feat: convert to an astro application (!9)

Reviewed-on: https://codeberg.org/nhcarrigan/docs/pulls/9
Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com>
Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>

src/content/docs/legal/dmca.md

@@ -0,0 +1,123 @@
+---
+title: DMCA and Intellectual Property Compliance Policy
+---
+
+**Effective 7 July 2024**
+
+## 1. General Principles
+
+- Respect for intellectual property rights is fundamental to our community's ethos and operations.
+- All community members, including users, contributors, and administrators, are expected to comply with applicable copyright laws, trademark regulations, and licensing terms.
+- This policy aims to protect the rights of content creators while fostering an environment of innovation and knowledge sharing.
+- Ignorance of the law or this policy is not considered a valid excuse for non-compliance.
+
+## 2. Sharing Copyrighted Material
+
+- Do not share copyrighted material without explicit permission from the copyright holder or a valid license.
+- When sharing is permitted, always include proper attribution and adhere to any specified terms of use.
+- Linking to legitimately published content is generally acceptable, but copying and pasting substantial portions is discouraged unless explicitly allowed by the copyright holder.
+- Be aware that even user-generated content on social media platforms may be copyrighted.
+- When in doubt about the copyright status of material, err on the side of caution and seek permission or clarification.
+
+## 3. Fair Use and Educational Purposes
+
+- Limited use of copyrighted material for commentary, criticism, news reporting, teaching, scholarship, or research may be permissible under fair use doctrines.
+- When relying on fair use, clearly indicate the source and purpose of the use.
+- Fair use is determined on a case-by-case basis, considering factors such as:
+  - The purpose and character of the use (commercial vs. non-profit educational)
+  - The nature of the copyrighted work
+  - The amount and substantiality of the portion used
+  - The effect of the use upon the potential market for the copyrighted work
+- Educational use does not automatically qualify as fair use; consider all factors carefully.
+
+## 4. Proper Attribution
+
+- When using or referencing others' work, always provide clear and comprehensive attribution.
+- Attribution should include:
+  - The name of the creator or author
+  - The title of the work
+  - The source (e.g., website URL, book title, journal name)
+  - The date of publication or creation (if available)
+  - Any applicable license terms
+- For digital content, consider using hyperlinks to the original source when possible.
+- Follow citation guidelines appropriate to your field or the context of use (e.g., APA, MLA, Chicago).
+
+## 5. Original Content Creation and Sharing
+
+- Community members are encouraged to create and share original content.
+- By sharing original content in our community spaces, you grant the community a non-exclusive, worldwide, royalty-free right to use, reproduce, modify, adapt, publish, translate, distribute, and display the content within the community.
+- You retain copyright of your original work unless explicitly stated otherwise.
+- Consider adding a clear copyright notice to your original works.
+- Be mindful of using third-party content (e.g., images, music) in your original creations, ensuring you have the right to incorporate such elements.
+
+## 6. Open Source and Creative Commons
+
+- We encourage the use of open source licenses and Creative Commons for shared content where appropriate.
+- When using open source or Creative Commons licensed material, adhere strictly to the terms of the license.
+- Familiarize yourself with different types of open source and Creative Commons licenses and their requirements (e.g., attribution, share-alike, non-commercial use).
+- Provide clear license information when sharing your own content under open source or Creative Commons terms.
+
+## 7. Code Snippets and Examples
+
+- Short code snippets shared for educational or troubleshooting purposes are generally acceptable under fair use.
+- For larger code samples, include license information and attribution if taken from other sources.
+- When sharing your own code, consider using an appropriate open source license.
+- Be aware that copying entire programs or substantial portions of code may infringe copyright, even if source attribution is provided.
+
+## 8. Plagiarism
+
+- Presenting others' work as your own is strictly prohibited and considered a serious offense.
+- This includes code, text, images, ideas, and any other form of content.
+- Plagiarism can have serious consequences, including loss of community privileges, academic penalties, or legal action.
+- Always cite your sources and use quotation marks for direct quotes.
+
+## 9. Trademark Usage
+
+- Respect trademark rights when referencing products, services, or organizations.
+- Use trademark symbols (™, ®) appropriately when referring to trademarked names.
+- Avoid using trademarks in a way that suggests endorsement or affiliation without permission.
+
+## 10. Digital Millennium Copyright Act (DMCA) Compliance
+
+- We comply with the DMCA and maintain a policy for addressing claims of copyright infringement.
