Sunday, 28 November 2021
This document describes how onRadr processes your data. It's written in plain English so you could have a full understanding of what we do and what we don't do.
This Policy reflects our Manifesto. We encourage you to check all changes that might happen to this Policy in the future. However, we will make sure that future versions of this document would also conform to the Manifesto, so you can skip this task, if you don't want to spend your time on it and are OK with the Manifesto.
What we collect
What gets public
Whatever you say about yourself in your profile, or whatever you post to your feed is public (except your email address), gets equally visible to onRadr registered users, anonymous site visitors or onRadr staff.
We do not verify any information in your profile except your email address, which is used for communication. Verified accounts might be introduced in the future as a premium feature, though.
We only index posts
We do index your posts in order to make searches faster, and this index is not used for anything else but the search.
Comments and votes are public
Your comments and votes for the posts are as public as the posts themselves.
Your direct messages are private and only shown to you and your peers. Use this feature at any time you want to communicate something in private, but please remember that this channel of communication is currently not encrypted. Please use specialized messengers for really secured communication.
We are not checking your content for copyrighted material, so you are yourself responsible for complying with intellectual property legislation.
We are not using or even extracting any metadata you might have in your content (like DC tags or location for images) unless you ask us explicitly to do that. Please note that we might have not scraped such information from your content either, so anybody can extract such information from the raw files if they are downloadable (for example, if resolution of your original images is so small that they did not require resizing and therefore we always serve the originals).
We keep all the content that you submit to our servers until the moment when you explicitly delete it. When you delete the content it gets physically deleted and there is no way to restore it.
SendGrid as email service
As we use SendGrid to send our emails, the clicks in a mail are tracked and the onRadr staff can look at these data. We don’t use this data for our algorithms.
When you write onRadr with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future.
We also store any information you volunteer like surveys. Sometimes when we do customer interviews, we may ask for your permission to record the conversation for future reference or use. We only do so if you give your express consent.
What we do not collect
We have no tracking of your behavior - neither in-house trackers, nor the ones from third parties, but one: as mentioned above, only your clicks in the emails get tracked, as it is a built-in service of SendGrid. Your comments and up/downvotes are stored in our database but are not analyzed in any way to profile your habits and/or tastes.
Our grid algorithms
Our algorithms for user grids are calculating your proximity to other users solely by the number of your common interests, so we don't need any other information about your relations to other people.
We are not collecting information to provide you with analytics about how users are approaching your content - we believe it's enough to notify you about real engagement on your content (comments and votes). So, there's no information about demographics of your audience or sources of traffic stored anywhere on our servers.
We never sell your data
We will never sell your data to any kind of third party.
Your rights with respect to your information
At onRadr, we apply the same data rights to all customers, regardless of their location. Currently some of the most privacy-forward regulations in place are the European Union’s General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”) in the US. onRadr recognizes all of the rights granted in these regulations, except as limited by applicable law. These rights include:
Right to Know
Right of Access
This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
Right to Correction
You have the right to request correction of your personal information.
Right to Erasure / “To be Forgotten”
This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, all of our service providers. Fulfillment of some data deletion requests may prevent you from using onRadr services because our applications may then no longer work. In such cases, a data deletion request may result in closing your account.
Right to Complain
You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.
Right to Restrict Processing
This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (Again: we never have and never will sell your personal data.)
Right to Object
You have the right, in certain situations, to object to how or why your personal information is processed.
Right to Portability
You have the right to receive the personal information we have about you and the right to transmit it to another party.
Right to not be subject to Automated Decision-Making
You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.
Right to Non-Discrimination
This right stems from the CCPA. We do not and will not charge you a different amount to use our products, offer you different discounts, or give you a lower level of customer service because you have exercised your data privacy rights. However, the exercise of certain rights (such as the right “to be forgotten”) may, by virtue of your exercising those rights, prevent you from using our Services.
Many of these rights can be exercised by signing in and directly updating your account information.
If you have questions about exercising these rights or need assistance, please contact us at firstname.lastname@example.org. For requests to delete personal information or know what personal information has been collected, we will first verify your identity using a combination of at least two pieces of information already collected including your user email address. If an authorized agent is corresponding on your behalf, we will first need written consent with a signature from the account holder before proceeding.
How we secure your data
All data is encrypted via SSL/TLS when transmitted from our servers to your browser. For onRadr most data is not encrypted while they live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest.
Location of site and data
Our products and other web properties are operated in Europe, but SendGrid and AWS, which are located in the United States. We use SendGrid for our mailing and AWS S3 bucket for storing our visual content.
Place of law
The place of law of our onRadr application is in Switzerland.
Mobile app permissions
You may use your camera and/or your picture library to upload visual content to the onRadr app. Other than that our app just needs the permission to access the internet to function properly. In the future we may ask for permission to use push notifications upon first sign-in.
Changes & questions
We may update this policy as needed to comply with relevant regulations and reflect any new practices.