nhcarrigan/docs
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 2 Pull Requests 6 Actions Releases 1 Activity

feat: overhaul some documentation #10

Merged
naomi merged 10 commits from feat/rewrite into main 2025-09-15 23:16:01 -07:00
Conversation 0 Commits 10 Files Changed 32
+6548 -3075
10 changed files with 6548 additions and 3075 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 1ba9243713 - Show all commits
src/content/docs/community/appeal.md
+178 -22
View File
@@ -1,38 +1,194 @@
---
title: Appealing a Sanction
title: Community Disciplinary Appeals Policy
---
Our moderators exercise careful discretion when implementing disciplinary measures (including but not limited to temporary suspensions, permanent bans, or other access restrictions). However, we acknowledge that misunderstandings or errors may occasionally occur.
# COMMUNITY DISCIPLINARY APPEALS POLICY
If you believe you have been unjustly restricted from participating in our community, you may initiate our formal appeal process as outlined below.
## 1. Preamble and Purpose
:::caution[Warning!]
Submitting multiple appeals for the same sanction will result in our appeals team automatically denying your request.
### 1.1 Introduction
This Community Disciplinary Appeals Policy (hereinafter referred to as "the Policy") establishes the formal procedures and requirements for appealing disciplinary sanctions imposed by our moderation team. Whilst our Community Leaders exercise careful discretion and professional judgement when implementing disciplinary measures, we acknowledge that human error or misunderstandings may occasionally occur within any moderation system.
### 1.2 Purpose and Scope
This Policy serves to:
- Provide a fair and transparent mechanism for reviewing disciplinary decisions
- Ensure adherence to principles of natural justice and procedural fairness
- Maintain the integrity of our community standards whilst protecting individual rights
- Establish clear procedures for both appellants and review panels
### 1.3 Right of Appeal
Every community member who receives a disciplinary sanction has the fundamental right to appeal such decision through the procedures outlined herein, subject to the conditions and limitations specified in this Policy.
## 2. Definitions and Interpretation
### 2.1 Key Definitions
For the purposes of this Policy:
- **"Appellant"** means any individual seeking to appeal a disciplinary sanction
- **"Disciplinary Sanction"** means any punitive measure imposed, including but not limited to warnings, temporary suspensions, permanent bans, or access restrictions
- **"Appeals Panel"** means the designated authority responsible for reviewing appeals
- **"Original Decision"** means the initial disciplinary action being appealed
- **"Community Leaders"** means moderators, administrators, and other authorised personnel
### 2.2 Interpretation
This Policy shall be interpreted in accordance with principles of fairness, natural justice, and the overarching objectives of maintaining community safety and standards.
## 3. Grounds for Appeal
### 3.1 Acceptable Grounds
Appeals may be submitted on the following grounds:
1. **Procedural Irregularity**: The disciplinary process was not followed correctly
2. **Disproportionate Sanction**: The penalty imposed was excessive relative to the violation
3. **Factual Error**: Material facts were incorrectly assessed or considered
4. **New Evidence**: Relevant evidence has become available that was not considered in the original decision
5. **Misinterpretation of Policy**: The community guidelines or terms of service were incorrectly applied
### 3.2 Inadmissible Appeals
Appeals will not be considered on the following grounds:
1. General disagreement with community policies or guidelines
2. Claims that rules are unfair or unreasonable
3. Arguments that other members engaged in similar conduct without sanction
4. Emotional distress or inconvenience caused by the sanction
## 4. Pre-Appeal Requirements
### 4.1 Mandatory Preparation
Prior to submitting an appeal, appellants must complete the following preparatory steps:
1. **Policy Review**: Conduct a thorough review and demonstrate understanding of:
- Community Guidelines and Code of Conduct
- Terms of Service
- This Appeals Policy
2. **Sanction Verification**: Access and review the specific details of the imposed sanction via our [sanctions database](https://hikari.nhcarrigan.com/sanctions)
3. **Self-Assessment**: Complete a comprehensive self-assessment of the circumstances leading to the sanction
### 4.2 Required Documentation
Appeals must include the following information:
1. **Identity Verification**: Full account details and contact information
2. **Sanction Details**: Complete description of the disciplinary action being appealed
3. **Grounds Statement**: Clear identification of the specific grounds for appeal as outlined in Section 3.1
4. **Evidence Portfolio**: All relevant documentation, screenshots, or other evidence supporting the appeal
5. **Commitment Declaration**: Written commitment to adhere to all community standards and policies
6. **Contribution Statement**: Detailed explanation of intended positive contributions to the community upon reinstatement
## 5. Appeal Submission Procedures
### 5.1 Formal Submission Process
Appeals must be submitted through our official appeals portal: [Community Appeals Form](https://forms.nhcarrigan.com/form/l3PC15yalSWjdZASTQvGo22q_uj_7OtXAhZdcW35ev8)
### 5.2 Submission Requirements
All appeals must:
- Be submitted within thirty (30) days of the original sanction
- Include all required documentation as specified in Section 4.2
- Be written in clear, professional language
- Demonstrate good faith engagement with the appeals process
### 5.3 Multiple Appeal Prohibition
:::caution[Critical Warning]
Submitting multiple appeals for the same disciplinary sanction will result in automatic dismissal of all subsequent appeals and may constitute abuse of process, potentially leading to additional sanctions.