+- If you believe your copyrighted work has been improperly used within our community, submit a DMCA takedown notice to DMCA@nhcarrigan.com.
+- DMCA takedown notices must include:
+  - Identification of the copyrighted work claimed to have been infringed
+  - Identification of the allegedly infringing material
+  - Contact information for the complainant
+  - A statement of good faith belief that the use is not authorized
+  - A statement, under penalty of perjury, that the information in the notice is accurate and that the complainant is authorized to act on behalf of the copyright owner
+- We will promptly investigate all legitimate DMCA takedown notices and take appropriate action, which may include content removal or account suspension.
+
+## 11. Counter-Notifications
+
+- If you believe your content was wrongly removed due to a DMCA takedown notice, you may submit a counter-notification.
+- Counter-notifications must include:
+  - Identification of the removed material and its location before removal
+  - A statement under penalty of perjury that you have a good faith belief the material was removed by mistake or misidentification
+  - Your name, address, and telephone number
+  - A statement that you consent to the jurisdiction of the federal district court for the judicial district in which you reside
+
+## 12. Repeat Infringer Policy
+
+- We maintain a repeat infringer policy to ensure ongoing DMCA compliance.
+- Users who repeatedly infringe copyrights may have their accounts terminated.
+- We keep records of DMCA notices and counter-notifications to identify repeat infringers.
+
+## 13. Education and Awareness
+
+- We are committed to educating our community about intellectual property rights and responsibilities.
+- Regular updates and resources on copyright law and best practices will be provided.
+- Members are encouraged to seek clarification on any aspect of this policy they find unclear.
+
+## 14. Policy Updates
+
+- This policy may be updated periodically to reflect changes in law, technology, or community needs.
+- Continued use of our community platforms constitutes acceptance of the current policy.
+
+## 15. Disclaimer
+
+- This policy is not exhaustive and does not constitute legal advice.
+- Users are encouraged to seek independent legal counsel for specific intellectual property matters.
+
+By participating in our community, you agree to abide by this DMCA and Intellectual Property Compliance Policy. Failure to comply may result in content removal, account suspension, or other appropriate actions as determined by community administrators.

src/content/docs/legal/privacy.md

@@ -0,0 +1,292 @@
+---
+title: Privacy Policy
+---
+
+**Effective 7 July 2024**
+
+## 1. Overview and Scope
+
+### 1.1. General Applicability
+
+This privacy policy ("General Policy") governs the collection, use, storage, and protection of data across all our services, platforms, and applications (collectively referred to as "Services").
+
+### 1.2. Project-Specific Policies
+
+Individual projects or Services may be subject to additional, project-specific privacy policies ("Project Policies"). These Project Policies apply concurrently with the General Policy. In the event of any conflict between the General Policy and a Project Policy, the stricter privacy protections shall prevail.
+
+### 1.3. Policy Updates and Retroactivity
+
+We reserve the right to modify, amend, or update this General Policy and any Project Policies at any time. All changes to these policies, including the General Policy and any Project Policies, are retroactive and apply to previously collected data as well as data collected after the changes take effect.
+
+### 1.4. Notification of Changes
+
+We will make reasonable efforts to notify users of significant changes to our privacy policies. However, it is the user's responsibility to regularly review the applicable privacy policies for any updates.
+
+### 1.5. Acceptance of Terms
+
+By accessing, using, or continuing to use our Services, you explicitly acknowledge and agree to be bound by the most current version of the General Policy and any applicable Project Policies. If you do not agree with the terms of these policies, you must immediately cease using our Services.
+
+### 1.6. Effective Date
+
+The effective date of the current version of this policy will be clearly stated at the beginning of the document. Each revision will be numbered or dated for easy reference.
+
+## 2. Error Logging and Transparency
+
+### 2.1. Public Error Logging
+
+In alignment with our commitment to open source principles, we maintain a policy of transparency regarding application errors and issues. All errors encountered in our Services are logged publicly in our Discord community.
