Hi Martin, please see below for a few suggested changes and questions: -> Users may be asked for their name and email address, as appropriate. -> Users can always refuse to supply personally identifying information Isn't the IP address personally identifying info, too? It's saved on the server in conjunction with the sessions. -> We may need your information to display content on the Site correctly. Should this be a new item? Or should this be removed? requests and support needs more efficiently. Customer service?... -> If a User decides to opt-in Does this need a short news item? Kind Regards, Maren Am 03.06.2016 um 22:21 schrieb Martin Owens:

On Fri, Jun 03, 2016 at 10:36:25PM +0200, Maren Hachmann wrote: Couldn't hurt. Speaking of news items, would be nice to start doing news items for subsequent pre-releases. Also please do a short news item about the forum community being established. Bryce

On Fri, Jun 03, 2016 at 04:21:35PM -0400, Martin Owens wrote: Sure here's a few suggested changes: https://inkscape.org Probably we should also link at the top to privacy policies of OSUOSL and maybe of the Software Conservancy? Both those organizations seem relevant to our processes. This sentence feels a bit choppy, would this flow better? We may collect personal identification information from a User in a variety of ways, including activities, services, and resources such as, but not limited to: visiting our site, filling out forms, and responding to surveys. Perhaps the "activities, services, and resources" bit could be dropped to make it more concise, I'm not sure what that adds exactly. I'm not sure the differentiation between general and technical information is necessary. Maybe simplify this a bit to: Non-personal identification information may include the browser name, the type of computer, operating system, country, default language, and similar information. Grammar is a bit horky here, how about: Our Site uses “cookies” to enhance the User's experience. The User’s web browser places cookies on their hard drive for record-keeping and tracking purposes. The User may set their web browser to refuse cookies, or to alert them when cookies are being sent. If they do so, note that some parts of the Site may not function properly. Or else rephrase it to use 'you' and 'your' instead of 'the User'. But either way, the document should use the address consistently throughout. I'm betting we know more specifically what will break if cookies aren't in use (e.g. all logged in functionality), and we could strengthen this section by indicating a little more explicitly what will break. The "We may use ..." could be dropped and just make each item start with "To ..." This will be more concise and readable IMHO. This section gives kind of a non-answer, "We protect your information using great information protection methods." :-) How are passwords handled? Are they encrypted and stored? What encryption algorithm? Or do we just hash them and not store them? Note here that OSUOSL runs our hardware and does administration. I assume the Inkscape admin team also has administrative access to the database at least; that is worth mentioning. Can the Inkscape admins also install software to the hardware that could intercept passwords or other personal information, or is that also limited also just to OSUOSL? The second sentence of this, regarding generic aggregated demographic information, should be dropped. We don't do that nor do I think we have any intent or plans to do that. If some day we do want to do that, then we should rev this document and raise visibility to the effect. Instead this could mention that information related to their user account may be visible to other users who access the site. or the User may Also link 'contact us' to the same link as in the Contact Us section at the bottom. When we do, we will post a notification on the main page of our Site and revise the updated date at the bottom of this page. Note the contact us link appears not to be terminated, and is linkifying the update date too. Other idle thoughts, which may or may not be of relevance for this doc but might be worth considering: * Should we address our policy allowing use of pseudonyms in usernames? * Are there any extra personal information implications that our voting system brings up? I.e. might we require verifyable identification data for voting rights? * Sometimes we have contests or award items, for which we require a mailing address. This doesn't need to be their home address - a P.O. box or place of employment or a trusted third party of their choice would be acceptable in most cases, just somewhere they can receive packages. This is also opt-in but if they choose not to opt-in they may be ineligible to receive the rewards. * Board membership requires we have the person's legal name (which we endeavor to keep private, and AFAICT don't show or store on the website). * Posting of other people's personal information to any public area on our site is not permitted without that person's consent, and is cause for revoking access and/or removing their content from the site. * Inkscape may fund development activities or reimburse individuals for expenses or similar. Payments for these things will require some banking information (or postal address for sending checks), but this information is not required by Inkscape or its administrators; instead the User will be directed to provide it to the Software Conservancy, who will cut the checks or conduct the money transfer directly with the User. * Certain services on the website permit the User to upload files including but not limited to written text, rendered artwork (PNG, etc.), and source artwork (SVG, etc.) It is assumed by the uploading of the data that the intent is for it to be shared; we provide tagging mechanisms for allowing the User to specify a license to govern the sharing of this data. Apart from the license, no promises of non-disclosure are provided for material uploaded to the site. Thanks for tackling this. Bryce