From e6cd4318380f1df74afff3d753d891d4bc6b7d93 Mon Sep 17 00:00:00 2001 From: M66B Date: Sat, 18 Nov 2023 07:52:39 +0100 Subject: [PATCH] Reformatted privacy policy --- PRIVACY.md | 43 +++++---- app/build.gradle | 5 + privacy.css | 8 ++ privacy.html | 236 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 274 insertions(+), 18 deletions(-) create mode 100644 privacy.css create mode 100644 privacy.html diff --git a/PRIVACY.md b/PRIVACY.md index 147d406168..19780b3d8e 100644 --- a/PRIVACY.md +++ b/PRIVACY.md @@ -1,4 +1,9 @@ -# Privacy policy + + + +Provided by [FairCode B.V.](https://www.faircode.eu/) + +## Privacy policy [🌎 Google Translate](https://translate.google.com/translate?hl=&sl=en&u=https%3A%2F%2Fraw.githubusercontent.com%2FM66B%2FFairEmail%2Fmaster%2FPRIVACY.md) @@ -13,7 +18,9 @@ Error reports will automatically be deleted after one month, or earlier upon req Data will **never** be sold or shared in any way. -## Overview +
+ +### Overview FairEmail **does not** send account information and message data elsewhere than to your email provider. @@ -66,7 +73,7 @@ FairEmail **is** [GDPR compliant](https://gdpr.eu/).
-## Summary of shared data +### Summary of shared data This table provides a complete overview of all shared data and the conditions under which data will be shared: @@ -103,7 +110,7 @@ There is a privacy option to minimize the information being sent, but please be
-## Definitions of terms +### Definitions of terms This section defines some terms and words. Knowing those terms will help you understand the following sections. @@ -117,7 +124,7 @@ Knowing those terms will help you understand the following sections.
-## Contact details +### Contact details Please feel free to contact me if you have any concerns: @@ -136,26 +143,26 @@ For any legal issues, the place of jurisdiction is Dordrecht, the Netherlands.
-## A. General information on data processing +### A. General information on data processing -### I. Scope of personal data processing +#### I. Scope of personal data processing This privacy policy / data protection declaration applies to the Android app FairEmail. The data processor only processes personal data insofar as absolutely required for providing a functioning email client as well as the explicitly requested services. Users' personal data is usually only processed if required for fulfilling contractual or legal obligations or with the user's consent. -### II Purpose of data processing +#### II Purpose of data processing The purpose of any data processed is to provide you with the service requested. The app by default exclusively processes data that is necessary for the proper functioning of the app and its intended purpose of being an email client. -### III. Data storage and data deletion +#### III. Data storage and data deletion By default, all data (both personal and non-personal) remains on the data subject's Android device for as long as not explicitly sent or shared by the data subject. The data stored on the data subject's device can be deleted by the data subject at any time. -### IV. Sub-processors +#### IV. Sub-processors The services of all sub-processors are disabled by default. The data subject's data is sent to and processed by sub-processors if and only if explicitly enabled or requested by the data subject. @@ -164,43 +171,43 @@ The sub-processors are: * [Bugsnag](https://www.bugsnag.com/) – [Privacy policy](https://docs.bugsnag.com/legal/privacy-policy/) -### V. Permissions +#### V. Permissions The app only requests permissions that are necessary for the expected behavior of an email app. For more information on permissions, see [this FAQ](https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq1). -### VI. Logging +#### VI. Logging The app does not send any log entries to the data processor by default. The error reporting system utilizes Bugsnag and is disabled by default. See [this FAQ](https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq104) for more information. -### VII. Legal basis +#### VII. Legal basis FairEmail is fully [GDPR compliant](https://gdpr.eu/). The legal basis for any data processing is Art. 6 (1) a - c GDPR.
-## B. Support requests +### B. Support requests -### I. Description and scope of data processing +#### I. Description and scope of data processing The data subject may contact the data processor to request support through channels offered by the data processor. When the data subject contacts the data processor, any provided personal data is stored by the data controller. -### II. Purpose of data processing +#### II. Purpose of data processing The personal data is exclusively processed for finding a specific solution to support queries whilst recording and/or processing them. It is essential in this respect for the data controller to be able to contact the person requesting support. -### III. Sub-processors +#### III. Sub-processors The data processor utilizes the services of the following sub-processors in order to process support requests: * Google LLC, if support request sent via email – [Privacy policy](https://policies.google.com/privacy?hl=en) * Amazon Web Services EMEA SARL, if support request sent via the contact form – [Privacy policy](https://aws.amazon.com/privacy/) -### IV. Legal basis +#### IV. Legal basis Any support requests are sent voluntarily by the data subject, including any personal data that might be attached. As such, the explicit consent as outlined in Art. 6 (1) a GDPR forms the legal basis for processing. diff --git a/app/build.gradle b/app/build.gradle index a425969e9e..7f491cc72b 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -392,6 +392,11 @@ task updateFAQ(type: Exec) { commandLine 'sh', '-c', 'pandoc --standalone --metadata title="FAQ FairEmail" FAQ.md -o index.html' } +task updatePrivacy(type: Exec) { + workingDir "${rootDir}" + commandLine 'sh', '-c', 'pandoc --standalone --metadata title="FairEmail" --css=privacy.css PRIVACY.md -o privacy.html' +} + task downloadPSL(type: Download) { // https://github.com/michel-kraemer/gradle-download-task src "https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat" diff --git a/privacy.css b/privacy.css new file mode 100644 index 0000000000..86c0c366a6 --- /dev/null +++ b/privacy.css @@ -0,0 +1,8 @@ +table, th, td { + border: 1px solid black; + border-collapse: collapse; +} + +td { + padding: 3px; +} diff --git a/privacy.html b/privacy.html new file mode 100644 index 0000000000..ec332c6d68 --- /dev/null +++ b/privacy.html @@ -0,0 +1,236 @@ + + + + + + + FairEmail + + + + +
+

