Evaluate if our privacy policy is impacted by logging queries

[mlissner]

We want to start logging user search queries, but we need to evaluate if that impacts our privacy policy. It might! Even anonymous queries can be a problem (see AOL search query scandal circa 2006?).

Questions:

• Can we store them per user?
• Can we store them without user info?
• How long can we store them?
• Can we store performance metrics to make Alberto happy too?

[legaltextai]

This is what the privacy policy says now:

We collect the following technical information about our visitors:
The website that referred you to our site (via the [HTTP Referer](https://en.wikipedia.org/wiki/HTTP_referrer) field)
The browser software you use, your operating system, and your monitor's resolution
What country you are from
Any queries that you made in our search, alert or Atom feeds. 
<...> 
These systems help us identify popular pages, diagnose technical problems, and defend our initiatives against attacks. 

if we use any third-party models like openai or cohere as part of our implementation, we 'll need to add them to this list:

We currently share data with the following third parties:
We use Amazon, Inc.'s AWS services to store and process data.
For the purpose of sending newsletters, we share information with [Moosend, Ltd, a subsidiary of Sitecore, Inc](https://moosend.com/).
For the purpose of processing transactions, we share information with [Neon One, LLC](https://www.neonone.com/).
For the purpose of error tracking, we share error and logging information with [Sentry, Inc](https://sentry.com/). This information generally does not contain any PII and is purged after 90 days.
For the purpose of counting page visits, we use [Plausible Analytics](https://plausible.io/).
For the purpose of handling donations and managing donors and outreach, we use [Neon One](https://neonone.com/).

[mlissner]

This is helpful. I don't think we should add the AI stuff yet, but I made an updated version here:

https://docs.google.com/document/d/15WoL4PkWzH09__BvarpIdttx20pzsVLOfS9Kv72MPQM/edit?usp=sharing

Want to take a stab at updating our existing policy? Note that we keep existing copies at the bottom of our privacy policy for historians to dig into. :)

If you prefer, I can ask somebody else to do this too, but I thought it might be another good one to get you comfy in the code.

[legaltextai]

I see you omitted some parts:

We have never used third party tracking. From 2009 to 2022 we self-hosted the Matomo analytics system so that our user's traffic would not be shared with third parties. In March of 2022, we went further, and stopped tracking users across sites or even pages by switching to [Plausible Analytics](https://plausible.io/).

We do not track you across pages or visits, but we do use [Plausible Analytics](https://plausible.io/) to collect some information from your computer, and we do log visits. These systems help us identify popular pages, diagnose technical problems, and defend our initiatives against attacks. For example, we collect the following technical information about our visitors:

The website that referred you to our site (via the [HTTP Referer](https://en.wikipedia.org/wiki/HTTP_referrer) field)
The browser software you use, your operating system, and your monitor's resolution
What country you are from
Any queries that you made in our search, alert or Atom feeds 

I take that 's intentional? You don't need those anymore?

[legaltextai]

i 've made some minor changes to the doc. if we are not adding the part about sharing with llm providers, are you ok to roll out another change to the privacy policy hopefully in a couple of weeks?

[mlissner]

I removed the detailed section about Plausible because I didn't think it was really helpful, and the thing about third party tracking is debatable. Plausible isn't a tracker, I don't think, but it felt like too subtle a difference to crow about.

Do you want to propose an edit with the LLM providers text you suggested on Slack?

[legaltextai]

added some changes