Fedified

Privacy Policy

Throughout this document, "you" and "your" refers to the individual, company or legal entity that you represent. This Privacy Policy ("Privacy Policy", "Policy", or "the policy") outlines the personal information gathered by Distal Labs LLC ("Fedified", "Yirpi", "Distal Labs", "we", "us", "our", or "ours") and how we use that information in connection with content, data, and metadata that we make available through our software including, and without limitation, through Fedified's websites and application programming interfacies (collectively, "Services"). In this document you will also find information about the options you have to access, correct, or delete the personal information in our possession.

This document, together with our Acceptable Use Policy and, as applicable, our Developer Policy and API Terms of Service, constitute a binding "Contract" between you and us. Please read these documents carefully.

If you do not accept these terms or if you lack authority or capacity to be a party to this Contract, then you are not authorized to use our Services. By using our Services, you agree to be bound by the terms of this Contract.

Effective: May 12, 2023

Last updated: May 12, 2023

Our Promise

We at Distal Labs believe that privacy is a human right. As such, we promise to respect your privacy— and to go above and beyond any applicable law and/or regulation pertaining to the collection, storage, and handling of your private information. We do not (and will not) sell or rent your personal information to anyone. We will not share or otherwise disclose your private information— except as absolutely necessary to provide our services, or as required by law.

We consider personal information to be any data element that can be used to identify individuals that they have not made public via an affirmative disclosure (i.e. "opt-in process"). This includes information about you as a person (such as an email address) as well as information that, when combined with other data sources, can be used to infer personal information.

Some of our Services link to third-parties, such as Twitter and Mastodon. In the event that you follow such links, please be aware that those sites and services have their own privacy policies, and this Policy does not apply to any of your interactions with third-party services. After following a link to any third-party site, you should read their privacy policy to learn how they define, collect, and use personal information.

Some of our Services contain embedded content from third-parties, such as Airtable galleries and Cloudflare network security products. The former is necessary to visualize data, while the latter is used to protect against malicious web traffic. Our Privacy Policy does not apply to embedded content from any third-party. Although we have made significant strides toward reducing our reliance on embedded content, there's no way to reasonably obviate its use without compromising privacy and/or security in some other (untenable) way. We encourage you to read Airtable's Privacy and Security policies. While you're at it, please also read Cloudflare's Privacy Policy. For our part, we'll continue looking for IT vendors that are better-aligned with our values.

That's our promise to you.

The plain-language version of our privacy policy

Please refer to the full ("legal-speak") version for important context, nuances, and detail

What information do we collect?

We only collect the absolute minimum amount of information from visitors to this site.

  • For all visitors:
    • To triage feature and product development, we may intermittently gather anonymous usage statistics. For example, we may keep track of how many times a button is clicked in order to determine if it should be made more/less prominent, but we wouldn't collect any information about who clicked it, when they clicked it, or what else they clicked on.
    • We rely on third-party service providers to host our Services and to protect against malicious actors— these service providers collect data in connection with their services. We can't control what third-parties do with the data they collect, so we try to choose vendors that don't monetize user data. Even so, you should read their privacy policies (see "Our promise" above for relevant links).
    • Our network security provider collects industry-standard network, device, and connection attributes for all visitors, but they do not sell that data nor do they store it indefinitely.
  • For users that log-in using their social media account(s):
    • We do not store your login credentials on our servers- ever. The access credentials are revoked when you click "log out" or they are automatically removed by your browser as soon as you close the last tab or window.
    • If you choose to enable the 1-click follow feature, we may need to store a list of accounts that you have followed on our servers. This would allow us to show you whether you already follow an account, without overwhelming your Mastodon server with requests.
  • For users with a Fedified profile: if you choose to edit the topic tags associated with your profile, we will store your selections for as long as your profile remains active. All the other information on your profile is sourced directly from your public social media page(s).

How do we use the information?

  • To enable you to access and use the website;

  • Process and complete requests, and send you responses;

  • Comply with legal obligations;

  • Investigate and prevent unauthorized and/or illegal activity; and/or

  • Other purposes for which we obtain your consent

What information do we share?

  • We may share some of the information you share with us with instance administrators and third-party app developers that are building software that improves the onboarding and user experience on Mastodon, Calckey, and Pixelfed. Under no circumstances will we share your contact information, account credentials, or any other data that can be misused to engage in direct marketing or spam. The data that we are open to sharing with developers at this time is:

    • the topic tags you've chosen to display on your public Fedified profile
    • aggregate statistics that use topic tags as a dimension or input

  • We engage with companies who help us provide our services (“Service Providers”)— we share the bare minimum of information they require to render their services. We do not permit our Service Providers to sell any personal information we share with them or to use any personal information we share with them for any purpose other than in connection with the services they provide to us (or on our behalf);

  • Data that is necessary to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;

  • Data that is necessary to investigate, prevent or take action against illegal activities; and/or

  • Other data as you may otherwise consent from time to time

The lawyer-speak version

Includes important details that are not covered in the plain-language version

Information We Collect

Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.

“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.

“Automatically collected” information refers to any information automatically sent by your devices in the course of accessing our products and services.

Log Data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

Device Data

When you visit our website or interact with our services, we may automatically collect data about your device, such as:

  • Device Type
  • Operating System
  • Geo-location data

Data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

Personal Information

We may ask for personal information — for example, when you register a profile or when you contact us — which may include one or more of the following:

  • Name
  • Email
  • Social media username

User-Generated Content

We consider “user-generated content” to be materials (text, image and/or video content) voluntarily supplied to us by our users for the purpose of publication, processing, or usage on our platform. All user-generated content is associated with the account or email address used to submit the materials.