:::
## 1. Preparing Your Appeal
## 6. Review Process and Procedures
Prior to submitting an appeal, please ensure you have the following information ready:
### 6.1 Initial Review
1. Confirmation that you have thoroughly reviewed and understood our Community Guidelines and Terms of Service.
2. An explicit statement of your commitment to adhere to all applicable rules and policies.
3. Your understanding of the specific sanction levied against you and the alleged violation(s) cited.
4. A clear and concise explanation of why you believe the moderation decision was erroneous or disproportionate.
5. A statement detailing your motivations for seeking reinstatement and the potential positive contributions you intend to make to our community.
Upon receipt, all appeals undergo an initial administrative review to ensure:
- Compliance with submission requirements
- Timeliness of submission
- Completeness of documentation
- Identification of appropriate grounds for appeal
Please note that incomplete or inadequately prepared appeals may be summarily dismissed. You can [find your sanction](https://hikari.nhcarrigan.com/sanctions) to review.
### 6.2 Substantive Review
## 2. Appeal Submission Process
Appeals meeting initial requirements proceed to substantive review, wherein the Appeals Panel shall:
1. Examine all evidence and documentation
2. Review the original decision and its rationale
3. Consider the appellant's submissions and arguments
4. Assess whether the appeal has merit under the established grounds
To submit your appeal, please complete the form available at the following link:
### 6.3 Review Timeline
[Submit a Sanction Appeal](https://forms.nhcarrigan.com/form/l3PC15yalSWjdZASTQvGo22q_uj_7OtXAhZdcW35ev8)
The Appeals Panel endeavours to complete reviews within fourteen (14) business days of receipt, though complex cases may require additional time.
## 3. Important Disclaimers
## 7. Possible Outcomes and Decisions
- Submission of an appeal does not guarantee its approval.
- The decision of the appeals review panel is final and binding.
- We reserve the right to deny or revoke access to our services at any time, for any reason, at our sole discretion.
- Repeated violations or abuse of the appeals process may result in permanent ineligibility for reinstatement.
### 7.1 Appeal Outcomes
By submitting an appeal, you acknowledge that you have read, understood, and agree to abide by the terms outlined in this document.
Following review, the Appeals Panel may:
1. **Uphold the Appeal**: Overturn the original sanction entirely
2. **Partially Uphold the Appeal**: Reduce the severity of the original sanction
3. **Dismiss the Appeal**: Confirm the original sanction remains in full effect
4. **Remit for Reconsideration**: Return the matter for fresh consideration with specific directions
### 7.2 Decision Communication
All appeal decisions shall be communicated in writing to the appellant, including:
- The outcome of the appeal
- Detailed reasoning for the decision
- Any conditions or requirements for reinstatement
- Information regarding the finality of the decision
## 8. Finality and Limitations
### 8.1 Decision Finality
Decisions of the Appeals Panel are final and binding. No further appeals or reviews are available through our internal processes.
### 8.2 Discretionary Rights Reserved
Notwithstanding this appeals process, we reserve the absolute right to:
- Deny or revoke access to our services at any time
- Modify community standards and policies
- Take additional action based on new information or circumstances
- Refuse service to any individual at our sole discretion
### 8.3 Abuse of Process
Repeated abuse of the appeals process, including but not limited to:
- Submitting frivolous or vexatious appeals
- Providing false or misleading information
- Harassment of Appeals Panel members
- Multiple appeals for the same sanction
May result in permanent ineligibility for future appeals and additional disciplinary sanctions.
