-
Notifications
You must be signed in to change notification settings - Fork 2
/
privacy-policy.html
177 lines (177 loc) · 13.7 KB
/
privacy-policy.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<!-- web app settings -->
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=0">
<!-- Title, icons and colors -->
<title>SEPIA Privacy Policy</title>
<meta name="application-name" content="SEPIA Privacy Policy"/>
<meta name="apple-mobile-web-app-title" content="SEPIA Privacy Policy">
<meta name="description" content="Privacy policy for official, public releases of SEPIA-Framework clients, servers and sites.">
<meta name="theme-color" content="#000">
<!-- Icons
<link rel="icon" sizes="192x192" href="img/icon.png">
<link rel="apple-touch-icon" href="img/icon.png">
<meta property="og:image" content="img/icon.png"/>
-->
<style>
body {
font-family: sans-serif;
}
</style>
</head>
<body>
<div>
<h1>Privacy Policy for S.E.P.I.A. Framework</h1>
<b>EFFECTIVE DATE:</b> June 21, 2018<br>
<br>
<h2>Introduction</h2>
The SEPIA-Framework team represented by Florian Quirin ("we", "us", "our") values data privacy as a core concept of SEPIA!
The framework is designed to be operated by the user ("you") her-/himself, putting her/him in full control of all data stored and transferred between SEPIA's components.<br>
If you decide to use an official component or service not built by yourself but publicly supplied by us like our ready-to-use web-client: https://sepia-framework.github.io/app/ ("our SEPIA client"), the Android or iOS app ("our apps") or when you visit our project page: https://sepia-framework.github.io
then the privacy policy described in this document (“policy”) will apply to you.<br>
<br>
<b><u>IMPORTANT:</u></b> The SEPIA-Framework is a modular system and you can decide to mix public and private components as you require. For example this can be done by using an official, public client, but connect it to a private server via the host-name settings in the menu.
When you are using non-official, public SEPIA servers, clients or websites additional conditions might apply that cannot be covered by this policy! The operator of these servers, clients or websites is responsible to make them available and point you to his own policy.<br>
<b>WE STRONGLY ADVISE to use only servers that you really TRUST or you host yourself!</b><br>
<br>
Get server info: <button id="check-server-info" onclick="getSepiaServerInfo()">CHECK SERVER</button>
<div id="check-server-result"></div>
<!-- add method here to call privacy policy for custom servers -->
<br>
<h2>Policy</h2>
In this policy we describe how we collect, use, and disclose information that we obtain about users of official, public SEPIA components and the related services ("our software"), as well as visitors to or users of our website: https://sepia-framework.github.io (“our site”).<br>
<br>
By using our software or our site you agree that your personal information will be handled as described in this policy. Your use of our software or site and any dispute over privacy is subject to this policy and the license agreement supplied with it,
including its applicable limitations on damages and the resolution of disputes.
<br>
<h3>The Information We Collect About You</h3>
<p><b>Browsing our websites:</b>
When you are browsing one of our websites that does not require a user-account (no login pop-up) we do not actively store any information about you. The website might try to use your browser settings to e.g. show you the content in your own language,
but this data will be gone when you close the browser tab or window and we don't use any tools to track you.
</p>
<p><b>Visiting one of our GitHub pages:</b>
When you are visiting websites hosted via GitHub (e.g. github.com/SEPIA-*) the privacy policy of GitHub applies: https://help.github.com/articles/github-privacy-statement/<br>
Notably this means that some anonymous data like "how many people visited our repository" can be accessed.
</p>
<p><b>Websites with log-in, web-apps and native apps:</b>
When you visit our SEPIA client or one of our apps some data will be stored locally inside your app or browser. This is necessary to operate the website/app in a user-friendly way, e.g. to remember your settings and configuration.
Locally stored data cannot be accessed by us and will be deleted automatically depending on your browser setting and operating system (e.g. Android usually has a system function to delete app-cache and deleting the app
will normally remove all data stored inside as well). If you log-in to your account data will be transferred to the SEPIA server of your choice (e.g. login-ID, password, local-time, device-ID, location) and the host of this server is responsible to inform
you about his privacy policy and terms of use (see introduction note).
</p>
<p><b>When you use an official, public SEPIA server:</b>
By default our public, ready-to-use <b>SEPIA clients are configured to look for your own, private server unless stated otherwise</b>.
If you have access to one of our servers, e.g. as a beta tester or because we decided to operate a large-scale, public SEPIA server and you've selected it in the app settings
then we will collect and store certain data of you. Your user-account usually starts with just an email address and a random ID ("your ID") we'll assign to it, but you can add things like your name, address, personal commands
and other info. All of this data can be viewed and permanently deleted from inside your SEPIA client.<br>
Besides the user-data you decide to add to your account the default SEPIA server will log certain usage-data related to your user-ID like the last login time, services you've used and illegal access attempts. Possible internal errors might also be connected to your ID.
Our servers will never store your input sentences directly, e.g. "show me the way to main street 0815" will never show up in our logs in connection to your user-account, but if SEPIA does not understand requests it can store sentences anonymously.
This is important for us to improve the system while at the same time respect your privacy, but remember: <b>This is opt-in, you can always simply use your own private SEPIA server!</b>
</p>
<p><b>Audio (microphone-input) and location data:</b>
SEPIA clients are usually able to record audio and determine your location via functions supplied by the browser or device ("platform") they are running on.
