patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
sojorn/website/privacy.astro
Patrick Britton 434937961c security: sanitized baseline for public release
2026-02-15 00:33:24 -06:00

188 lines
13 KiB
Plaintext
Raw Blame History

---
import Layout from '../layouts/Layout.astro';
---
<Layout title="Privacy Policy | MPLS LLC" description="MPLS LLC privacy policy — Privacy as Sanctuary + Right Livelihood philosophy.">
<section class="bg-brand-900 py-16">
<div class="mx-auto max-w-4xl px-6 text-center">
<p class="text-sm font-semibold uppercase tracking-widest text-brand-300 mb-2">Legal</p>
<h1 class="font-display text-3xl font-bold text-white sm:text-4xl">Privacy &amp; Data Sovereignty</h1>
<p class="mt-3 text-brand-200">Effective Date: February 12, 2026 &middot; Operator: MPLS LLC</p>
</div>
</section>
<section class="py-16 bg-white">
<div class="mx-auto max-w-3xl px-6">
<p class="text-sm text-zinc-500 italic mb-10 text-center">
Profiting from surveillance is strictly against our principles. We reject the "attention economy" model.
</p>
<div class="space-y-8">
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">Our Philosophy: Privacy as a Sanctuary</h2>
<p class="text-zinc-600 leading-relaxed">Most social platforms treat your data as their product. They harvest your posts, your photos, your location, your relationships, and your attention — then sell access to the highest bidder. We built Sojorn to prove that a social network can exist without any of that.</p>
<p class="text-zinc-600 leading-relaxed"><strong>Sojorn is a walled garden where your data is not a commodity.</strong> We are groundskeepers of this space — not owners of what grows in it.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">1. Data Sovereignty</h2>
<p class="text-zinc-600 leading-relaxed">We do not sell your data. We do not license your data. We do not provide your data to third-party analytics, advertising, or data brokerage firms. Your content is not indexed on public search engines. Sojorn is a private community designed to protect your posts and identity from the extractivist economy.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">2. What We Collect</h2>
<p class="text-zinc-600 leading-relaxed mb-3">We collect only what is technically necessary to operate the Service:</p>
<table class="w-full text-sm text-zinc-600">
<thead>
<tr class="border-b border-zinc-200">
<th class="text-left py-2">Data</th>
<th class="text-left py-2">Purpose</th>
<th class="text-left py-2">Retention</th>
</tr>
</thead>
<tbody>
<tr class="border-b border-zinc-100">
<td class="py-2"><strong>Email address</strong></td>
<td class="py-2">Authentication, critical account notifications</td>
<td class="py-2">Until account deletion</td>
</tr>
<tr class="border-b border-zinc-100">
<td class="py-2"><strong>Birth month &amp; year</strong></td>
<td class="py-2">Age verification (16+ requirement)</td>
<td class="py-2">Until account deletion</td>
</tr>
<tr class="border-b border-zinc-100">
<td class="py-2"><strong>Display name &amp; handle</strong></td>
<td class="py-2">Profile identity within the network</td>
<td class="py-2">Until account deletion</td>
</tr>
<tr class="border-b border-zinc-100">
<td class="py-2"><strong>Content you create</strong></td>
<td class="py-2">Posts, comments, images, video — displayed to your chosen audience</td>
<td class="py-2">Until you delete it</td>
</tr>
<tr class="border-b border-zinc-100">
<td class="py-2"><strong>Approximate location</strong> (Beacons only)</td>
<td class="py-2">Community safety incident reporting</td>
<td class="py-2">Ephemeral — not stored permanently</td>
</tr>
<tr>
<td class="py-2"><strong>Device push tokens</strong></td>
<td class="py-2">Delivering notifications you have opted into</td>
<td class="py-2">Until account deletion or token refresh</td>
</tr>
</tbody>
</table>
<p class="text-zinc-600 leading-relaxed mt-4">We do <strong>not</strong> collect precise GPS location outside of Beacons, contact lists or phone books, browsing history outside of Sojorn, biometric data, or financial information.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">3. Third-Party Services</h2>
<table class="w-full text-sm text-zinc-600">
<thead>
<tr class="border-b border-zinc-200">
<th class="text-left py-2">Service</th>
<th class="text-left py-2">Purpose</th>
<th class="text-left py-2">Data Shared</th>
</tr>
</thead>
<tbody>
<tr class="border-b border-zinc-100">
<td class="py-2"><strong>Firebase</strong></td>
<td class="py-2">Authentication, push notifications</td>
<td class="py-2">Email, device token</td>
</tr>
<tr class="border-b border-zinc-100">
<td class="py-2"><strong>Cloudflare R2</strong></td>
<td class="py-2">Media file storage (images, video)</td>
<td class="py-2">Uploaded media files</td>
</tr>
<tr class="border-b border-zinc-100">
<td class="py-2"><strong>SendPulse</strong></td>
<td class="py-2">Newsletter delivery (opt-in only)</td>
<td class="py-2">Email address</td>
</tr>
<tr>
<td class="py-2"><strong>OpenAI / Google Vision</strong></td>
<td class="py-2">Content moderation (hate speech, violence detection)</td>
<td class="py-2">Text snippets and image URLs of public posts only</td>
</tr>
</tbody>
</table>
<p class="text-zinc-600 leading-relaxed mt-4">We do <strong>not</strong> use third-party tracking pixels, cross-site cookies, behavioral analytics, or advertising SDKs.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">4. AI Moderation Disclosure</h2>
<p class="text-zinc-600 leading-relaxed">Public posts may be analyzed by AI moderation systems to detect policy violations (hate speech, violence, spam, NSFW content). This analysis:</p>
<ul class="list-disc pl-6 text-zinc-600 leading-relaxed space-y-1">
<li>Is performed only on content you post publicly or within groups.</li>
<li>Does <strong>not</strong> apply to end-to-end encrypted messages or capsule content.</li>
<li>Does <strong>not</strong> train AI models on your content — we use pre-trained safety classifiers only.</li>
<li>Is subject to human review before permanent moderation action.</li>