## 9. Compliance and Acknowledgement
### 9.1 Terms Acceptance
By submitting an appeal through this process, appellants explicitly acknowledge that they have:
- Read and understood this Appeals Policy in its entirety
- Reviewed and understand all applicable community standards and policies
- Agreed to accept the decision of the Appeals Panel as final and binding
- Committed to full compliance with all community standards upon any reinstatement
### 9.2 Legal Disclaimer
This appeals process is provided as an internal community service and does not create any legal rights or obligations beyond those established in our Terms of Service. The availability of this process does not limit our right to take any action deemed necessary for community safety and integrity.
## 10. Policy Updates and Amendments
### 10.1 Amendment Rights
This Policy may be updated, modified, or amended at any time without prior notice. Appellants are responsible for ensuring familiarity with the current version of this Policy.
### 10.2 Effective Date
This Policy is effective immediately upon publication and applies to all appeals submitted after its implementation.
---
*This Community Disciplinary Appeals Policy was last updated on 15 September 2025 and supersedes all previous versions.*
src/content/docs/community/coc.md
+614 -451
View File
File diff suppressed because it is too large Load Diff
src/content/docs/community/guide.md
+1136 -424
View File
File diff suppressed because it is too large Load Diff
src/content/docs/legal/dmca.md
+685 -87
View File
@@ -2,120 +2,718 @@
title: DMCA and Intellectual Property Compliance Policy
---
## 1. General Principles
# DIGITAL MILLENNIUM COPYRIGHT ACT AND INTELLECTUAL PROPERTY COMPLIANCE POLICY
- Respect for intellectual property rights is fundamental to our community's ethos and operations.
- All community members, including users, contributors, and administrators, are expected to comply with applicable copyright laws, trademark regulations, and licensing terms.
- This policy aims to protect the rights of content creators while fostering an environment of innovation and knowledge sharing.
- Ignorance of the law or this policy is not considered a valid excuse for non-compliance.
**PROTECTING CREATIVE RIGHTS WHILST FOSTERING INNOVATION**
## 2. Sharing Copyrighted Material
## 1. POLICY OVERVIEW AND PRINCIPLES
- Do not share copyrighted material without explicit permission from the copyright holder or a valid license.
- When sharing is permitted, always include proper attribution and adhere to any specified terms of use.
- Linking to legitimately published content is generally acceptable, but copying and pasting substantial portions is discouraged unless explicitly allowed by the copyright holder.
- Be aware that even user-generated content on social media platforms may be copyrighted.
- When in doubt about the copyright status of material, err on the side of caution and seek permission or clarification.
### 1.1 Fundamental Principles
## 3. Fair Use and Educational Purposes
This Digital Millennium Copyright Act and Intellectual Property Compliance Policy ("Policy") is founded upon the following core principles:
- Limited use of copyrighted material for commentary, criticism, news reporting, teaching, scholarship, or research may be permissible under fair use doctrines.
- When relying on fair use, clearly indicate the source and purpose of the use.
- Fair use is determined on a case-by-case basis, considering factors such as:
- The purpose and character of the use (commercial vs. non-profit educational)
- The nature of the copyrighted work
- The amount and substantiality of the portion used
- The effect of the use upon the potential market for the copyrighted work
- Educational use does not automatically qualify as fair use; consider all factors carefully.
**(a)** Respect for intellectual property rights is essential to our community's values and operations;
## 4. Proper Attribution
**(b)** All community members, including users, contributors, administrators, and staff, must comply with applicable copyright laws, trademark regulations, and licensing requirements;
- When using or referencing others' work, always provide clear and comprehensive attribution.
- Attribution should include:
- The name of the creator or author
- The title of the work
- The source (e.g., website URL, book title, journal name)
- The date of publication or creation (if available)
- Any applicable license terms
- For digital content, consider using hyperlinks to the original source when possible.
- Follow citation guidelines appropriate to your field or the context of use (e.g., APA, Chicago).
**(c)** We are committed to fostering an environment that encourages innovation and knowledge sharing whilst protecting creators' rights;
## 5. Original Content Creation and Sharing
**(d)** Ignorance of applicable law or this Policy does not constitute a valid defence for non-compliance.
- Community members are encouraged to create and share original content.
- By sharing original content in our community spaces, you grant the community a non-exclusive, worldwide, royalty-free right to use, reproduce, modify, adapt, publish, translate, distribute, and display the content within the community.
- You retain copyright of your original work unless explicitly stated otherwise.
- Consider adding a clear copyright notice to your original works.
- Be mindful of using third-party content (e.g., images, music) in your original creations, ensuring you have the right to incorporate such elements.
### 1.2 Scope of Application
## 6. Open Source and Creative Commons
This Policy applies to:
- We encourage the use of open source licenses and Creative Commons for shared content where appropriate.