FairEmail

+
+

+

Provided by FairCode B.V.

+

Privacy policy

+

🌎 Google Translate

+


+

First of all, FairEmail’s main goal is to help you protect your privacy. What follows is a complete overview of all the data that can be sent to the internet, which in the end is always your choice and therefore optional (except of course connecting to the email server).

+

Except for error reports (disabled by default), the app does not send any data to the developer. Error reports will automatically be deleted after one month, or earlier upon request.

+

Data will never be sold or shared in any way.

+


+

Overview

+

FairEmail does not send account information and message data elsewhere than to your email provider.

+

FairEmail does not allow other apps access to message data without your approval.

+

FairEmail does not require unnecessary permissions. For more information on permissions, see this FAQ.

+

FairEmail does use modern and secure transport protocols by default.

+

Android encrypts all user data by default, so all data, including account credentials, is stored encrypted by default.

+

FairEmail does follow the recommendations of this EFF article.

+

FairEmail is 100 % open source, see the license.

+

Error reporting via Bugsnag is opt-in, see here for more information.

+

FairEmail adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google API Services are used only to authenticate Gmail accounts through OAuth.

+

The use of information received from Gmail APIs will adhere to the Google User Data Policy, including the Limited Use requirements."

+

FairEmail can use these services if they are explicitly enabled (off by default) or are explicitly used by you:

+ +

FairEmail can access the websites at the domain names of email addresses (username@domain.name) if Brand Indicators for Message Identification (BIMI) or favicons were explicitly enabled (off by default).

+

FairEmail will access the website at the link address if you tap the Fetch title button in the insert link dialog (from version 1.1905).

+

FairEmail obviously will access the configured email servers.

+

FairEmail is GDPR compliant.

+


+

Summary of shared data

+

This table provides a complete overview of all shared data and the conditions under which data will be shared:

+ +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Service/functionData sentWhen the data will be sent
Mozilla autoconfigDomain name of email address of email accountsUpon configuring an email account with the quick setup wizard
Email serverLogin credentials (email address/password), messages sentUpon configuring and using an account or identity and upon sending messages
ipinfo.ioIP (network) address of domain names of links or email addressesUpon pressing a button in the link confirmation dialog
SpamhausIP (network) address of domain names of links or email addressesIf spam blocklists are enabled, upon receiving a message
SpamcopIP (network) address of domain names of links or email addressesIf spam blocklists are enabled, upon receiving a message
BarracudaIP (network) address of domain names of links or email addressesIf spam blocklists are enabled, upon receiving a message
DeepLReceived or entered message text and target language codeIf translating is enabled, upon pressing a translate button
LanguageToolEntered message textsIf LanguageTools is enabled, upon long pressing the save draft button
VirusTotalSHA-256 hash of attachmentsIf VirusTotal is enabled, upon long pressing a scan button (*)
VirusTotalAttached file contentsIf VirusTotal is enabled, upon long pressing an upload button (*)
OpenAIReceived and entered message textsUpen pressing a button in a navigation bar (*)
GravatarMD5 hash of email addressesIf Gravatars are enabled, upon receiving a message (*)
LibravatarMD5 hash of email addressesIf Libravatars are enabled, upon receiving a message (*)
GitHubNone, but see the remarks belowUpon downloading Disconnect’s Tracker Protection lists
Upon checking for updates (*)
BIMIDomain name of email addressesIf BIMI is enabled, upon receiving a message (*)
FaviconsDomain name of email addressesIf favicons are enabled, upon receiving a message (*)
Link titleLink addressUpon pressing a download button in the insert link dialog
BugsnagInformation about warnings and errorsIf error reporting is enabled, upon detecting an abnormal situation
+

(*) Only available in the GitHub version of the app

+

All data is sent to improve the user experience in some way, like to simplify account setup, identify spam and malicious messages, display message and sender information, find bugs and errors, etc.

+

Note that any internet connection reveals your current network address. Also, when downloading content, like images and files, the browser’s user agent string will be sent. There is a privacy option to minimize the information being sent, but please be aware that this can result in problems in some cases.

+


+

Definitions of terms

+

This section defines some terms and words. Knowing those terms will help you understand the following sections.

+ +


+

Contact details

+

Please feel free to contact me if you have any concerns:

+
FairCode BV
+Represented by the managing director Marcel Bokhorst
+Van Doesburg-Erf 194
+3315 RG Dordrecht
+the Netherlands
+marcel+privacy@faircode.eu
+

FairCode BV is the data controller. Its data protection officer is Marcel Bokhorst, reachable via the aforementioned address. For any legal issues, the place of jurisdiction is Dordrecht, the Netherlands.

+


+

A. General information on data processing

+

I. Scope of personal data processing

+

This privacy policy / data protection declaration applies to the Android app FairEmail.

+

The data processor only processes personal data insofar as absolutely required for providing a functioning email client as well as the explicitly requested services. Users’ personal data is usually only processed if required for fulfilling contractual or legal obligations or with the user’s consent.

+

II Purpose of data processing

+

The purpose of any data processed is to provide you with the service requested. The app by default exclusively processes data that is necessary for the proper functioning of the app and its intended purpose of being an email client.

+

III. Data storage and data deletion

+

By default, all data (both personal and non-personal) remains on the data subject’s Android device for as long as not explicitly sent or shared by the data subject. The data stored on the data subject’s device can be deleted by the data subject at any time.

+

IV. Sub-processors

+

The services of all sub-processors are disabled by default. The data subject’s data is sent to and processed by sub-processors if and only if explicitly enabled or requested by the data subject.

+

The sub-processors are:

+ +

V. Permissions

+

The app only requests permissions that are necessary for the expected behavior of an email app. For more information on permissions, see this FAQ.

+

VI. Logging

+

The app does not send any log entries to the data processor by default. The error reporting system utilizes Bugsnag and is disabled by default. See this FAQ for more information.

+ +

FairEmail is fully GDPR compliant. The legal basis for any data processing is Art. 6 (1) a - c GDPR.

+


+

B. Support requests

+

I. Description and scope of data processing

+

The data subject may contact the data processor to request support through channels offered by the data processor. When the data subject contacts the data processor, any provided personal data is stored by the data controller.

+

II. Purpose of data processing

+

The personal data is exclusively processed for finding a specific solution to support queries whilst recording and/or processing them. It is essential in this respect for the data controller to be able to contact the person requesting support.

+

III. Sub-processors

+

The data processor utilizes the services of the following sub-processors in order to process support requests:

+ + +

Any support requests are sent voluntarily by the data subject, including any personal data that might be attached. As such, the explicit consent as outlined in Art. 6 (1) a GDPR forms the legal basis for processing.

+

Copyright © 2018-2023 Marcel Bokhorst.

+ +