Effective 13 June 2023, Created 13 June 2023
If you have questions about how we use your data, feel free to ask for more information.
What Information We Collect
You do not need an account to simply view publically available portions of our Services. If you agree to our Anomaly Digital Services User Agreement and an account, you will be asked to provide a limited amount of information:
Additional information may need to be provided for specific services, such as:
Finally, you may volunteer optional information to us, including:
- profile picture
- profile banner image
Your username, biography, profile picture, and profile banner image will always be publically available, while you may optionally allow your birthdate to be made public. Your username does not have to be related to your real name. Your email address is kept private unless you share it publically on your own.
You may submit information, text, links, graphics, photos, videos, audio, streams or other materials ("Content") to our Services. This includes bot public and private Content such as public posts on the J3B Pleroma website, or emails through the System Anomaly Email Services. This Content is delivered to other users of our Services, and to your followers or individuals you directly send Content to (eg. direct messages or emails), and these individuals may have accounts located on servers that we do not control ("Third-Party Servers"). Copies of your Content may be stored on these Third-Party Servers.
Your Content may be viewable by the operator of our Services, and the services of Third-Parties, even if they are private.
We collect information on actions you take while using the Services. This includes interactions with Content, such as replying, forwarding, repeating, favoriting, reacting, muting, bookmarking, deleting, and reporting Content; and interactions with other users such as following, blocking, or saving in an address book (collectively "Actions"). Likewise with Content, your Actions may be delivered to Third-Party Servers where applicable.
Your Actions may be viewable by the operator of our Services, and the services of Third-Parties, even if they are private.
Log and Usage Data
We may log information about your access and use of our Services. This may include your IP address, user-agent string, browser type, operating system, referral URLs, device information, device settings, mobile carrier name, pages visited, links clicked, requested URLs, and search terms. We do not share the information we collect with Third-Parties, and proactively delete this information on a regular basis.
Cookies and Similar Technologies
We may recieve information from cookies or similar technologies if you allow them. We make a concsious choice to use the minimum number of cookies to provide you with our Services, and do not use them to track users outside of our Services. They are simply used to ensure continuation of existing sessions, preferences, and settings. You may clear this information as you see fit.
We do not attempt to get precise location for any user of our Services, but may infer a general location from IP addresses collected or location information voluntarily provided by other means. This information is purged as necessary on a regular basis, and any location information not purged is anonymized.
What Information is Used For
The information we collect from you may be used in the following ways:
- To provide core functionality of our Services;
- To aid in the moderation of our Services;
- To personalize our Services so that features match your preferences and settings;
- To protect the safety of us and our users, including blocking suspected spammers, addressing abuse of our Services, and enforcing the Anomaly Digital Services User Agreement and other policies;
- To research and develop new Services;
- To send you technical notices, updates, security alerts, and other support and administrative messaging;
- To provide customer service;
- To communicate with you about our Services; and
- To monitor and analyze trends, usage, and activities in connection with our Services.
Who Information is Shared With and How
We aim to share a little information with Third-Parties as possible, and attempt to protect your privacy as much as possible. Public-facing portions of our Service is accessible to everyone, even without an account. As such, by using our Services, the information you share with us may be public knowledge as described in the section where we describe what we collect. Personally identifyable information is not shared publically without your consent and direction.
The Content you share publically on the J3B Pleroma website is shared with other users of the service, anyone who may visit our service, or anyone on Third-Party servers federated with our service, and may be scraped through these public means. Additionally, your username, biography, profile picture, and profile banner image are public, and may be shared in the same way.
The Content you share privately with other users of our Services is not shared with any Third-Parties, however may be viewable by the operator of our Services. Content shared with users outside of our Services, however, will be avaialble to users and operators of those Third-Parties.
The specifics of who these Third-Party service providers are changes on a regular basis, and is usually driven by user behavior, such as emailing a user on a Third-Party service, or following a user on a Third-Party service that is API compatible with the J3B Pleroma website.
We do not sell your information to any Third-Parties, and never intend to. However, we may share your personal information in the following ways:
- With your consent or direction.
- With Third-Party applications. You may access our Services through a third-party applications, such as a mail client or mobile Mastodon/Pleroma application. You are in control of which applications have access to your information.
- With our service providers. We may share information with vendors, consultants, and other service providers who need access to such information to carry out work for us. Their use of personal information will be subject to appropriate confidentiality and security measures.
- To comply with the law. We may share information in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process, or governmental request, including, but not limited to, meeting national security or law enforcement requirements. To the extent the law allows it, we will attempt to provide you with prior notice before disclosing your information in response to such a request.
- In an emergency. We may share information if we believe it's necessary to prevent imminent and serious bodily harm to a person.
- Aggregated or anonymized information. We may share information about you that has been aggregated or anonymized such that it cannot reasonably be used to identify you. For example, we may show how many times a public post has been favorited or which countries an agregate of users are from that used our Services.