- When using open source or Creative Commons licensed material, adhere strictly to the terms of the license.
- Familiarize yourself with different types of open source and Creative Commons licenses and their requirements (e.g., attribution, share-alike, non-commercial use).
- Provide clear license information when sharing your own content under open source or Creative Commons terms.
**(a)** All users of our Services, platforms, and applications;
## 7. Code Snippets and Examples
**(b)** All content uploaded, shared, or transmitted through our Services;
- Short code snippets shared for educational or troubleshooting purposes are generally acceptable under fair use.
- For larger code samples, include license information and attribution if taken from other sources.
- When sharing your own code, consider using an appropriate open source license.
- Be aware that copying entire programs or substantial portions of code may infringe copyright, even if source attribution is provided.
**(c)** All community interactions, including forums, chat platforms, and collaborative spaces;
## 8. Plagiarism
**(d)** All third-party integrations and linked content.
- Presenting others' work as your own is strictly prohibited and considered a serious offence.
- This includes code, text, images, ideas, and any other form of content.
- Plagiarism can have serious consequences, including loss of community privileges, academic penalties, or legal action.
- Always cite your sources and use quotation marks for direct quotes.
### 1.3 Legal Framework
## 9. Trademark Usage
This Policy is designed to comply with:
- Respect trademark rights when referencing products, services, or organizations.
- Use trademark symbols (ā„¢, Ā®) appropriately when referring to trademarked names.
- Avoid using trademarks in a way that suggests endorsement or affiliation without permission.
**(a)** The Digital Millennium Copyright Act (DMCA) of the United States;
## 10. Digital Millennium Copyright Act (DMCA) Compliance
**(b)** International copyright treaties and conventions;
- We comply with the DMCA and maintain a policy for addressing claims of copyright infringement.
- If you believe your copyrighted work has been improperly used within our community, submit a DMCA takedown notice to DMCA@nhcarrigan.com.
- DMCA takedown notices must include:
- Identification of the copyrighted work claimed to have been infringed
- Identification of the allegedly infringing material
- Contact information for the complainant
- A statement of good faith belief that the use is not authorized
- A statement, under penalty of perjury, that the information in the notice is accurate and that the complainant is authorized to act on behalf of the copyright owner
- We will promptly investigate all legitimate DMCA takedown notices and take appropriate action, which may include content removal or account suspension.
**(c)** Applicable national and regional intellectual property laws;
## 11. Counter-Notifications
**(d)** Platform-specific terms of service and licensing requirements.
- If you believe your content was wrongly removed due to a DMCA takedown notice, you may submit a counter-notification.
- Counter-notifications must include:
- Identification of the removed material and its location before removal
- A statement under penalty of perjury that you have a good faith belief the material was removed by mistake or misidentification
- Your name, address, and telephone number
- A statement that you consent to the jurisdiction of the federal district court for the judicial district in which you reside
## 2. COPYRIGHT PROTECTION AND COMPLIANCE
## 12. Repeat Infringer Policy
### 2.1 Prohibition on Unauthorised Sharing
- We maintain a repeat infringer policy to ensure ongoing DMCA compliance.
- Users who repeatedly infringe copyrights may have their accounts terminated.
- We keep records of DMCA notices and counter-notifications to identify repeat infringers.
You must not share copyrighted material through our Services unless you have:
## 13. Education and Awareness
**(a)** Explicit written permission from the copyright holder;
- We are committed to educating our community about intellectual property rights and responsibilities.
- Regular updates and resources on copyright law and best practices will be provided.
- Members are encouraged to seek clarification on any aspect of this policy they find unclear.
**(b)** A valid licence that permits such sharing;
## 14. Policy Updates
**(c)** Legal basis for the sharing under applicable copyright exceptions or limitations.
- This policy may be updated periodically to reflect changes in law, technology, or community needs.
- Continued use of our community platforms constitutes acceptance of the current policy.
### 2.2 Proper Attribution Requirements
## 15. Disclaimer
When sharing material is permitted, you must:
- This policy is not exhaustive and does not constitute legal advice.
- Users are encouraged to seek independent legal counsel for specific intellectual property matters.
**(a)** Provide complete and accurate attribution to the original creator;
By participating in our community, you agree to abide by this DMCA and Intellectual Property Compliance Policy. Failure to comply may result in content removal, account suspension, or other appropriate actions as determined by community administrators.
