wilw/treadl
wilw/treadl
3
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Page: Privacy Policy
Pages
Data Protection Documentation Editing patterns Groups Home Illegal Content Risk Assessment v2025.01 Online Safety Policy Online Safety Privacy Policy Projects Terms of Use
3 Privacy Policy
Will Webberley edited this page 2025-02-03 17:14:56 +00:00
Unescape Escape
Table of Contents
This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Privacy Policy

This policy is designed to be accessible, understandable, and easy to read without legal and other jargon. If you have any comments, questions, or concerns about this policy, please get in touch with us by emailing hello@treadl.com.

This document will have slight changes made to it occasionally. Please refer back to it from time to time.

Important: this policy refers specifically to the version of Treadl running at treadl.com (and subdomains). We refer to this as "the service" or often simply just "Treadl", "us", "we", etc. Treadl is open-source software and can be run by anyone and be called anything. Other "instances" of "Treadl" should have their own privacy policy in place that is suitable to that instance.

This policy governs the use and protection of personal data of people (users, you, etc.) using Treadl.

Data protection refers to the responsible security of personal data and transparency in the way we handle and process such data. Personal data is information that - on its own or in conjunction with other data - can be used to identify an individual person. With respect to the UK General Data Protection Regulation (GDPR), Treadl acts as data controller for the data you provide through using our services.

Complaints

If you would like to complain about this policy, or how we may have treated a request from you with respect to data protection, then please get in touch with us in the first case so that we can help rectify the problem. In other cases, you may also want to get in touch with the Information Commissioners Office (ICO), who may be able to provide you with more information and support. Their website is at https://ico.org.uk.

When does Treadl collect data, and what data does it collect?

When visiting and browsing our website

When you visit us using a web browser, we collect some data about your computer and the way our services are used by you, even if you don't have an account. We do not collect your name or other personal details about you at this stage, but we may process information such as your computing devices country and details about your browser and where you arrived at Treadl from. We do this for observing aggregated usage of our services, so that we can better understand how to improve our services for their audiences. The legal basis for processing this data is a legitimate interest in recording aggregated analytics data for improvement purposes and to see how often people visit our website.

In these cases, we may process:

  • Your device's information (operating system, browser, etc.)
  • Your network information (IP address)

When sending us an email

Sometimes you may wish to send an email to us or reply to an email we have sent you. Any emails received will be treated in confidence and kept securely. Strong passwords and multi-factor authentication is implemented on all email accounts that can receive such emails.

In these cases, we will process:

  • Your email address
  • Any other information you include in your email headers or body (e.g. your name)

When signing-up for a Treadl account

Treadl allows you to register for an account. This is the primary way by which we collect personal data from you, since such data is needed in order to identify you when you want to login and use these services. We may also use your email address to update you on platform updates and notifications, which you can control. When signing-up we collect an email address, username, and password. Once registered, you can choose to fill in additional profile data, such as social media links, a bio, and more. We ask for consent to this policy when creating an account, and the legal basis for processing this data is a legitimate interest in being able to provide services to you.

In these cases, we will process:

  • Your email address
  • Your username and password

When using Treadl

Posts, content, comments, patterns, files and any other data you add to or upload to Treadl as part of its standard use are also collected. This is for the purposes of providing services to you. To use Treadl, you will have provided consent to this policy during the registration process, and the legal basis for processing this data is a legitimate interest in being able to provide core services to you.

In these cases, we may process:

  • Optional profile information you choose to provide (e.g. a bio, avatar image, location, and links to your website or social feeds)
  • The names, descriptions, settings, and other information about projects you create
  • The names, descriptions, settings, and other information about the contents of your projects
  • Files you upload (e.g. user avatar images and project files)
    • Please note that Treadl does not post-process these files and they are stored as they are provided.
  • Comments you write about projects or project items

When submitting a complaint or report

Treadl offers the facility to submit complaints or reports about content or actions taken by administrators on Treadl. This is in-line with our requirements under the UK Online Safety Act and our Online Safety Policy.

In these cases, we may process:

  • The information about your complaint
  • Your email address, if you optionally choose to provide it

Who has access to your data?

