Disroot
Disroot provides a range of online, open-source, collaboration and productivity tools, including email and cloud storage.
Score
Citation
We do not in any way process, analyze your behavior or personal characteristics (profiling). We have no advertisements or business relationships with advertisers.
Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.
Score
Citation
You have the right to request from us access to and rectification or erasure of your personal data
Notes
From the FAQ (https://disroot.org/en/faq):
To delete your Disroot account log in to https://user.disroot.org and select 'Delete My Account'.
Accounts and their data are wiped on daily.
This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).
Note that whether the policy allows sharing aggregated user data does not affect this question.
If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).
If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).
Score
Citation
We do not share nor sell your data to third party unless in case of network inter-operatable (federated) services require certain data to operate (eg. other email service provider needs to know your email address to be able to deliver emails).
Score
Notes
Not specified anywhere on the policy.
Score
Citation
We use disk encryption on all data to prevent data leak in cases where servers are stolen, confiscated, or in any way physically tampered with.
We provide and require SSL/TLS encryption on all provided services.
Score
Citation
You can follow the history of changes on this document on our version control system here.
Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.
Score
Notes
Not specified.
Score
Citation
We reserve the right to change any of the points. All changes will be publicly available and will be communicated to all users via the forum, Diaspora, Mastodon and Blog. Major changes to Privacy Policy will be sent additionally via email to all users.
This includes the use of data brokers and independent verification authorities (such as background check providers).
Score
Notes
No where in the policy are any third parties listed as data sources.
Score
Citation
"We require a username and password to identify the account holder and provide the services offered by Disroot.org"
"Our processing of your information is limited to storing it for you to use."
" This data is used to help diagnose software issues, maintain security of the system against intrusion, and monitor the health of the platform."
Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.
Score
Citation
"We do not collect any data other then what is needed to provide you the service."
"We do not require any additional information that is not crucial for operation of the service (we do not ask for additional email addresses, phone numbers)"
Score
Citation
"We require a username and password to identify the account holder and provide the services offered by Disroot.org All additional information you supply on any of the services provided by Disroot.org are optional."
"We store logs of your activity for period no longer then 24h (unless specified otherwise per service)."
Last Updated
March 28, 2021
Sources
Contributors
