Update Privacy Policy a bit

Remove the references to Auth0 unless you switched back to using it; and remove the references to Vercel and mention Linode instead.
This commit is contained in:
Emi Matchu 2022-09-15 05:05:13 -07:00
parent 4c343aee3e
commit d058f46906
2 changed files with 50 additions and 42 deletions

View file

@ -29,7 +29,7 @@ function GlobalFooter() {
Terms of Use
</ChakraLink>
<Link href="/privacy" passHref>
<ChakraLink>Privacy Policy</ChakraLink>
<ChakraLink>Privacy Policy (09/2022)</ChakraLink>
</Link>
<ChakraLink href={classicDTIUrl}>Classic DTI</ChakraLink>
</HStack>

View file

@ -3,8 +3,11 @@ import { css } from "@emotion/react";
import { VStack } from "@chakra-ui/react";
import { Heading1, Heading2, Heading3 } from "./util";
import { useAuthModeFeatureFlag } from "./components/useCurrentUser";
function PrivacyPolicyPage() {
const [authMode] = useAuthModeFeatureFlag();
return (
<>
<Heading1 marginBottom="4">Our privacy policy</Heading1>
@ -38,19 +41,20 @@ function PrivacyPolicyPage() {
your creations with others.
</p>
</section>
{authMode === "auth0" && (
<section>
<Heading2>Account management</Heading2>
<p>
While our <a href="https://impress.openneo.net/">classic app</a>{" "}
uses its own authentication, the app you're using now uses a service
called <a href="https://auth0.com/">Auth0</a> to manage account
creation and login.
uses its own authentication, the app you're using now uses a
service called <a href="https://auth0.com/">Auth0</a> to manage
account creation and login.
</p>
<p>
We made this decision because authentication is difficult to write
and maintain securely. We felt that Auth0 was the smoothest and most
secure experience we could offer, especially as a small team of
volunteers{" "}
and maintain securely. We felt that Auth0 was the smoothest and
most secure experience we could offer, especially as a small team
of volunteers{" "}
<span role="img" aria-label="Sweat smile emoji">
😅
</span>
@ -60,21 +64,23 @@ function PrivacyPolicyPage() {
Auth0's terms of service
</a>{" "}
commit to treating your user data as confidential information, not
to be shared with anyone else, and only to be used as part of Dress
to Impress. (The details are in Sections 6 and 7!)
to be shared with anyone else, and only to be used as part of
Dress to Impress. (The details are in Sections 6 and 7!)
</p>
<p>
When signing up, Auth0 will ask for a username, password, and email
address. They store your password as a <em>hash</em> (which,
When signing up, Auth0 will ask for a username, password, and
email address. They store your password as a <em>hash</em> (which,
colloquially, is like a one-way encryption), rather than as the
plain password itself.
</p>
<p>
Some user accounts were created before we moved to Auth0. For those
users, we imported their accounts from our custom database into
Auth0. This included username, password hash, and email address.
Some user accounts were created before we moved to Auth0. For
those users, we imported their accounts from our custom database
into Auth0. This included username, password hash, and email
address.
</p>
</section>
)}
<section>
<Heading2>Analytics and logging</Heading2>
<p>
@ -105,10 +111,12 @@ function PrivacyPolicyPage() {
</a>
</p>
<p>
We also use <a href="https://vercel.com/">Vercel</a> and{" "}
<a href="https://www.fastly.com/">Fastly</a> for web hosting. They
store aggregate usage logs for us, but not any
personally-identifying data.
We also use <a href="https://www.linode.com/">Linode</a> and{" "}
<a href="https://www.fastly.com/">Fastly</a> for web hosting. Linode
stores our database, and handles most web traffic dealing with
personal data. Personal data also travels through Fastly's servers
temporarily, but they only store aggregate usage logs for us, not
any personally-identifying data.
</p>
</section>
<section>