Staff operating Treadl can view accounts and account data. This is with the exception of passwords, which are fully encrypted.

Other users and visitors to Treadl will also be able to see the profile data and content that you have made public. Your username and other profile data is always available to other people (for example, if you share a link to your profile).

In order to provide access to our services to users, we also sometimes need to pass pieces of your personal data to third-party services (known as ' data processors' or 'subprocessors' for the purposes of the GDPR). We only ever do this when this is directly related to providing the service to you, and we only send the minimum amount of information required. We ensure that the processors' own privacy policies follow suitable data protection practices. Our current data processors are:

  • Mailgun (for sending mail, such as notifications and account information).
    • We provide Mailgun with your email address so that the mail can be delivered.
  • Backblaze (for backing-up all Treadl data)
    • All data is encrypted by Treadl before being sent to Backblaze.

Treadl runs on Linode servers and object storage, and uses BunnyCDN to serve static content.

How long do we keep your data for?

We keep your account data (email and username) and content produced by your account (e.g. posts, comments, projects) for as long as your account is active. You can fully and irreversibly delete your account (and its associated data) at any time.

Content you've created can also be deleted at any time without affecting your account.

Please note that data held in backup systems may be stored for up to an additional 30 days after content is deleted.

Where is your data stored?

Our databases and servers are based in the UK, and so your data will primarily be stored and processed within the UK. We use Mailgun's EU servers for transmitting mail. We use Backblaze's EU servers for our backups.

How do we protect your data?

All data is encrypted during transmission (e.g. between your device and our servers, and between our servers), and when stored ("encrypted at rest"). Our servers are well-protected with industry standard security measures.

Cookies

Treadl does not use or store cookies on your computer.

If you login or register an account on Treadl, we store a small amount of data in your browser's "local storage". This data is strictly necessary to enable you to login to your account and to securely access and make changes to your account and your content.

Child safety

Children under the age of 18 are not allowed to use Treadl or to provide us with personal data. As such, we do not knowingly store or process personal data relating to children.

If a user account or content is created and suspected to be originated from a child, it may be removed.

Your rights

We take the handling of personal data very seriously, and we want to make sure that you are aware of your rights under this policy. If your wish to invoke your rights requires us to complete some action on your behalf (for example, to stop processing your data), then we will always deal with your request in total confidence, at no cost, and as soon as we can (within 30 days of receiving your request).

Right to be informed

You have a right to know about how we handle and process your personal data. This Privacy Policy aims to fulfil this Right, but please email us if you have further questions or concerns.

Right of access

You have a right to know if we store or process your personal data and to obtain access to the personal data about you that we, or any data processors that process data on our behalf, have about you. To obtain this information, please email us.

Right to rectification

You have a right to have personal data we keep or process about you rectified. If data we have about you is incorrect or incomplete, then please email us with details of any corrections to be made. Alternatively, you can make use of account and profile settings in Treadl to make your changes.

Right to erasure

You have the right to have all of your personal data erased, which will prevent any further storage or processing any of your personal data on our behalf, and will sometimes result in a necessary deletion of any accounts you hold with us. In many cases, deleting any accounts you hold with us will erase your details. However, if you wish to make sure of this, then please email us with details of your request.

Right to restrict processing

You have the right to halt the processing of your personal data in the way that you choose. For example, you may wish to maintain an account with us but no longer want us to use one of our data processors to process your data. To restrict the processing of your personal data, please email us with details of your request.

Please note that in some cases it may not be possible to restrict processing whilst still providing services to you.

Right to data portability

You have the right to obtain personal data we have or process about you in a format that is useful to you for the purposes of portability. We can provide data to you in the following formats:

  • CSV
  • JSON

Please email us with details of your request.

Right to object

You have a right to object to the processing of your personal data in particular ways. For example, for marketing or profiling purposes. If you would like to object to our processing of your data, then please email us.

Rights related to automated decision making including profiling

We do not use personal data for automated decision making, and do not use such data for profiling users. Additionally, any processing done for analytics and reporting is done on an entirely anonymous basis. For more information or if you have any concerns, please email us.

Wiki Contents