-
Notifications
You must be signed in to change notification settings - Fork 19
Privacy Policy
Planetary is building a social network with better values.
We are committed to:
- Create a social network with no tolerance for abuse and harassment by design
- Minimize centralized data collection and respect our user’s privacy
- Build ways for content creators to be rewarded for their work on their own terms
- Be a part of a true public space that isn’t owned or controlled by any one corporation
- You owning your identity so you can move to another service if you don’t like our
Unlike other social networks which are designed to turn your private information into revenue, our goal is to collect as little information about you as we practically can, and make money by providing services that you actually want to use.
However, there is some information that we have to collect—and some that we’d like to collect with your permission—in order for our service to work as well as possible.
In this Privacy Policy, we explain what information we collect, store and when we share it. We also explain the controls you have over your data and how you can delete it.
We strongly recommend that you read this policy in full, but just in case you don’t have time, here are a few things we want to make sure everyone knows:
- Planetary is not designed for children and if you’re under 16 you can’t sign up. This is both because of laws in the EU and the US and also because we take our responsibility to protect children seriously.
- All social networks are about sharing your updates and information with other people and Planetary is no exception. If you write a post on Planetary it will be, by default, public and other people will be able to see it, react to it and share it with other people.
- Planetary works as part of a Distributed Social Network, based on a technology called “Secure Scuttlebutt”. This means—as with email and the web—that no one company can own or control the whole thing. And again, just like with e-mail, it means people may view your content on apps that we didn’t design and store it on servers that we don’t control. Always remember, as with anything you put on the internet, someone may choose to keep a copy of what you’ve said.
- There is some personal information we have to ask you for during sign-up for legal reasons - including a way to contact you and your date of birth. We try and keep this to a minimum. We’re not in the business of building big files on you to sell to advertisers.
- While we recommend you use your real name so your friends can find you, we don’t require that you do so. If you’d rather use a pseudonym or your non-legal name, that’s fine too.
- We collect some information about how people use the app so that we can spot problems, bugs and see whether features or content is popular. Generally, we do that in an anonymized fashion. If there are exceptions they’re listed explicitly in this document. Our feeling is that we don’t need to know people’s names to track that lots of people like a feature or are having a problem.
- There is some information that we receive automatically if you connect to our ‘pubs’ to get your content, including your IP address. We can’t do much about this—it’s how the internet works—but we try to keep it to a minimum.
- On Planetary and through our pub's that relay posts there is no tolerance for objectionable content or abusive users. We will block posts and accounts that engage in posting objectionable content or abusive behavior.
- If you have questions about this policy, what information we collect and how we use it, or anything else related to your data or privacy, you can contact us by mail or over the internet at any time. We want to hear from you!
Planetary is built on a technology called ‘Secure Scuttlebutt’ and works a bit differently from normal social networks. It’s important that you understand the differences.
Conventional social networks are normally run by one company and all your information is stored on their servers.
With a Distributed Social Network, all your publicly shared content is stored primarily in a ‘log’ in the app on your phone or computer, and then ‘replicated’ to people who want it. Often this goes via one or more ‘pubs’. These are servers online that keep a copy of your logs so that they’re accessible when your phone is offline. Anyone can run a pub. Sometimes one phone or computer will ask another phone or computer if they have copies of any new posts by the people they follow, and they’ll pass those messages along.
Other users can read or interact with your posts using any compatible piece of software.
In some ways, it’s a bit like email. Anyone can run a server or build an app and messages and posts will move between them, no matter which app they were written on or which company made it.
It’s these differences that mean that the network can’t be owned or controlled exclusively by any one company, it’s why it’s a true and open public space, it’s why it’s possible for any organization to build an app to access the network, and it’s why it’s resistant to centralized data collection and advertising. It also means, just like with email, that people may view your content on apps that we didn’t design and store it on servers that we don’t control.
It’s important to remember that while we can delete things for you from our servers, as with anything you put out on the public Internet, we can’t stop people keeping a copy or record of what you’ve said or shared elsewhere.
If you want to use Planetary, there’s some information we as a company just have to collect. This includes your Display Name (how you want people to see you on the network), your Date of Birth (to check it’s legal to provide you with our services), a way to contact you (a phone number or email address) and your ‘public identifier’ (a cryptographic key, similar to a bitcoin wallet address, which is the way you are technically identified on the network).
Your date of birth and contact details are only used internally and we will never be made publicly available.
There are some other bits of information that are stored on your phone which we intentionally don’t have access to - for example your ‘private key’ (which is like your password). If you lose that, we can’t recover it, so back it up!
Once you’ve created an account on Planetary, you will have a public profile that anyone can see if they know your ‘public identifier’ (basically your address). During sign-up you can choose to enhance that profile by writing a short bio, choosing a photo to represent yourself, or by adding links to your other social media profiles. You can change any of this information by following the links on your Profile page.