**(b)** Include all required copyright notices and licensing information;
**(c)** Comply with any specific attribution requirements set forth in applicable licences;
**(d)** Clearly indicate any modifications made to the original material.
### 2.3 Linking vs. Copying
**(a)** **Permitted Practice:** Linking to legitimately published content is generally acceptable and encouraged;
**(b)** **Restricted Practice:** Copying and redistributing substantial portions of copyrighted material is prohibited unless explicitly permitted;
**(c)** **User-Generated Content:** Be aware that content posted on social media platforms and similar services may be subject to copyright protection.
### 2.4 Due Diligence Requirements
When uncertain about the copyright status of material:
**(a)** Conduct reasonable research to determine copyright ownership;
**(b)** Err on the side of caution and seek permission or clarification;
**(c)** Consult with legal professionals when necessary;
**(d)** Document your efforts to comply with copyright requirements.
## 3. FAIR USE AND EDUCATIONAL PURPOSES
### 3.1 Fair Use Principles
Limited use of copyrighted material may be permissible under fair use doctrines for:
**(a)** Commentary, criticism, or parody;
**(b)** News reporting and journalism;
**(c)** Teaching, scholarship, and academic research;
**(d)** Other purposes recognised under applicable fair use provisions.
### 3.2 Fair Use Assessment Factors
When claiming fair use, you must consider:
**(a)** **Purpose and Character:** Whether the use is commercial or non-profit educational, and whether it transforms the original work;
**(b)** **Nature of the Work:** Whether the copyrighted work is factual or creative in nature;
**(c)** **Amount Used:** The proportion and substantiality of the portion used in relation to the whole;
**(d)** **Market Impact:** The effect of your use on the potential market for the original work.
### 3.3 Educational Use Clarification
**(a)** Educational context does not automatically qualify as fair use;
**(b)** All four factors must be considered in each specific case;
**(c)** Systematic copying for educational purposes may not qualify for fair use protection;
**(d)** Commercial educational uses face higher scrutiny than non-profit educational activities.
### 3.4 Documentation and Source Citation
When relying on fair use:
**(a)** Clearly indicate the source and purpose of your use;
**(b)** Provide proper attribution to the original creator;
**(c)** Document your fair use analysis and reasoning;
**(d)** Be prepared to defend your fair use claim if challenged.
## 4. ATTRIBUTION AND CITATION STANDARDS
### 4.1 Mandatory Attribution Elements
When using or referencing others' work, you must provide:
**(a)** The full name of the creator or author;
**(b)** The complete title of the work;
**(c)** The source (website URL, publication details, repository location);
**(d)** The date of publication or creation (where available);
**(e)** Any applicable licence terms and requirements;
**(f)** A clear indication of any modifications made to the original.
### 4.2 Digital Citation Best Practices
For digital content:
**(a)** Use hyperlinks to original sources whenever possible;
**(b)** Ensure links are functional and lead directly to the referenced content;
**(c)** Include archived versions of links where content may be ephemeral;
**(d)** Follow established citation standards appropriate to your field or context.
### 4.3 Academic and Professional Citations
When creating academic or professional content:
**(a)** Follow recognised citation styles (APA, MLA, Chicago, etc.);
**(b)** Maintain consistency in citation format throughout your work;
**(c)** Include complete bibliographies or reference lists;
**(d)** Distinguish between different types of sources and references.
## 5. ORIGINAL CONTENT CREATION AND LICENSING
### 5.1 Original Content Rights
When creating and sharing original content through our Services:
**(a)** You retain copyright ownership of your original works;
**(b)** You grant our community certain usage rights as specified in our Terms of Service;
**(c)** You may specify additional licensing terms for your content;
**(d)** Copyright notices may be added to clarify ownership and rights.
### 5.2 Third-Party Content in Original Works
When incorporating third-party elements into your original creations:
**(a)** Ensure you have appropriate rights to use all incorporated elements;
**(b)** Provide proper attribution for all third-party contributions;
**(c)** Comply with licensing requirements of incorporated elements;
**(d)** Consider the impact on your ability to license the resulting work.
### 5.3 Community Usage Rights
By sharing content in our community spaces, you grant:
**(a)** A non-exclusive, worldwide, royalty-free right to use, reproduce, and display the content within community contexts;