+
+### 2.2. Content of Error Logs
+
+Error logs may include, but are not limited to:
+
+- Timestamp of the error
+- Error type and description
+- Relevant application or service name
+- Non-personally identifiable technical details necessary for troubleshooting
+- General user actions that led to the error (without specific user identification)
+
+### 2.3. Potentially Included Information
+
+While we strive to minimize inclusion of personal or sensitive information, error logs may sometimes contain:
+
+- User IDs or usernames (in hashed or partially redacted form)
+- IP addresses (in hashed or partially redacted form)
+- Device information
+- Other technical data relevant to the error
+
+### 2.4. Access to Error Logs
+
+We strongly recommend that all users join our Discord community prior to using our applications. This allows you to:
+
+- Review the types of information being logged
+- Understand the frequency and nature of errors
+- Participate in discussions about bugs and improvements
+
+### 2.5. Discord Community Access
+
+To join our Discord community and access the error logs, please use the following link: https://chat.nhcarrigan.com
+
+### 2.6. Opt-Out and Data Removal
+
+If you have concerns about information appearing in error logs:
+
+- You may opt-out of using our Services
+- You can contact us to request removal of specific log entries, subject to our data retention policies
+
+### 2.7. Continuous Improvement
+
+Public error logging helps us maintain transparency, quickly identify and resolve issues, and continually improve our Services. We appreciate our users' understanding and participation in this process.
+
+## 3. Data Collection, Documentation, and User Rights
+
+### 3.1. Data Collection Practices
+
+We strive to collect only the data necessary for the proper functioning and improvement of our Services. However, the scope of data collection may change as our Services evolve.
+
+### 3.2. Documentation Efforts
+
+We make every effort to maintain accurate and up-to-date documentation regarding our data collection practices. This includes:
+
+- Regular reviews of our data collection processes
+- Timely updates to our privacy policy and related documentation
+- Clear communication about significant changes in data collection
+
+### 3.3. Potential Undocumented Data Collection
+
+Despite our best efforts, it is possible that at any given time, an application or Service may collect data that is not explicitly documented. This may occur due to:
+
+- Recent updates or changes to our Services
+- Technical issues or bugs
+- Third-party integrations or dependencies
+
+### 3.4. General Data Rights
+
+Regardless of whether specific data collection is documented, users have the following rights:
+
+#### 3.4.1. Right to Access:
+
+At any time, you may request a complete copy of your data stored by one of our applications. Requests must be done via our [support server](https://chat.nhcarrigan.com) from the Discord account the data belongs to. This ensures that a user cannot impersonate you and request your data. We may request additional identifying information, depending on the structure of the data collected by the application.
+
+#### 3.4.2. Right to Rectification:
+
+You may request corrections to any inaccurate data we hold about you.
+
+#### 3.4.3. Right to Erasure:
+
+At any time, you may request complete removal of your stored data. Requests must be done via our [support server](https://chat.nhcarrigan.com) from the Discord account the data belongs to. This ensures that a user cannot impersonate you and request your data. We may request additional identifying information, depending on the structure of the data collected by the application.
+
+This will **not** opt you out of future data collection unless specifically requested. We reserve the right to refuse removal requests when the data are necessary for specific functionality of the app, in circumstances where removing your data would compromise the functionality for all users.
+
+#### 3.4.4. Right to Restrict Processing:
+
+At any time, you may request to opt out of data collection for an application by requesting removal of your data and discontinuing interaction with the application. We may request additional identifying information, depending on the structure of the data collected by the application.
+
+We reserve the right to refuse opt-out requests when the data are necessary for specific functionality of the app, in circumstances where opting-out would compromise the functionality for all users.
+
+#### 3.4.5. Right to Data Portability:
+
+You may request a copy of your data in a structured, commonly used, and machine-readable format.
+
+### 3.5. Exercising Your Rights
+
+To exercise any of these rights or to inquire about data we may hold:
+
+- Contact us through our discord server: https://chat.nhcarrigan.com
+- Be prepared to verify your identity to protect the security of your information
+
+### 3.6. Opting Out of Data Collection
+
+- You may cease using our Services
+- For specific types of data collection, we may offer granular opt-out options
+- Note that opting out of essential data collection may limit or prevent your use of certain Services
+
+### 3.7. Response Time and Process
+
+We will make reasonable efforts to respond to all data-related requests within 30 days. Complex requests may require additional time, in which case we will notify you.
+
+### 3.8. Limitations
+
+While we strive to honor all legitimate requests, be aware that legal requirements may sometimes prevent us from fully complying with certain requests.
+
+### 3.9. Ongoing Commitment
+
+We are committed to transparency and user privacy. We continuously work to improve our data practices and documentation to ensure the highest standards of data protection and user trust.