When you create an account you can also choose to be listed in our ‘User Directory’ which lets other people search for you by name, ‘public identifier’ or by an encrypted form of your contact information. If you change your mind later, you can add or remove yourself from the User Directory at any time from the ‘Settings’ screen.
When you write a post it will be—by default—public and potentially visible to anyone who knows its address as well as to anyone who is following you.
Each of your public posts contains more than just the content of your message. It also includes your Display name, a link to your profile, your ‘public identifier’ and the time the post was created. The same applies when you write a reply to someone else’s posts.
In addition the people you follow and who follow you, and the posts that you ‘like’ are all public information.
Again, please be careful about what you post on Planetary - particularly when you’re giving out sensitive information. We can update our servers when you edit your information and posts, and we can delete things at your request, but we can’t stop other people keeping a copy or record of the things you’ve said or shared.
Some of our users are able to see and use our private posts and messages features. These allow you to write a longer post that is only visible to certain people or to send a short message to one or more friends.
These messages are stored on your log and distributed to anyone who follows you, but are ‘end-to-end encrypted’ so that only the intended recipients are able to unlock and view them. We can’t see their content or any metadata information about who they were sent to.
It’s important to remember, though, that Scuttlebutt has strong cryptographic evidence of who says what and once your intended recipient has received the message, they can choose to share it unencrypted with whomever they want.
That can include sending it to us to report abuse or harassment, or sending it to law enforcement to report a crime. There are also circumstances where we’re legally required to pass on to law enforcement content that has been reported to us.
For these reasons—as always—you should be very careful about sending sensitive content via private posts and messages.
The first and most important reason we ask for your contact information—normally either your e-mail address or phone number—is so we can get in touch with you if there is a problem that we’re legally required to inform you about. For example, in the US, if we receive a formal notice from a copyright holder saying that you’re illegally distributing their content, we are required to make reasonable efforts to let you know. Similarly, under EU law we’re required to inform you if there’s a data breach on our systems.
We also use your contact information to confirm your identity if you contact us with concerns or problems about your account. For example, if you lose your key to your account and want us to delete its content from our servers, we need a way to confirm that you are the account’s rightful owner. In addition, we may use confirmed contact information to identify and shut down any secondary accounts of people who have engaged in spam or harassment or otherwise abused our service.
If you’ve given us your contact information, you agree that we can use it to send you important updates about Planetary and your account. We will never use this contact information to send you marketing materials unless you specifically agree for us to do so.
If you choose to be in our User Directory, then we’ll also use your contact information to help other people find you on Planetary. If they give us access to their Address Book, we will encrypt the data in it and match its records against our encrypted version of your contact details. If they match, we’ll direct them to your profile so they can choose whether or not to follow you.
Similarly, if you choose to give us access to your Address Book, we will encrypt that information (so that even we can’t access the original records) and match its contents against other users in our system.
If you email us, send us a help request or report abuse or a bug, we will keep the content of your message, your name and contact information on file so that we can respond to your concerns.
And finally, if you sign up for our newsletter, we will obviously need to keep your e-mail address and name on file so we can send it to you.
You can change your bio, your avatar image and any links you may have to other social media products on your profile at any time by going to your profile screen and tapping on the ‘Edit’ button.
If you’d like to change your visibility in the User Directory you can do so via the ‘Settings’ screen. From that screen you can also choose whether or not you’re okay sending us analytics and crash reports, which we use to make Planetary better.
If you’ve signed up for our newsletter and wish to stop receiving it, every e-mail includes an unsubscribe link.
Right now you can not delete any content you post on Planetary or with any other scuttlebutt client. We are working first on an ability to request the content behidden, but it will still exist on other people's devices. If you do a soft delete we will hide it from our servers and Planetary clients but it won't remove it from the device.
The way deletion works on a Distributed Social Network is that we remove your content from our servers and tell all the other peers and servers that you use that they should remove their content too. Please remember though—as with all other internet products—once you’ve put something out there we can’t stop people keeping a copy or a record of what you’ve said. Until we upgrade our feed format the actual text of your posts will be hidden from display but not deleted. Other scuttlebutt applications will continue to see the content you've flagged for deletion.
We are committed to make it easy for you to take your content, friends and all your account details to another Scuttlebutt-compatible service or app if you don’t like Planetary or our policies. To transfer to another service, all you need is your public identifier and your private key. You can access those via the Settings menu.
When you put these into another Scuttlebutt client, that app will look online for all the content you’ve created and attempt to rebuild your account automatically.
It’s very important that you don’t have the same account running on two separate applications at the same time as this can lead to problems with your log.
Beyond the limited amount of information we need for legal reasons and the user directory and the content you create in public—which will most likely be replicated on our servers—we make considerable efforts to not collect vast stores of information about you or the things you interact with.
However there is some information we need to be able to operate Planetary.
