Privacy Policy

[ianmilligan1]

We should have a privacy policy. This would let us use Google's OAuth2 service as they require one, and more importantly, it would be a good thing for us to have.

There are online services to create templates, and we can probably check out a few similar services.

[SamFritz]

Updating this discussion with some resources I've found. Most provide examples of existing privacy policies and statements. While there are many examples out there I lean more towards those that I think we can adapt in terms of layout, content, and tone.

Examples

• https://help.github.com/articles/github-privacy-statement/ (like the layout, content, and simplicity of writing style)
• https://www.cisco.com/c/en/us/about/legal/privacy.html
• https://www.docker.com/legal/docker-privacy-policy (More so for some of headers/items it address)
• https://opensource.com/privacy-policy (short and sweet)
• https://www.iipccanada.com/privacy-policy/
• https://foundation.wikimedia.org/wiki/Privacy_policy (short and like tone)
• https://uwaterloo.ca/privacy/privacy-statement/ (university-based web privacy statement)

An article that lists some popular policy generators, should we opt for this route:

• https://digital.com/blog/best-privacy-policy-generators/

[ianmilligan1]

These are great, @SamFritz! We chatted a bit about it this afternoon, but I agree that I like the style of the GitHub policy and then perhaps the length of some of the shorter policies.

I think going forward it makes sense to maybe cherry pick from the ones you like best, and perhaps double-check with a privacy policy generator or two that we're not leaving anything else suggested for Canadian jurisdictions?

[SamFritz]

Sounds good! I can start to draft outline/headers/content and then send around to the team for input.

FYI example policy generated from: https://www.shopify.com/tools/policy-generator/show/UmMzeFJvSXRWOHI1Q0tGOTlUUUtYZz09LS1rd1RPcFdwRHRlV2xWc0ZHekV5em13PT0=--e5d18fddeaf67619241ef48a90cf044ac58b3289?utm_campaign=growth_tools&utm_content=policy&utm_medium=email&utm_source=sendgrid

[SamFritz]

Throwing down some ideas for privacy policy draft:

https://docs.google.com/document/d/10-ePMP_-7cAZRYThAXAy-6TVdDQlg0r9b_sab3kGRPo/edit#

[ianmilligan1]

We'll need to decide where this lives on the AUK website: does it belong as a link in a footer? Link from the about page?

We should also have a copy on the about page, probably beneath "code of conduct." (we could move funding up to below the advisory board members)

[ruebot]

We'll need to decide where this lives on the AUK website: does it belong as a link in a footer? Link from the about page?

How about a standalone page, and it's included in the sign-up agreement on the user page?

We should also have a copy on the about page, probably beneath "code of conduct." (we could move funding up to below the advisory board members)

Should we? Is it a privacy policy for the entire project, or just the cloud service? I'm under the impression it is just for the cloud service.

[SamFritz]

We are getting close!

Just a quick update to move discussions on the google doc to this ticket:

• the privacy policy will live on AUK as a standalone page that can be located within the menu bar
• link to the privacy policy will also be found in the sign-up agreement for reference
• the policy will also live on the AUT webpage as this policy speaks to all services/products of the AU project.

@SamFritz to stage content and request PR. Final review of layout from @ianmilligan1 + @ruebot