Time for a human readable privacy policy?

Up until now TurnKey hasn't had an explicit privacy policy, and that seemed ok because no one ever asked about it. But now that the latest release integrates TurnKey appliances more closely with the TurnKey Hub (e.g., TKLBAM, geo-ip auto apt mirror) and the Hub gets access to sensitive data as part of its normal operation, I felt it was about time we gave this some more thought.

On the other hand, even though we didn't have an explicit privacy policy before I do feel our adoption of the Ubuntu Code of Conduct gave us an implicity privacy policy by making it clear we respect our users and expect them to respect us, and each other, in return.

To put it bluntly, we don't need no stinking privacy policy to avoid breaking your trust. But sometimes it doesn't hurt to spell things out and dispell any doubts. For the record. Here's what I came up with...

Short, to the point and in plain English: we don't like to read 20 page privacy policies full of opaque legalese, so we're not going to make you read one of those either.

We follow the golden rule: we promise to treat your private data with the same respect we would like our private data to be treated. In a nutshell, that means we're not going to give anyone access to your private data unless you ask us to. With one exception: if we're served a court warrant in the proper jurisdiction, we're not going to jail for you, but we will notify you, if we're legally allowed. Note that we've never received a court warrant and we'd like it to stay that way.

We hate spam: so we're not going to spam you or share your e-mail address with anyone. If you suspect otherwise you're invited to register with a unique e-mail address (e.g., used only with TurnKey) and complain loudly if anything fishy happens.

We take security extremely seriously: that means we take special precautions to protect your private data (and ours!). Guided by a healthy dose of paranoia, we place our trust in redundant multi-layered security, strong passwords, high-grade encryption, manual code auditing and automatic security scanning tools. We keep our servers up-to-date with security patches, firewall off unnecessary ports, minimize dependencies between systems to increase robustness and avoid accessing anything sensitive from clients running proprietary operating systems. "Better safe than sorry."

We collect the usual: we use cookies to authenticate user sessions, log web server requests and use Google Analytics to collect and examine aggregate usage statistics which help us understand how users interact with the web site.

We're listening: if you think there is some way we can help improve your privacy, let us know!

What do you think?

Add new comment