<li>Produces an audit trail visible to administrators for accountability.</li>
</ul>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">5. Zero-Knowledge Encryption</h2>
<p class="text-zinc-600 leading-relaxed">Private messages and encrypted capsule content are protected by end-to-end encryption (E2EE) using keys generated on your device. Your encryption keys are wrapped with a passphrase only you know and stored as an opaque encrypted blob on our servers. <strong>We cannot decrypt your private content.</strong> We cannot comply with requests to produce content we cannot read.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">6. Your Right to Vanish</h2>
<p class="text-zinc-600 leading-relaxed">You have the absolute right to delete your account and all associated data at any time.</p>
<p class="text-zinc-600 leading-relaxed">When you delete content or your account, we perform <strong>hard deletes</strong> — database records are permanently removed, media files are permanently removed from storage buckets, and encryption key backups are permanently removed. We do not retain shadow copies, hidden archives, or behavioral profiles.</p>
<p class="text-zinc-600 leading-relaxed">When you leave, you leave.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">7. Anti-Extraction Commitment</h2>
<p class="text-zinc-600 leading-relaxed">MPLS LLC will never:</p>
<ul class="list-disc pl-6 text-zinc-600 leading-relaxed space-y-1">
<li>Use your content to train artificial intelligence or machine learning models.</li>
<li>Sell, license, or share your content with data brokers or advertisers.</li>
<li>Build advertising or behavioral profiles from your activity.</li>
<li>Provide "data partnerships" or "audience insights" products derived from your content.</li>
</ul>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">8. Right to Livelihood</h2>
<p class="text-zinc-600 leading-relaxed">If MPLS LLC ever wishes to feature your content in promotional materials outside the Sojorn app interface, we must contact you directly, offer financial compensation, and receive your explicit written consent. See Section 4.5 of our <a href="/terms" class="text-brand-700 hover:text-brand-800 font-medium transition-colors">Terms of Service</a> for full details.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">9. Anti-Scraping</h2>
<p class="text-zinc-600 leading-relaxed">We actively defend against unauthorized commercial harvesting of user content through rate limiting, authentication requirements, and automated abuse detection. Unauthorized scraping of Sojorn content is a violation of these Terms and may be pursued under the Computer Fraud and Abuse Act (CFAA).</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">10. Law Enforcement</h2>
<p class="text-zinc-600 leading-relaxed">We will comply with valid legal process (court orders, subpoenas) as required by law. However:</p>
<ul class="list-disc pl-6 text-zinc-600 leading-relaxed space-y-1">
<li>We will notify affected users unless legally prohibited from doing so.</li>
<li>We cannot produce end-to-end encrypted content (we do not have the keys).</li>
<li>We will challenge overbroad or legally deficient requests.</li>
<li>We will publish a transparency report annually documenting any government data requests received.</li>
</ul>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">11. Children's Privacy</h2>
<p class="text-zinc-600 leading-relaxed">Sojorn is not intended for users under 16. We do not knowingly collect data from children. If we discover that a user is under 16, we will delete their account and all associated data.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">12. Server Hosting &amp; Legal Compliance</h2>
<p class="text-zinc-600 leading-relaxed mb-3">Our primary infrastructure is hosted by <strong>Hetzner GmbH</strong> in <strong>Germany</strong>, subject to European Union data protection regulations including the General Data Protection Regulation (GDPR).</p>
<ul class="list-disc pl-6 text-zinc-600 leading-relaxed space-y-1 mb-3">
<li><strong>Data Processing Location:</strong> Primary application servers and databases are located in Hetzner's German data centers.</li>
<li><strong>GDPR Compliance:</strong> As a U.S. company processing data in the EU, we comply with GDPR requirements including data subject rights, breach notification within 72 hours, and appropriate technical and organizational measures.</li>
<li><strong>Data Transfer Mechanisms:</strong> We rely on Standard Contractual Clauses (SCCs) for EU-U.S. data transfers where applicable.</li>
<li><strong>German Data Protection Authority:</strong> Users in the EU have the right to lodge complaints with the competent German supervisory authority for data protection matters.</li>
<li><strong>Media Storage:</strong> User-uploaded media files are stored via Cloudflare R2 with globally distributed edge locations, but primary storage and processing occur within our EU-hosted infrastructure.</li>
</ul>
<p class="text-zinc-600 leading-relaxed">While MPLS LLC is a U.S. company, our EU hosting ensures that European users benefit from GDPR-level protections regardless of their location.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">13. Changes to This Policy</h2>
<p class="text-zinc-600 leading-relaxed">We will notify registered users via email and in-app notification of any material changes to this Privacy Policy at least 30 days before they take effect.</p>
</div>
<div>
<h2 class="text-xl font-semibold text-zinc-900 mb-3">14. Contact</h2>
<p class="text-zinc-600 leading-relaxed">For privacy concerns: <a href="mailto:privacy@sojorn.net" class="text-brand-700 hover:text-brand-800 font-medium transition-colors">privacy@sojorn.net</a></p>
<p class="text-zinc-600 leading-relaxed mt-2">For legal inquiries: <a href="mailto:legal@mp.ls" class="text-brand-700 hover:text-brand-800 font-medium transition-colors">legal@mp.ls</a></p>
</div>
</div>
</div>
</section>
</Layout>
Reference in a new issue View git blame Copy permalink