**(b)** The right to modify content for technical compatibility and presentation purposes;
**(c)** The right to archive content for community preservation purposes;
**(d)** Such other rights as may be specified in our Terms of Service.
### 5.4 Licensing Recommendations
We encourage content creators to:
**(a)** Consider using Creative Commons licences for broader sharing;
**(b)** Clearly specify the terms under which others may use their content;
**(c)** Understand the implications of different licensing choices;
**(d)** Seek legal advice for complex licensing scenarios.
## 6. OPEN SOURCE AND CREATIVE COMMONS COMPLIANCE
### 6.1 Open Source Software
When using open source software:
**(a)** Carefully review and comply with all licence requirements;
**(b)** Include required copyright notices and licence texts;
**(c)** Understand obligations regarding source code availability;
**(d)** Be aware of licence compatibility issues when combining multiple open source components.
### 6.2 Creative Commons Materials
When using Creative Commons licensed content:
**(a)** Identify the specific licence version and requirements;
**(b)** Provide appropriate attribution as specified in the licence;
**(c)** Comply with share-alike requirements where applicable;
**(d)** Respect non-commercial use restrictions where specified;
**(e)** Understand the implications of no-derivatives restrictions.
### 6.3 Licence Verification
**(a)** Verify licence information from authoritative sources;
**(b)** Be cautious of incorrect or outdated licence information;
**(c)** Contact creators directly when licence terms are unclear;
**(d)** Maintain records of your licence compliance efforts.
### 6.4 Contributing to Open Projects
When contributing to open source or Creative Commons projects:
**(a)** Understand the licensing implications of your contributions;
**(b)** Ensure you have the right to license your contributions under project terms;
**(c)** Follow project-specific contribution guidelines and requirements;
**(d)** Be aware that contributions may be difficult to retract once accepted.
## 7. CODE SHARING AND TECHNICAL CONTENT
### 7.1 Code Snippets and Examples
**(a)** **Short Code Snippets:** Generally acceptable under fair use for educational or troubleshooting purposes;
**(b)** **Substantial Code Blocks:** Require proper licensing and attribution;
**(c)** **Complete Programs:** Must comply with applicable software licences;
**(d)** **Modified Code:** Must respect original licence requirements and indicate modifications.
### 7.2 Educational Code Sharing
When sharing code for educational purposes:
**(a)** Provide context and explanation for the code's purpose;
**(b)** Include appropriate licensing information and attribution;
**(c)** Consider the educational value versus the amount of code shared;
**(d)** Respect any restrictions on commercial use or redistribution.
### 7.3 Technical Documentation
**(a)** Original technical documentation is encouraged and valued;
**(b)** When referencing existing documentation, provide proper attribution;
**(c)** Distinguish between your original explanations and quoted material;
**(d)** Consider creating transformative content rather than copying existing documentation.
### 7.4 Open Source Best Practices
When sharing your own code:
**(a)** Choose an appropriate open source licence;
**(b)** Include clear licence files and copyright notices;
**(c)** Provide adequate documentation and attribution for dependencies;
**(d)** Consider the long-term implications of your licensing choices.
## 8. PLAGIARISM PREVENTION AND ACADEMIC INTEGRITY
### 8.1 Definition and Prohibition
Plagiarism, defined as presenting others' work as your own, is strictly prohibited and includes:
**(a)** Copying text, code, images, or other content without attribution;
**(b)** Paraphrasing others' ideas without acknowledgement;
**(c)** Using others' unique ideas, methodologies, or approaches without credit;
**(d)** Self-plagiarism (reusing your own previously published work without disclosure).
### 8.2 Consequences of Plagiarism
Plagiarism may result in:
**(a)** Immediate removal of infringing content;
**(b)** Suspension or termination of community privileges;
**(c)** Notification to relevant academic or professional institutions;
**(d)** Legal action in cases of commercial infringement;
**(e)** Permanent record of violation affecting future community participation.
### 8.3 Prevention Measures
To avoid plagiarism:
**(a)** Always cite your sources and provide proper attribution;
**(b)** Use quotation marks for direct quotes and indicate the source;
**(c)** Paraphrase in your own words whilst still providing attribution;
**(d)** Maintain detailed notes on your sources during research;
**(e)** When in doubt, provide attribution rather than risk infringement.
### 8.4 Academic and Professional Standards
**(a)** Follow the citation standards appropriate to your field or institution;
**(b)** Understand that different disciplines may have different expectations;
**(c)** Seek guidance from supervisors or colleagues when uncertain;
**(d)** Consider using plagiarism detection tools to verify your own work.
## 9. TRADEMARK COMPLIANCE
### 9.1 Trademark Recognition and Respect
When referencing trademarked products, services, or organisations:
**(a)** Use appropriate trademark symbols (ā„¢ for common law trademarks, Ā® for registered trademarks);
**(b)** Capitalise trademark names correctly;
**(c)** Avoid using trademarks in a way that suggests endorsement or affiliation without permission;
**(d)** Respect trademark guidelines published by trademark owners.
### 9.2 Nominative Fair Use
You may use trademarks for:
**(a)** Identifying and discussing the trademarked products or services;
**(b)** Comparative analysis and commentary;
**(c)** News reporting and factual discussion;
**(d)** Parody and criticism (with careful consideration of other legal restrictions).
### 9.3 Prohibited Trademark Uses
You must not:
**(a)** Use trademarks in a way that causes confusion about source or affiliation;
**(b)** Use trademarks as part of your own product or service names without permission;
**(c)** Modify or alter trademark logos or designs;
**(d)** Use trademarks in a way that dilutes their distinctiveness or harms their reputation.
### 9.4 Community Brand Protection
**(a)** Respect our own trademarks and brand elements;
**(b)** Do not use our logos or brand names without permission;
**(c)** Avoid creating confusion about official versus unofficial community content;
**(d)** Contact us for guidance on appropriate use of our brand elements.
## 10. DMCA COMPLIANCE AND TAKEDOWN PROCEDURES
### 10.1 DMCA Policy Statement
We comply with the Digital Millennium Copyright Act and maintain procedures for addressing claims of copyright infringement. We respect the rights of copyright owners whilst protecting the legitimate interests of our users.
### 10.2 Submitting DMCA Takedown Notices
To submit a valid DMCA takedown notice, contact **dmca@nhcarrigan.com** with the following information:
**(a)** **Identification of Copyrighted Work:** A clear description of the copyrighted work claimed to have been infringed, including registration numbers if applicable;
**(b)** **Identification of Infringing Material:** Specific identification of the allegedly infringing material and its location on our Services;
**(c)** **Contact Information:** Your complete contact information, including name, address, telephone number, and email address;
**(d)** **Good Faith Statement:** A statement that you have a good faith belief that the disputed use is not authorised by the copyright owner, its agent, or the law;
**(e)** **Accuracy Statement:** A statement, under penalty of perjury, that the information in the notice is accurate and that you are authorised to act on behalf of the copyright owner;
**(f)** **Physical or Electronic Signature:** Your physical or electronic signature.
### 10.3 Processing DMCA Notices
Upon receipt of a valid DMCA takedown notice:
**(a)** We will promptly investigate the claim;
**(b)** If the claim appears valid, we will remove or disable access to the allegedly infringing material;
**(c)** We will notify the affected user of the takedown and provide information about the counter-notification process;
**(d)** We will document the takedown for our records and potential future reference.
### 10.4 Response Timeline
We endeavour to process DMCA takedown notices within:
**(a)** **Initial Review:** Twenty-four (24) hours for urgent matters;
**(b)** **Investigation and Action:** Seventy-two (72) hours for standard cases;
**(c)** **Complex Cases:** Up to seven (7) business days with notification to relevant parties.
## 11. DMCA COUNTER-NOTIFICATION PROCESS
### 11.1 Right to Counter-Notification
If you believe your content was removed in error or misidentification, you may submit a counter-notification to **dmca@nhcarrigan.com**.
### 11.2 Counter-Notification Requirements
A valid counter-notification must include:
**(a)** **Identification of Removed Material:** Specific identification of the material that was removed and its previous location;
**(b)** **Good Faith Statement:** A statement under penalty of perjury that you have a good faith belief the material was removed due to mistake or misidentification;
**(c)** **Personal Information:** Your complete name, address, and telephone number;
**(d)** **Jurisdiction Consent:** A statement that you consent to the jurisdiction of the federal district court for your district (or the judicial district where you reside if outside the United States);
**(e)** **Service of Process:** A statement that you will accept service of process from the party who submitted the takedown notice;
**(f)** **Physical or Electronic Signature:** Your physical or electronic signature.
### 11.3 Counter-Notification Processing
Upon receipt of a valid counter-notification:
**(a)** We will provide a copy to the original complainant;
**(b)** We will inform the complainant that the material will be restored in 10-14 business days unless they file a court action;
**(c)** If no court action is filed, we will restore the material according to the statutory timeline;
**(d)** We will document the counter-notification and restoration for our records.
### 11.4 Legal Consequences
Both takedown notices and counter-notifications are made under penalty of perjury. False claims may result in liability for damages, attorney's fees, and other legal consequences under applicable law.
## 12. REPEAT INFRINGER POLICY
### 12.1 Policy Statement
We maintain a policy for addressing repeat copyright infringers to ensure ongoing DMCA compliance and protect the rights of copyright holders.
