search

peddybeats / hands-down

Slow the spread of COVID-19 by discouraging people from touching their face
6 stars 1 forks source link

Add privacy policy and Terms of Service #53

Closed peddybeats closed 4 years ago

peddybeats commented 4 years ago

Some examples would be https://prinsec.com/terms-of-use or https://www.jrtapsell.co.uk/privacy.html

Berkmann18 commented 4 years ago

What email address/contact info should we use for the privacy/security policies? @HugoTse What do you think about that, given that you're an InfoSec specialist?

HugoTse commented 4 years ago

I think we're good as long as we're not collecting personally identifiable information. Are we providing an email so that people can raise their concerns? Suggest improvements?

Berkmann18 commented 4 years ago

I think we're good as long as we're not collecting personally identifiable information

From a GDPR standpoint, we're pretty much good to go (although we don't have any GDPR documentation filled or anyone in charge of such documentation).

Are we providing an email so that people can raise their concerns? Suggest improvements?

Essentially yes, that way, anyone who discovered vulnerabilities can contact appropriately without having to go the public route.

HugoTse commented 4 years ago

I think we're good as long as we're not collecting personally identifiable information

From a GDPR standpoint, we're pretty much good to go (although we don't have any GDPR documentation filled or anyone in charge of such documentation).

Are we providing an email so that people can raise their concerns? Suggest improvements?

Essentially yes, that way, anyone who discovered vulnerability can contact appropriately without having to go the public route.

Sounds great!

HugoTse commented 4 years ago

I think we're good as long as we're not collecting personally identifiable information

From a GDPR standpoint, we're pretty much good to go (although we don't have any GDPR documentation filled or anyone in charge of such documentation).

In that case, I reckon we can do away with mentioning privacy. I don't foresee users being able to escalate issues to involve regulations.

Are we providing an email so that people can raise their concerns? Suggest improvements?

Essentially yes, that way, anyone who discovered vulnerability can contact appropriately without having to go the public route.

Sounds great!