TurnKey Linux Virtual Appliance Library

Time for a human readable privacy policy?

Up until now TurnKey hasn't had an explicit privacy policy, and that seemed ok because no one ever asked about it. But now that the latest release integrates TurnKey appliances more closely with the TurnKey Hub (e.g., TKLBAM, geo-ip auto apt mirror) and the Hub gets access to sensitive data as part of its normal operation, I felt it was about time we gave this some more thought.

On the other hand, even though we didn't have an explicit privacy policy before I do feel our adoption of the Ubuntu Code of Conduct gave us an implicity privacy policy by making it clear we respect our users and expect them to respect us, and each other, in return.

To put it bluntly, we don't need no stinking privacy policy to avoid breaking your trust. But sometimes it doesn't hurt to spell things out and dispell any doubts. For the record. Here's what I came up with...

Short, to the point and in plain English: we don't like to read 20 page privacy policies full of opaque legalese, so we're not going to make you read one of those either.

We follow the golden rule: we promise to treat your private data with the same respect we would like our private data to be treated. In a nutshell, that means we're not going to give anyone access to your private data unless you ask us to. With one exception: if we're served a court warrant in the proper jurisdiction, we're not going to jail for you, but we will notify you, if we're legally allowed. Note that we've never received a court warrant and we'd like it to stay that way.

We hate spam: so we're not going to spam you or share your e-mail address with anyone. If you suspect otherwise you're invited to register with a unique e-mail address (e.g., used only with TurnKey) and complain loudly if anything fishy happens.

We take security extremely seriously: that means we take special precautions to protect your private data (and ours!). Guided by a healthy dose of paranoia, we place our trust in redundant multi-layered security, strong passwords, high-grade encryption, manual code auditing and automatic security scanning tools. We keep our servers up-to-date with security patches, firewall off unnecessary ports, minimize dependencies between systems to increase robustness and avoid accessing anything sensitive from clients running proprietary operating systems. "Better safe than sorry."

We collect the usual: we use cookies to authenticate user sessions, log web server requests and use Google Analytics to collect and examine aggregate usage statistics which help us understand how users interact with the web site.

We're listening: if you think there is some way we can help improve your privacy, let us know!

What do you think?

You can get future posts delivered by email or good old-fashioned RSS.
TurnKey also has a presence on Google+, Twitter and Facebook.

Comments

Good - most PPs are actually "non-Privacy Policies"

Most of the time these 20 page legalese documents are there to allow the organization the free will to do whatever they want with your data/information as long as they follow whatever laws they want to or what they've been caught breaking.

Liraz Siri's picture

Hmm, wouldn't that imply intentional deception?

If an organization doesn't have a privacy policy, they're not making any promises on what they will or won't do with the data they collect. They can do whatever they want with the data by default.

In my mind the only legitimate use for a privacy policy is to pledge self-restraint. I'd be mighty suspicious of an organization that posts a "privacy" policy that leaves enough holes in it to drive a truck through. If you're not committed to privacy, better not to promise anything at all.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)