By default, Planetary keeps log data of people’s use of the app and the device that it’s running on as well as when there’s a crash or error reported. We use this data so that we can see how the app is functioning, spot problems and know which parts of the service people use or don’t use.
We keep this information anonymized though - our feeling is that we don’t need to know your name to track that lots of people like a feature or are having a problem.
On occasion you may choose to file a report of abusive behavior or a bug on Planetary. In those circumstances we keep the content of your report, a log of the problem or a copy of the content being reported, as well as your name, public identifier and contact details so we can respond to your concern.
It’s possible that someone else may report your content for abuse or harassment or as a violation of our rules. If that happens, we will keep a record of that complaint along with any associated content for our records.
Again, our goal is to collect as little information about you as we practically can, and make money by providing services that you actually want to use. But there is some data sharing that is necessary for us to run Planetary.
Again, Planetary works fundamentally differently to mainstream social networks. That means that your public content will get automatically ‘replicated’ to servers and to other apps that we don’t own or control. This is core to making it an open environment—a true public—that no one company can control.
In many ways this is more similar to how the web works (you can build a webpage that is public and can be accessed by a variety of different browsers made by different people) or how email works (you send a message that travels across different servers run by different people, and can be read on a variety of applications) than it is to how services like Twitter or Facebook work.
There is of course some information that we never share with third-parties, including your date of birth and your contact information.
We use a variety of third-party services to help us operate our services. We use tools like Asana and Slack to manage our work, services like Zendesk, Mixpanel to manage analytics and our bug and abuse reporting, and services provided by companies like Amazon and Google to help us host our relay servers (pubs).
We may share your private personal data with service providers like these in the course of our work subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that these third parties use your private personal data only on our behalf and pursuant to our instructions.
Whatever else it says in this Privacy Policy, if we believe it is reasonably necessary to save, use or disclose your personal data to comply with laws, regulations, legal processes or governmental requests, then we will do so. The same applies if we think it’s reasonably necessary to protect someone’s safety or to protect them from fraud, or to keep our services secure, or to stop abusive, malicious or spamming behavior on our platform. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may ave to a third party’s—including a government’s—request to disclose your personal data.
We have to bear in mind the possibility that the company at some point might go bankrupt, merge with another company, be acquired, or its assets might be sold. Under such circumstances, the limited personal data we store about you may be sold or transferred as part of that transaction. This Privacy Policy will still apply to your personal data.
You can change your profile data by going to your profile page in the app and tapping on ‘Edit Profile’. You can change your profile image on the same screen. If you want to remove yourself from the user directory, you can do that from the Settings screen.
You can delete any post you’ve written at any time. As always, remember that while we can remove this content from your log, from our servers and from our applications, we can’t stop someone else keeping a copy of what you’ve written.
Deleting the application from your phone will not remove your content from the Internet, and if you lose your private key, you may not be able to ever remove it - so please be careful and keep a back-up of it.
We retain information collected for analytics or error reporting purposes for a maximum of 18 months.
One of our core commitments is to make it easy for you to move your identity to another service if you decide you don’t like ours.
To do this, access your private key from your Settings menu. Copy that key and input it into a compatible Scuttlebutt-based application (Scuttlebutt applications) and then delete the Planetary application from your phone. Please don’t try and run two applications with the same key in them at the same time as there is a significant risk of corrupting your log.
We want Planetary to be a free and open environment for adults, and just like in the real world, that means on occasion that some parts of it might not be suitable for children.
The law in many countries recognises this too as well as indicating that children under sixteen may not be old enough to understand the consequences - and legally consent - to the processing of their personal data. For these reasons, we do not allow children under sixteen to use Planetary.
Planetary is an American corporation primarily operating in the United States and our servers are located there. Where the laws of your country allow you to do so, you authorize us to transfer, store and use the data we’ve described above in the United States and any other country where we operate.
Remember as always that Planetary works as part of a Distributed Social Network where anyone can run a server or build an app to access it. Just like with email, your content and log data will leave our servers and be replicated to people who request or access it, wherever they are in the world.
On occasion it’s necessary for us to revise this Privacy Policy to keep it up to date with what we’re doing and the law. The most current version of the policy is always the one that describes how we handle your personal data and will always be available at http://planetary.social/privacy and within the Planetary app inside the Help and Support section.
If we make a change to this policy that in our discretion is material, we will notify you within the Planetary application or via your contact details. Sorry in advance for the legalese, but by continuing to access your account or use any of Planetary’s services after those changes become effective, you agree to be bound by the revised Privacy Policy.
If you have questions about this Privacy Policy, what information we collect and how it is used and distributed - or anything else related to your data or privacy, you can contact us at any time. Our e-mail address is [email protected] and our physical address is:
Verse Communications Inc.
2903 SE Ivon St
Portland
Oregon
97202
Planetary: Resilient technology for human connection