Please be aware that any content you submit for the purpose of publication will be public after posting (and subsequent review or vetting process). Once published, it may be accessible to third parties not covered under this privacy policy.

Transaction Data

Transaction data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

Collection and Use of Information

We may collect personal information from you when you do any of the following on our website:

  • Register for a profile or an account
  • Use a mobile device or web browser to access our content
  • Contact us via email, social media, or on any similar technologies
  • When you mention us on social media

We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:

  • to provide you with core features and services
  • to enable you to customize or personalize your experience on our website
  • to contact and communicate with you
  • to enable you to access and use our website, associated applications, and associated social media platforms
  • to comply with our legal obligations and resolve any disputes that we may have

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.

Although we will do our best to protect the private information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.

How Long We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

Children’s Privacy

We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about persons under age 18.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:

  • a parent, subsidiary, or affiliate of our company

  • third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, error loggers, debt collectors, maintenance or problem-solving providers, professional advisors, and payment systems operators

  • courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
  • third parties, including agents or sub-contractors, who assist us in providing services to you

Third parties we currently use include:

  • Data security, data storage, and data visualization
  • Network security and user authentication
  • Website security and reliability

International Transfers of Personal Information

The personal information we collect is stored and/or processed in the United States of America, Canada, Mexico, and Puerto Rico, or where we or our partners, affiliates, and third-party providers maintain facilities. Our content delivery network leverages a global collection of data centers. As such, we cannot guarantee data residency in any specific country or jurisdiction. If you require such guarantees, do not use our Services.

The countries in which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If you reside in a country or jurisdiction with laws that restrict data residency, then you are hereby not authorized to use our Services.

Your Rights and Controlling Your Personal Information

  • Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.

  • Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have obtained affirmative consent to provide the personal information to us.

  • Direct marketing permission: We do not engage in direct marketing, so we have not asked for your permission to use your personal information for direct marketing. In the highly unlikely event that we ever decide to engage in direct marketing, we will ask for your consent before proceeding.

  • Access: If your profile is active, you may request details of the personal information that you have shared with us. Please contact us for more information. If your profile is no longer active, then any personal information that you share with us has been deleted, and there is no commercially reasonable way for us to recover it.

  • Correction: If you believe that any personal information that you shared with us is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date. We cannot, however, commit to rectifying errors stemming from publicly available data because these data sources are beyond our control.

  • Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example processing transaction data), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.

  • Downloading of Personal Information: If your profile is active, we provide a means for you to obtain the personal information you have shared with us. Please contact us for more information. If your profile is no longer active, then any personal information that you share with us has been deleted, and there is no commercially reasonable way for us to recover it.

  • Notification of data breaches: In addition to complying with any applicable laws regarding breach disclosures, we commit to informing you as soon as reasonably possible in the event of a data breach that compromises any personal information that you have shared with us.

Use of Cookies

Our service providers may use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that is stored on your computer, and is accessed each time you visit. In our Services, cookies are only used to safeguard against malicious web traffic. We do not use cookies to track you across the internet. As the cookies we use are strictly necessary, users cannot opt-out of their use.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

Limits of Our Policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.

Additional Disclosures for Australian Privacy Act Compliance (AU)

International Transfers of Personal Information

Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)

Data Controller / Data Processor

The GDPR distinguishes between organisations that process personal information for their own purposes (known as “data controllers”) and organizations that process personal information on behalf of other organizations (known as “data processors”). We, Distal Labs LLC, are a Data Controller with respect to the personal information you provide to us.

Legal Bases for Processing Your Personal Information

We will only collect and use your personal information when we have a legal right to do so. In which case, we will collect and use your personal information lawfully, fairly, and in a transparent manner. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.

Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:

Consent From You

Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place. When you contact us, you may consent to your name and email address being used so we can respond to your enquiry. While you may request that we delete your contact details at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.

Our Legitimate Interests

Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.

Compliance with Law

In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. If you have any further enquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.

Additional Disclosures for California Compliance (US)

Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes.

We do not share your personal information to other organizations for their marketing purposes. As such, we offer no mechanism beyond those already stipulated to inquire about third-party access to your data.

Do Not Track

Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser “Do Not Track” signals because we do not set tracking cookies.

We adhere to the standards outlined in this privacy policy, ensuring we collect and process personal information lawfully, fairly, transparently, and with legitimate, legal reasons for doing so.

Cookies and Pixels

At all times, you may decline cookies from our site if your browser permits. Most browsers allow you to activate settings on your browser to refuse the setting of all or some cookies. Accordingly, your ability to limit cookies is based only on your browser’s capabilities. Please note, however, that some browsers also block access to temporary storage when the "Block all cookies" option is enabled- this will break core functionality on our Services. Please refer to the Cookies section of this privacy policy for more information.

We do not use tracking pixels.

California Notice of Collection

In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:

  • Identifiers, such as name, email address, account name, IP address, and an ID or number assigned to your account;

  • Internet activity, specifically the interactions you've had with our service;

For more information on information we collect, including the sources we receive information from, review the “Information We Collect” section. We collect and use these categories of personal information for the business purposes described in the “Collection and Use of Information” section, including to provide and manage our Service.

Right to Know and Delete

If you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

To exercise any of these rights, please contact us using the details provided in this privacy policy.

Shine the Light

If you are a California resident, in addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information as defined by California’s “Shine the Light” with third parties and affiliates for their own direct marketing purposes.

As previously noted, we do not share data with third-parties for direct marketing purposes. If you would like to receive a letter re-affirming that we do not share data with third-parties for direct marketing purposes, send us a request using the contact details provided in this privacy policy. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code.

Contact Us

This policy will change as our Services evolve, so please check back regularly for updates. For any questions regarding this document, you may contact us at privacy@fedified.com