Audio recording only happens when deliberately triggered (e.g. by pressing the microphone button) and audio data is never stored permanently inside the client or on our servers unless explicitly requested (e.g. a voice-memo service would need to save an audio file).
Location tracking is an opt-in feature configurable in the main menu (if available) and location data is only stored inside the client as long as it (the client) is active.
Location data transferred to a SEPIA server can be used for services like navigation but is only stored if explicitly requested (e.g. when using a "where did I park my car"-service).
To perform speech-recognition (converting speech to text) and geo-searches (e.g. finding locations to GPS addresses) native platform APIs by Apple (iOS app) and Google (Android and Chrome browser) are used and their usage is bound to the privacy policies of the corresponding platforms.
Please note: Other platforms like the Microsoft Edge browser or Mozilla's Firefox can implement their own services and privacy policies in the future (after June 2018).
</b>
<h3>How We Use Your Information</h3>
<p><b>Websites and apps:</b>
Data stored locally in the cache of your browser or app is solely used to ensure that the website/app can operate properly, e.g. to save the state of the app or load your personal settings.
If the website/app has a log-in we use the local storage to remember you and to make sure that you can safely communicate with a SEPIA server. When you log-out or clear your browser/app cache all locally stored account data is deleted.
We do not use cookies to track user-statistics nor do we use any methods to send you personalized advertisements or create a profile of you.
</p>
<p><b>When using an official, public SEPIA server:</b>
When you use one of our servers and you registered via email we will send you a message to validate the email address before we activate your account. This is done to prevent abuse of our service by fake-accounts
and to give you the option to restore your account when you forgot your password. We will not use your email for anything else not even for a newsletter unless we need to inform you about critical changes to our service or security issues.<br>
To offer a personal assistant service we require access to your account data stored on our server and the data you submit on every request via our SEPIA client (e.g. input-text, user ID, device ID, location and local time).
This data is automatically analyzed by our algorithms to generate relevant results for you.<br>
Data stored in server logs (as mentioned in the previous section) is used to improve the overall quality of our services, e.g. commands that were not understood by SEPIA will be evaluated and used to improve the natural-language-understanding.
</p>
<h3>How We Share Your Information</h3>
<p><b>Websites and apps:</b>
Since we don't have access to locally stored data we cannot share it with anybody else.
</p>
<p><b>When using an official, public SEPIA server:</b>
Sometimes a small part of the data described in the previous section is sent to third-party cloud-services to fulfil your requests, for example:<br>
<i>"How is the weather today"</i> will use your current location and your local time to load data from a weather API.<br>
<i>"Where am I"</i> will open a map service with your current GPS coordinates (if available).<br>
Apart from that non of your data stored on our server will be shared with anybody unless we are forced to by law.
</p>
<h3>Our Use of Cookies and Other Tracking Mechanisms</h3>
<p>
We don't use cookies and we don't track you.
</p>
<h3>Third-Party Links</h3>
<p>
Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.
</p>
<h3>Security of My Personal Information</h3>
<p>
We have implemented safeguards to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware no data security measures can guarantee security.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, <b>signing off after using a shared computer</b>, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private.
</p>
<h3>Access To My Personal Information</h3>
<p>
All your personal information locally stored on our sites or apps can be viewed from inside the same and can be deleted by simply clearing your browser or app cache.<br>
When using an official, public SEPIA server you can use the tools we've supplied (together with the access data) to delete your account (if the function is not available in our SEPIA client) and remove all data related to your person.
</p>
<h3>Contact Us</h3>
If you have questions about the privacy aspects of our services or would like to make a complaint, please contact us at [email protected].
<h3>Changes to this Policy</h3>
This policy is current as of the effective date given above. We may change this policy from time to time, so please be sure to check back periodically.
We will post any changes to this policy via our services or an equally appropriate channel.
If you are using an official, public SEPIA server and we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will provide you with notice in advance of such change by highlighting the change via email notice.
</div>
</body>
<!-- JS -->
<script type="text/javascript" src="js/jquery-3.1.1.min.js" charset="UTF-8"></script>
<script>
function getURLParameter(name){
return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20'))||null
}
function endsWith(str, suffix) {
return str.indexOf(suffix, str.length - suffix.length) !== -1;
}
function getSepiaServerInfo(){
var host = getURLParameter("host") || getURLParameter("server") || "http://localhost:20726";
//TODO: this wont catch all valid combinations, but it's a start
if (host == "localhost") host = "http://localhost:20726";
if (!endsWith(host, "/sepia")) host += "/sepia";
if (!host.indexOf("http") == 0){
if ((host.indexOf("localhost") == 0) || (host.indexOf("192.") == 0)){
host = "http://" + host;
}else{
host = "https://" + host;
}
}
console.log("Host URL: " + host);
function success(data){
console.log('Got answer.');
$('#check-server-result').html("<br>" +
"<b>Checked server via:</b> " + host + "<br>" +
"<b>Name:</b> " + data.server + "<br>" +
"<b>Version:</b> " + data.version + "<br>" +
"<b>Policy:</b> " + data.privacy_policy + "<br>" +
"<b>Signature:</b> " + data.signature + "<br>"
);
}
function error(data){
console.log('Got error.');
$('#check-server-result').html("<br>" +
"<b>Checked server via:</b> " + host + "<br>" +
"Got <b>no result!</b> Please check your server settings or contact your host about problems with the configuration."
);
}
$.ajax({
dataType: "json",
url: (host + "/assist/validate"),
success: success,
error: error
});
}
</script>
</html>