Update Privacy Policy a bit

Remove the references to Auth0 unless you switched back to using it; and remove the references to Vercel and mention Linode instead.
2022-09-15 05:05:13 -07:00 · 2022-09-15 05:05:13 -07:00 · d058f46906
commit d058f46906
parent 4c343aee3e
2 changed files with 50 additions and 42 deletions
--- a/src/app/GlobalFooter.js
+++ b/src/app/GlobalFooter.js
@ -29,7 +29,7 @@ function GlobalFooter() {
            Terms of Use
          </ChakraLink>
          <Link href="/privacy" passHref>
-            <ChakraLink>Privacy Policy</ChakraLink>
+            <ChakraLink>Privacy Policy (09/2022)</ChakraLink>
          </Link>
          <ChakraLink href={classicDTIUrl}>Classic DTI</ChakraLink>
        </HStack>
--- a/src/app/PrivacyPolicyPage.js
+++ b/src/app/PrivacyPolicyPage.js
@ -3,8 +3,11 @@ import { css } from "@emotion/react";
 import { VStack } from "@chakra-ui/react";
 import { Heading1, Heading2, Heading3 } from "./util";
 import { useAuthModeFeatureFlag } from "./components/useCurrentUser";
 function PrivacyPolicyPage() {
  const [authMode] = useAuthModeFeatureFlag();
  return (
    <>
      <Heading1 marginBottom="4">Our privacy policy</Heading1>
@ -38,43 +41,46 @@ function PrivacyPolicyPage() {
            your creations with others.
          </p>
        </section>
-        <section>
+        {authMode === "auth0" && (
-          <Heading2>Account management</Heading2>
+          <section>
-          <p>
+            <Heading2>Account management</Heading2>
-            While our <a href="https://impress.openneo.net/">classic app</a>{" "}
+            <p>
-            uses its own authentication, the app you're using now uses a service
+              While our <a href="https://impress.openneo.net/">classic app</a>{" "}
-            called <a href="https://auth0.com/">Auth0</a> to manage account
+              uses its own authentication, the app you're using now uses a
-            creation and login.
+              service called <a href="https://auth0.com/">Auth0</a> to manage
-          </p>
+              account creation and login.
-          <p>
+            </p>
-            We made this decision because authentication is difficult to write
+            <p>
-            and maintain securely. We felt that Auth0 was the smoothest and most
+              We made this decision because authentication is difficult to write
-            secure experience we could offer, especially as a small team of
+              and maintain securely. We felt that Auth0 was the smoothest and
-            volunteers{" "}
+              most secure experience we could offer, especially as a small team
-            <span role="img" aria-label="Sweat smile emoji">
+              of volunteers{" "}
-              😅
+              <span role="img" aria-label="Sweat smile emoji">
-            </span>
+                😅
-          </p>
+              </span>
-          <p>
+            </p>
-            <a href="https://auth0.com/legal/ss-tos">
+            <p>
-              Auth0's terms of service
+              <a href="https://auth0.com/legal/ss-tos">
-            </a>{" "}
+                Auth0's terms of service
-            commit to treating your user data as confidential information, not
+              </a>{" "}
-            to be shared with anyone else, and only to be used as part of Dress
+              commit to treating your user data as confidential information, not
-            to Impress. (The details are in Sections 6 and 7!)
+              to be shared with anyone else, and only to be used as part of
-          </p>
+              Dress to Impress. (The details are in Sections 6 and 7!)
-          <p>
+            </p>
-            When signing up, Auth0 will ask for a username, password, and email
+            <p>
-            address. They store your password as a <em>hash</em> (which,
+              When signing up, Auth0 will ask for a username, password, and
-            colloquially, is like a one-way encryption), rather than as the
+              email address. They store your password as a <em>hash</em> (which,
-            plain password itself.
+              colloquially, is like a one-way encryption), rather than as the
-          </p>
+              plain password itself.
-          <p>
+            </p>
-            Some user accounts were created before we moved to Auth0. For those
+            <p>
-            users, we imported their accounts from our custom database into
+              Some user accounts were created before we moved to Auth0. For
-            Auth0. This included username, password hash, and email address.
+              those users, we imported their accounts from our custom database
-          </p>
+              into Auth0. This included username, password hash, and email
-        </section>
+              address.
            </p>
          </section>
        )}
        <section>
          <Heading2>Analytics and logging</Heading2>
          <p>
@ -105,10 +111,12 @@ function PrivacyPolicyPage() {
            </a>
          </p>
          <p>
-            We also use <a href="https://vercel.com/">Vercel</a> and{" "}
+            We also use <a href="https://www.linode.com/">Linode</a> and{" "}
-            <a href="https://www.fastly.com/">Fastly</a> for web hosting. They
+            <a href="https://www.fastly.com/">Fastly</a> for web hosting. Linode
-            store aggregate usage logs for us, but not any
+            stores our database, and handles most web traffic dealing with
-            personally-identifying data.
+            personal data. Personal data also travels through Fastly's servers
            temporarily, but they only store aggregate usage logs for us, not
            any personally-identifying data.
          </p>
        </section>
        <section>