are unable to reach you, your account may be terminated.

## Permissible use

You must obey all local and US laws in the course of using the service. You will
not utilize the service to transmit or store content which is unlawful. The
following additional types of content are explicitly prohibited:

- explicit sexual content
- malware in executable form; or in source form without obvious disclaimers
  describing the legal and practical risks of use
- any content which utilizes our platform for malware delivery or activation
- content which infringes on any copyright, patent, or trademark you do not own

You must not deliberately use the services for the purpose of:

- impacting service availability for other users
- obtaining or disclosing private information of other users
- impersonating any person other than yourself or organizations you are
  authorized to represent
- spamming, unsolicited advertising, or solicitation

You may use automated tools to obtain public information from the services for
the purposes of archival or open-access research. You may not use this data for
recruiting, solicitation, or profit.

## Content rights

You are solely responsible for any content you provide to the service. Upon
upload, you grant sr.ht a non-exclusive and indefinite license to use and
display your content in ways required for the appropriate operation of our
services. If you make your content public through privacy tools on our services,
you grant other users of the network the right to view and use your content
through the tools provided by our services.

You may grant additional rights on your content, for example by providing a
LICENSE or COPYING file in git repositories hosted on git.sr.ht.

You may request an archive of all of your content on the service by writing an
email to Drew DeVault <sir@cmpwn.com> and allowing up to 2 weeks for an archive
to be prepared.

## Service availability

We may disable or terminate all or part of our services, permanently or
temporarily, at any time with or without notice.

This software is provided by the copyright holders and contributors "as is" and
any express or implied warranties, including, but not limited to, the implied
warranties of merchantability and fitness for a particular purpose are
disclaimed. In no event shall the copyright holder or contributors be liable for
any direct, indirect, incidental, special, exemplary, or consequential damages
(including, but not limited to, procurement of substitute goods or services;
loss of use, data, or profits; or business interruption) however caused and on
any theory of liability, whether in contract, strict liability, or tort
(including negligence or otherwise) arising in any way out of the use of this
software, even if advised of the possibility of such damage.

## Payments

Some services require payment for service, or for different degrees of service.
When you request paid services, you are billed immediately for the displayed
term. These services will be remitted to you at the displayed price, which will
not change during the payment term. If you authorize us to automatically renew
your service at the end of the term, you will be notified at least 1 week in
advance of renewal when the price has changed during the previous payment term.

No refunds are given for partial service or when you request your services are
downgraded. In the event that your services are downgraded, you are billed the
reduced price at the start of the next billing term.

## Changes to these terms

We may make changes to these terms with no less than 2 weeks notice. Notice of
changes to these terms will be sent to the email on file for your account.