Add privacy policy

2024-06-29 08:02:30 +00:00 · 2019-03-12 20:51:23 -05:00 · 2019-03-12 20:51:23 -05:00 · 21ebc398fa
commit 21ebc398fa
parent cf3f0fcc39
13 changed files with 97 additions and 1 deletions
--- a/locales/ar.json
+++ b/locales/ar.json
@ -102,6 +102,7 @@
  "Released under the AGPLv3 by Omar Roth.": "تم الإنشاء تحت AGPLv3 بواسطة عمر روث.",
  "Source available here.": "الأكواد متوفرة هنا.",
  "View JavaScript license information.": "مشاهدة معلومات حول تراخيص الجافاسكريبت.",
+  "View privacy policy.": "",
  "Trending": "الشائع",
  "Watch video on Youtube": "مشاهدة الفيديو على اليوتيوب",
  "Genre: ": "النوع: ",
--- a/locales/de.json
+++ b/locales/de.json
@ -102,6 +102,7 @@
  "Released under the AGPLv3 by Omar Roth.": "Veröffentlicht unter AGPLv3 von Omar Roth.",
  "Source available here.": "Quellcode verfügbar hier.",
  "View JavaScript license information.": "Javascript Lizenzinformationen anzeigen.",
+  "View privacy policy.": "",
  "Trending": "Trending",
  "Watch video on Youtube": "Video auf YouTube ansehen",
  "Genre: ": "Genre: ",
--- a/locales/en-US.json
+++ b/locales/en-US.json
@ -100,6 +100,7 @@
  "Released under the AGPLv3 by Omar Roth.": "Released under the AGPLv3 by Omar Roth.",
  "Source available here.": "Source available here.",
  "View JavaScript license information.": "View JavaScript license information.",
+  "View privacy policy.": "View privacy policy.",
  "Trending": "Trending",
  "Watch video on Youtube": "Watch video on Youtube",
  "Genre: ": "Genre: ",
--- a/locales/eu.json
+++ b/locales/eu.json
@ -100,6 +100,7 @@
  "Released under the AGPLv3 by Omar Roth.": "",
  "Source available here.": "",
  "View JavaScript license information.": "",
+  "View privacy policy.": "",
  "Trending": "",
  "Watch video on Youtube": "",
  "Genre: ": "",
--- a/locales/fr.json
+++ b/locales/fr.json
@ -100,6 +100,7 @@
  "Released under the AGPLv3 by Omar Roth.": "Publié sous licence AGPLv3 par Omar Roth.",
  "Source available here.": "Code Source.",
  "View JavaScript license information.": "Voir les informations des licences JavaScript.",
+  "View privacy policy.": "",
  "Trending": "Tendances",
  "Watch video on Youtube": "Voir la vidéo sur Youtube",
  "Genre: ": "Genre : ",
--- a/locales/it.json
+++ b/locales/it.json
@ -100,6 +100,7 @@
  "Released under the AGPLv3 by Omar Roth.": "Pubblicato con licenza AGPLv3 da Omar Roth.",
  "Source available here.": "Codice sorgente.",
  "View JavaScript license information.": "Guarda le informazioni di licenza del codice JavaScript.",
+  "View privacy policy.": "",
  "Trending": "Tendenze",
  "Watch video on Youtube": "Guarda il video su YouTube",
  "Genre: ": "Genere: ",
--- a/locales/nb_NO.json
+++ b/locales/nb_NO.json
@ -100,6 +100,7 @@
  "Released under the AGPLv3 by Omar Roth.": "Utgitt med AGPLv3+lisens av Omar Roth.",
  "Source available here.": "Kildekode tilgjengelig her.",
  "View JavaScript license information.": "Vis JavaScript-lisensinfo.",
+  "View privacy policy.": "",
  "Trending": "Trendsettende",
  "Watch video on Youtube": "Vis video på YouTube",
  "Genre: ": "Sjanger: ",
--- a/locales/nl.json
+++ b/locales/nl.json
@ -100,6 +100,7 @@
  "Released under the AGPLv3 by Omar Roth.": "Uitgegeven onder AGPLv3 door Omar Roth.",
  "Source available here.": "Bron beschikbaar hier.",
  "View JavaScript license information.": "Bekijk JavaScript licentie informatie.",
+  "View privacy policy.": "",
  "Trending": "Trending",
  "Watch video on Youtube": "Bekijk video op Youtube",
  "Genre: ": "Genre: ",
--- a/locales/pl.json
+++ b/locales/pl.json
@ -100,6 +100,7 @@
  "Released under the AGPLv3 by Omar Roth.": "Wydano na licencji AGPLv3 przez Omar Roth.",
  "Source available here.": "Kod źródłowy dostępny tutaj.",
  "View JavaScript license information.": "Wyświetl informację o licencji JavaScript.",
+  "View privacy policy.": "",
  "Trending": "Na czasie",
  "Watch video on Youtube": "Zobacz film na YouTube",
  "Genre: ": "Gatunek: ",
--- a/locales/ru.json
+++ b/locales/ru.json
@ -102,6 +102,7 @@
  "Released under the AGPLv3 by Omar Roth.": "Распространяется Omar Roth по AGPLv3.",
  "Source available here.": "Исходный код доступен здесь.",
  "View JavaScript license information.": "Посмотреть лицензии JavaScript кода.",
+  "View privacy policy.": "",
  "Trending": "В тренде",
  "Watch video on Youtube": "Смотреть на YouTube",
  "Genre: ": "Жанр: ",
--- a/src/invidious.cr
+++ b/src/invidious.cr
@ -17,6 +17,7 @@
 require "digest/md5"
 require "file_utils"
 require "kemal"
+require "markdown"
 require "openssl/hmac"
 require "option_parser"
 require "pg"
@ -291,6 +292,11 @@ get "/" do |env|
  end
 end

+get "/privacy" do |env|
+  locale = LOCALES[env.get("preferences").as(Preferences).locale]?