+
+## 4. Data Retention
+
+### 4.1. Retention Principle
+
+We adhere to the principle of data minimization, storing personal data for the shortest time necessary to fulfill the purposes for which it was collected and to ensure the proper functioning of our applications.
+
+### 4.2. Retention Periods
+
+Specific retention periods may vary depending on the type of data and the purpose for which it is processed. Generally:
+
+- Active user data is retained for the duration of the user's account activity
+- Inactive user data may be retained for a period after the last user interaction, typically not exceeding 12 months
+- Aggregated and anonymized data may be retained indefinitely for analytical purposes
+
+### 4.3. Automatic Deletion
+
+Where technically feasible, we implement automated processes to delete or anonymize personal data that has exceeded its retention period.
+
+### 4.4. Legal and Regulatory Compliance
+
+Certain data may be retained for longer periods if required by applicable laws, regulations, or to comply with legal obligations.
+
+### 4.5. Backup Retention
+
+For data recovery purposes, backups may contain personal data for a period beyond the active retention period. These backups are secured and accessed only when necessary for system restoration.
+
+### 4.6. User-Initiated Deletion
+
+Users may request the deletion of their data at any time, subject to our legitimate business needs and legal obligations.
+
+## 5. Availability of Data
+
+### 5.1. Access Control
+
+Access to user data is strictly controlled and limited to authorized members of the nhcarrigan team on a need-to-know basis.
+
+### 5.2. Purpose Limitation
+
+Data access by the nhcarrigan team is permitted only for the following purposes:
+
+- Debugging application issues
+- Improving application functionality and user experience
+- Contributing to the development and maintenance of the application
+- Responding to user support requests
+- Ensuring compliance with legal and regulatory requirements
+
+### 5.3. Data Security Measures
+
+We implement robust security measures to protect data from unauthorized access, including but not limited to:
+
+- Encryption of data in transit and at rest
+- Multi-factor authentication for developer accounts
+- Regular security audits and vulnerability assessments
+- Logging of data access and modifications
+
+### 5.4. Developer Training and Accountability
+
+All team members with data access are:
+
+- Required to undergo privacy and security training
+- Bound by confidentiality agreements
+- Subject to disciplinary action for unauthorized data access or misuse
+
+### 5.5. Third-Party Access
+
+We do not sell user data. In cases where third-party service providers require access to perform specific functions:
+
+- Access is limited to the minimum necessary data
+- Providers are bound by strict contractual obligations to protect user data
+- We regularly review and audit third-party practices
+
+### 5.6. Transparency
+
+We maintain logs of data access by our team and can provide this information upon justified request, subject to privacy and security considerations.
+
+### 5.7. User Data Requests
+
+Users may request information about how their data has been accessed or used by contacting our designated data protection contact.
+
+### 5.8. Continuous Improvement
+
+We regularly review and update our data handling practices to ensure the highest standards of data protection and to minimize unnecessary access to personal information.
+
+## 6. Contact Information and Data Inquiries
+
+We value transparency and are committed to addressing any questions or concerns you may have regarding our privacy practices. There are several ways to reach us:
+
+### 6.1. Discord Support Server
+
+For immediate assistance and community support, join our Discord server: https://chat.nhcarrigan.com
+
+### 6.2. Email Contact
+
+For privacy-specific inquiries or formal requests, please email: `privacy@nhcarrigan.com`
+
+### 6.3. Response Time
+
+We strive to respond to all inquiries within 5 business days. Complex issues may require additional time.
+
+### 6.4. Types of Inquiries
+
+We welcome contact regarding:
+
+- Questions about this privacy policy
+- Inquiries about our data collection and use practices
+- Requests to exercise your data rights (access, rectification, erasure, etc.)
+- Reporting of potential data breaches or security concerns
+- Suggestions for improving our privacy practices
+
+### 6.5. Information to Include
+
+To help us address your inquiry efficiently, please include:
+
+- Your full name
+- The email address associated with your account (if applicable)
+- A detailed description of your question or concern
+- Any relevant dates, times, or specific instances related to your inquiry
+
+### 6.6. Verification Process
+
+For security reasons, we may need to verify your identity before processing certain requests, especially those related to personal data.
+
+### 6.7. Alternative Contact Methods
+
+If you are unable to use Discord or email, please visit our website for additional contact options: https://nhcarrigan.com
+
+### 6.8. Updates and Notifications
+
+If you wish to receive updates about changes to our privacy policy or data practices, please join our Discord server: https://chat.nhcarrigan.com
+
+### 6.9. Legal Inquiries
+
+For legal or formal inquiries, please use the email provided above and clearly mark your message as a legal inquiry.