How Information is Protected
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. Among other things, your browser session, as well as the traffic between your applications and the API, are secured with SSL, and your password is hashed using a strong one-way algorithm. We use TLS encryption when sending messages between our email servers and others, and require it to recieve messages as well. You may enable two-factor authentication to further secure access to your account(s).
Data Retention Policy
Additional Privacy Disclosures
The following disclosures are for Third-Party services that we use to provide you with our Services. Mechanisms are being developed to aid in better locking down these third parties for your privacy protection.
Adobe Font Service
Google Font Service
The Google Font Service is provided to us as a way to better deliver a consistent branding among Services provided under the System Anomaly Brand and Anomaly Sub-Brands, and are embedded in some portions of our Services. Per the Google Privacy and Data Collection Policy regarding Google Fonts, Google collects information such as your IP address, the requested fonts, and your user agent describing your Internet browser and operating system versions as well as the referer (i.e. the webpage on which the Google font is to be displayed). Google does not user any information collected by Google Fonts to create profiles of end users or for targeted advertising, and is necessary to deliver the requested fonts. Google does not use or set cookies in order to serve fonts.
Embeded Content from Third-Parties
In addition to these listed rights, you may have additional rights afforded to you by applicable laws and regulations in the country that you reside. We will not reject any exercise of your rights in regard to your information, and will not discriminate against any user that wishes to exercise their rights.
- You may access your information and change or correct certain information through our Services. You may request a copy of the personal information we maintain about you.
- You may delete your account(s) at any time, and you may request that we delete any personal information we maintain about you. Some information may be retained as required by law.
- You may review the Third-Party applications you have permitted to access your account and revoke access to them at any time.
- You may set your browser to remove or reject cookies. If you do so, please note that functionality of our Services for you may be affected.
Additional Information for EEA Users
Users in the European Economic Area have the right to request access to, rectification of, or erasure of their personal data; to data portability in certain circumstances; to request restriction of processing; to object to processing; and to withdraw consent for processing where they have previously provided consent. These rights can be exercised as described in the "Your Rights" section above. EEA users also have the right to lodge a complaint with their local supervisory authority.
As required by applicable law, we collect and process information about individuals in the EEA only where we have a legal basis for doing so. Our legal bases depend on the Services you use and how you use them. We process your information on the following legal bases:
- You have consented for us to do so for a specific purpose;
- We need to process the information to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as preventing fraud, ensuring network and information security, enforcing our rules and policies, protecting our legal rights and interests, research and development, personalizing the Services, and marketing and promoting the Services; or
- We need to process your information to comply with our legal obligations.
International Data Transfers
System Anomaly is based in the United States and we process and store information on servers located in the United States. We do not store information on servers and equipment in other countries, however we may transfer information to Third-Party services that may not be located in the United States. By accessing or using the Services or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the U.S. and other countries, where you may not have the same rights as you do under local law.
When we transfer the personal data of users in the EEA, UK and/or Switzerland, we rely on the Standard Contractual Clauses approved by the European Commission for such transfers or other transfer mechanisms deemed ‘adequate' under applicable laws.
Additional Information for California Users
The California Consumer Privacy Act ("CCPA”), as amended, requires us to provide California residents with some additional information, which we address in this section.
In the last 12 months, we collected the following categories of personal information from California residents, depending on the Services used:
- Identifiers, like your username, email address, IP address, and cookie information.
- Internet or other electronic network activity information, such as information about your activity on our Services.
- Geolocation information based on your IP address, or more specific location information if you provide it to us.
- Your messages with other users (e.g., private messages, chats, and email).
- Audiovisual information in pictures, audio, or video content submitted to our Services.
- Inferences we make based on other collected data, for purposes such as analytics.
You can find more information about (a) what we collect and sources of that information in the "What Information We Collect” section of this notice, (b) the business and commercial purposes for collecting that information in the "What Information is Used For” section, and (c) the categories of third parties with whom we share that information in the "Who Information is Shared With and How” section.
If you are a California resident, you have additional rights under the CCPA, including the right to opt out of any sales or sharing of your personal information, to request access to and information about our data practices, and to request deletion or correction of your personal information, as well as the right not to be discriminated against for exercising your privacy rights. We do not "sell” or "share” personal information as those terms are defined under the CCPA. We do not use or disclose sensitive personal information except to provide you the Services or as otherwise permitted by the CCPA.
You may exercise your rights to access, delete, or correct your personal information as described in the "Your Rights” section of this notice. When you make a request, we will verify your identity by asking you to sign into your account or if necessary by requesting additional information from you. You may also make a rights request using an authorized agent. If you submit a rights request from an authorized agent who does not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you have any questions or concerns, you may reach us by emailing us at firstname.lastname@example.org.
Children under the age of 18 are not allowed to create an account or otherwise use our Services.
Changes to This Policy