+  templated "privacy"
+end
+
 get "/licenses" do |env|
  locale = LOCALES[env.get("preferences").as(Preferences).locale]?
  rendered "licenses"
--- a/src/invidious/views/privacy.ecr
+++ b/src/invidious/views/privacy.ecr
@ -0,0 +1,75 @@
+<% content_for "header" do %>
+<title>Privacy Policy - Invidious</title>
+<% end %>
+
+<div class="h-box">
+<%= Markdown.to_html(<<-END_PRIVACY_POLICY
+  ## Privacy
+  
+  This document concerns what data you provide to this website, the purpose of the data, how the data is stored, and how the data can be removed.
+  
+  ### Data you directly provide
+  
+  Data that you provide to the website for the purpose of the site's operation (for example: an account name, account password, or channel subscription) will be stored in the website's database until the user decides to remove it. This data will not be intentionally shared with anyone or anything.
+  
+  Information stored about a registered user is limited to:
+  
+  - a list of session tokens for remaining logged in across devices
+  - the last time an account was updated (to provide accurate notifications)
+  - a list of video IDs identifying notifications from a user's subscriptions
+  - a list of channel UCIDs the user is subscribed to
+  - a user ID (for persistent storage of subscriptions and preferences)
+  - a json object containing user preferences
+  - a hashed password if applicable (not present on google accounts)
+  - a randomly generated token for providing an RSS feed of a user's subscriptions
+  - a list of video IDs identifying watched videos
+  
+  The above list reflects [this code](https://github.com/omarroth/invidious/blob/master/src/invidious/users.cr#L14-L51).
+  
+  Users can clear their watch history using the [clear watch history](/clear_watch_history) page.
+  
+  If a user is logged in with a Google account, no password will ever be stored. This website uses the session token provided by Google to identify a user, but does not store the information required to make requests on a user's behalf without their knowledge or consent.
+  
+  ### Data you passively provide
+  
+  When you request any resource from this website (for example: a page, a font, an image, or an API endpoint) information about the request may be logged.
+  
+  Information about a request is limited to:
+  
+  - the time the request was made
+  - the status code of the response
+  - the method of the request
+  - the requested URL
+  - how long it took to complete the request.
+  
+  No identifying information is logged, such as the visitor's cookie, user-agent, or IP address. Here are a couple lines to serve as an example:
+  
+  ```
+  2019-01-19 16:37:47 +00:00 200 GET /api/v1/comments/xrlETJYzH-c?format=html&hl=en-US 1345.88ms
+  2019-01-19 16:37:53 +00:00 200 GET /vi/r5P-f5arPXE/maxres.jpg 1085.41ms
+  2019-01-19 16:37:54 +00:00 200 GET /watch 7.04ms
+  ```
+  
+  This website does not store the visitor's user-agent or IP address and does not use fingerprinting, advertisements, or tracking of any form.
+  
+  This website provides links to googlevideo.com to provide audio and video playback. googlevideo.com is owned by Google and is subject to their [privacy policy](https://policies.google.com/privacy).
+  
+  ### Data stored in your browser
+  
+  This website uses browser cookies to authenticate registered users. This data consists of:
+  
+  - An account token to keep you logged into the website between visits, which is sent when any page is loaded while you are logged in
+  
+  This website also provides an option to store site preferences, such as the theme or locale, without an account. Using this feature will store a cookie in the visitor's browser containing their preferences. This cookie is sent on every request and does not contain any identifying information.
+
+  You can remove this data from your browser by logging out of this website, or by using your browser's cookie-related controls to delete the data.
+  
+  ### Removal of data
+  
+  To remove data stored in your browser, you can log out of the website, or you can use your browser's cookie-related controls to delete the data.
+  
+  To remove data that has been stored in the website's database, you can use the [delete my account](/delete_account) page.
+  END_PRIVACY_POLICY
+  )
+%>
+</div>
--- a/src/invidious/views/template.ecr
+++ b/src/invidious/views/template.ecr
@ -124,7 +124,12 @@
            <a rel="jslicense" href="/licenses">
              <%= translate(locale, "View JavaScript license information.") %>
            </a>
-          </div>
+            / 
+            <i class="icon ion-ios-paper"></i>
+            <a href="/privacy">
+              <%= translate(locale, "View privacy policy.") %>
+            </a>
+          </div> 
          <div class="pure-u-1 pure-u-md-1-3">
            <i class="icon ion-logo-github"></i>
            <%= translate(locale, "Current version: ") %> <%= CURRENT_VERSION %>-<%= CURRENT_COMMIT %>