freedesktop.org Privacy Policy
Some of the services used by freedesktop.org may collect and retain personally-identifying information about you. Some of these services will also disclose information you submit to the public. In both cases, this requires active disclosure: we do not passively mine personal information.
This policy describes how your information is collected and used across all sites and services in the freedesktop.org domain.
What information is collected?
Other than metadata logged as part of your explicit use of our services (including but not limited to IP addresses), we do not collect any information that you do not explicitly provide to us. For example, we do not employ advertising services, or attempt to associate data from your sessions on our services to external user profiles.
freedesktop.org provides a number of services where users may create accounts. These include Mailman, Bugzilla, Phabricator, GitLab, this wiki service, and the user accounts used to provide commit access to Git repositories. Each of these services will store your email address, email address and real name (if provided), and encrypted password. If the service allows it, and you have chosen to use an external identity provider to authenticate (e.g. using Google to authenticate your GitLab account), the association between your account data as listed, and any external account data (such as user ID and email address) will be recorded.
How is the information stored and used?
We do not actively share information with third parties, or analyse or 'mine' personally-identifying data. However, some of the data you provide to us may be disclosed to the public, as below.
The services provided by freedesktop.org are, unless specifically noted, accessible to and searchable by the public, and the information recorded above may be used to identify you with what you submit. For example, if you send a mail to a public mailing list, the message will appear in the public archive with your name and email address, as well as sent to the list subscribers who may themselves be archiving this information. Similarly, if you file a bug, this will be available on the public bug tracker, and may also appear in mailing list archives. All of the above may be visible to public search engines.
We do not ordinarily access any non-public user information, such as IP addresses used for your session. From time to time, the administrators may need to use this information when investigating issues with these services. For example, if we are trying to identify why mail is not delivered or why you cannot access a web service, we may determine the IP address you are using for this session and use this to examine the traffic from that IP to figure out the issue. We will not share this data with the public, nor make any record of it beyond what is required to resolve the immediate issue.
The information you provide by us is ordinarily held indefinitely, as we do not periodically purge results. Any information which is made public by your actions, such as posting to a mailing list, can not be considered confidential once published.
How do you secure the information?
In transit, the information you provide is secured by TLS when using HTTP. Whilst we have TLS available for SMTP, mailing list traffic may be sent or received in plain text if TLS is not usable.
Most information logs are either held on machines which are only accessible to administrators, or access-controlled to only be accessible by administrators.
How do I opt out of information collection?
If you do not want freedesktop.org to collect information on you, or publicly disclose this information, do not submit this information to any services. Some services such as mailing lists and bug trackers publish this information to a public audience. Once this information is published (e.g. a post to a mailing list has been sent to all its subscribers, and made available in public archives), it can no longer be considered confidential, and we no longer have any control over how it will be used by those who have received it.
Whilst we can and will make reasonable effort to delete information upon request (e.g. purging accounts you have created), we may not be able to do this in all cases. For instance, posts you have made to mailing lists or bug trackers may have already been disseminated across the wider internet, where we have no control over its use and storage.
Who is responsible for this information, and where?
In this statement, 'we' and 'freedesktop.org' refers to the authorized agents of freedesktop.org, which is a member project of Software in the Public Interest, Inc ('SPI'). SPI is a non-profit corporation incorporated in the State of New York.
Our services run on servers hosted in the United States, in facilities hosted by the Portland State University, as well as on Google's Cloud Engine. As above, administrators processing your information for the purposes of resolving issues with the services, may also access your data within the European Union and European Economic Area.
If you have any concerns about this policy or the use of your information, you may contact the freedesktop.org administrators either via a public mailing list, or directly, see the list of current administrators.