+
+### 6.10. Accessibility
+
+If you require this information in an alternative format for accessibility reasons, please let us know, and we will do our best to accommodate your needs.

src/content/docs/legal/security.md

@@ -0,0 +1,119 @@
+---
+title: Security Policy
+---
+
+**Effective 7 July 2024**
+
+## 1. Introduction
+
+This Security Policy outlines the procedures for reporting security vulnerabilities in our applications and the terms under which we handle such reports. By participating in our security reporting process, you agree to comply with this policy.
+
+## 2. Scope
+
+This policy applies to all applications, services, and systems maintained by our organization, including but not limited to:
+
+- Our main websites and applications
+- All open-source projects hosted on our repositories
+- Any associated APIs or backend services
+
+## 3. Reporting a Vulnerability
+
+### 3.1 Reporting Channels
+
+If you discover a security vulnerability within any of our applications or systems, please report it through one of the following secure channels:
+
+1. Create a private ticket on our [support server](https://chat.nhcarrigan.com)
+2. Send an email to `security@nhcarrigan.com`
+
+### 3.2 Public Disclosure Prohibition
+
+Do NOT disclose the vulnerability publicly or through any public channels, including but not limited to:
+
+- Public GitHub issues
+- Social media platforms
+- Public forums or chat rooms
+- Blog posts or articles
+
+### 3.3 Required Information
+
+When reporting a vulnerability, please provide:
+
+- A detailed description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact of the vulnerability
+- Any suggested mitigation or fix (if known)
+
+## 4. Response Process
+
+### 4.1 Acknowledgment
+
+We will acknowledge receipt of your vulnerability report within 3 business days.
+
+### 4.2 Assessment and Verification
+
+Our security team will assess the reported vulnerability and may contact you for additional information if needed.
+
+### 4.3 Resolution Timeline
+
+We strive to resolve confirmed vulnerabilities within 90 days of the initial report, depending on the complexity and severity of the issue.
+
+## 5. Disclosure Policy
+
+### 5.1 Coordinated Disclosure
+
+We practice coordinated disclosure. We will work with you to ensure that a fix is available before any public disclosure of the vulnerability.
+
+### 5.2 Public Acknowledgment
+
+With your permission, we may publicly acknowledge your contribution in discovering and reporting the vulnerability after it has been resolved.
+
+## 6. Legal Safe Harbor
+
+### 6.1 Authorization
+
+We authorize security research and vulnerability disclosure activities, provided they are conducted in accordance with this policy and all applicable laws.
+
+### 6.2 Scope of Protection
+
+We will not initiate legal action for accidental, good faith violations of this policy. This safe harbor applies only to activities that:
+
+- Comply with all aspects of this Security Policy
+- Do not compromise or attempt to compromise the privacy or safety of our users, employees, or systems
+- Do not violate any applicable laws
+
+### 6.3 Limitations
+
+This safe harbor does not apply to:
+
+- Vulnerabilities or information obtained through means other than security research
+- Research conducted on third-party applications or services that integrate with our systems
+
+## 7. Bug Bounty Program
+
+We do not currently offer monetary rewards or "bug bounties" for reporting security vulnerabilities. Your contributions to our security are greatly appreciated, but are on a voluntary basis.
+
+We will gladly thank you in our [Hall of Fame](/community/hall-of-fame)
+
+## 8. Data Protection and Privacy
+
+### 8.1 Handling of Submitted Information
+
+Any information you provide in your vulnerability report will be handled in accordance with our Privacy Policy and applicable data protection laws.
+
+### 8.2 Confidentiality
+
+We will treat all vulnerability reports as confidential and will not share the information beyond what is necessary to address the reported issue.
+
+## 9. Compliance with Laws and Regulations
+
+All security research and vulnerability disclosure activities must comply with all applicable local, state, and federal laws, as well as any relevant international laws.
+
+## 10. Policy Updates
+
+We reserve the right to update or modify this Security Policy at any time. Any changes will be effective immediately upon posting the updated policy on our website or repository.
+
+## 11. Contact Information
+
+For any questions regarding this Security Policy, please contact us at `security@nhcarrigan.com`.
+
+By reporting a security vulnerability to us, you acknowledge that you have read, understood, and agree to this Security Policy.