### 12.2 Tracking and Documentation
We maintain records of:
**(a)** All DMCA takedown notices received;
**(b)** Counter-notifications submitted;
**(c)** Actions taken in response to notices;
**(d)** User violation history and patterns.
### 12.3 Consequences for Repeat Infringement
Users who repeatedly infringe copyright may face:
**(a)** **First Offence:** Warning and education about copyright compliance;
**(b)** **Second Offence:** Temporary suspension of account privileges;
**(c)** **Subsequent Offences:** Progressive disciplinary measures up to and including permanent account termination;
**(d)** **Severe Cases:** Immediate termination for egregious or commercial infringement.
### 12.4 Appeals Process
Users subject to repeat infringer sanctions may:
**(a)** Request review of their case within thirty (30) days of sanction;
**(b)** Provide evidence of good faith efforts to comply with copyright law;
**(c)** Demonstrate that previous notices were invalid or withdrawn;
**(d)** Participate in educational programmes to reinstate privileges.
## 13. EDUCATION AND AWARENESS
### 13.1 Community Education Commitment
We are committed to educating our community about intellectual property rights and responsibilities through:
**(a)** Regular updates to this Policy and related guidance materials;
**(b)** Educational resources on copyright, fair use, and licensing;
**(c)** Community workshops and training sessions;
**(d)** Clear examples of acceptable and unacceptable practices.
### 13.2 Resources and Guidance
We provide access to:
**(a)** Links to authoritative sources on copyright law and fair use;
**(b)** Guides to common licensing terms and requirements;
**(c)** Templates and examples for proper attribution;
**(d)** Contact information for additional support and guidance.
### 13.3 Seeking Clarification
Community members are encouraged to:
**(a)** Ask questions about unclear aspects of this Policy;
**(b)** Seek guidance before sharing potentially problematic content;
**(c)** Report suspected violations or concerns;
**(d)** Participate in educational activities and discussions.
### 13.4 Professional Development
We encourage community members to:
**(a)** Stay informed about changes in intellectual property law;
**(b)** Participate in relevant professional development opportunities;
**(c)** Share knowledge and best practices with other community members;
**(d)** Contribute to the development of community guidelines and resources.
## 14. POLICY UPDATES AND COMPLIANCE
### 14.1 Regular Policy Review
This Policy is reviewed regularly to ensure:
**(a)** Compliance with current legal requirements;
**(b)** Alignment with technological developments;
**(c)** Responsiveness to community needs and feedback;
**(d)** Consistency with best practices in the field.
### 14.2 Update Notifications
Changes to this Policy will be communicated through:
**(a)** Prominent notices on our Services and websites;
**(b)** Email notifications to registered users;
**(c)** Community forum announcements and discussions;
**(d)** Documentation updates with clear change logs.
### 14.3 Continued Use and Acceptance
Continued participation in our community following Policy updates constitutes acceptance of the revised terms. If you do not agree to the updated Policy, you must cease using our Services.
### 14.4 Feedback and Suggestions
We welcome feedback on this Policy and suggestions for improvement. Please contact us at **dmca@nhcarrigan.com** with your comments and recommendations.
## 15. CONTACT INFORMATION AND SUPPORT
### 15.1 Primary Contact
For all matters related to this Policy, including DMCA notices, questions, and reports of violations:
**Email:** dmca@nhcarrigan.com
### 15.2 Additional Resources
**General Support:** privacy@nhcarrigan.com
**Community Forum:** https://forum.nhcarrigan.com
**Legal Inquiries:** legal@nhcarrigan.com
### 15.3 Response Commitments
We commit to:
**(a)** Acknowledging receipt of all communications within forty-eight (48) hours;
**(b)** Providing substantive responses within the timeframes specified in this Policy;
**(c)** Treating all inquiries with professionalism and confidentiality;
**(d)** Maintaining accurate records of all communications and actions taken.
### 15.4 Emergency Procedures
For urgent copyright infringement matters that pose immediate legal risk:
**(a)** Contact us immediately at dmca@nhcarrigan.com with "URGENT" in the subject line;
**(b)** Provide all required information for expedited processing;
**(c)** Be prepared to provide additional documentation or clarification promptly;
**(d)** Understand that expedited processing may require additional verification steps.
## 16. LEGAL DISCLAIMER
### 16.1 Policy Limitations
This Policy:
**(a)** Is not exhaustive and does not cover every possible scenario;
**(b)** Does not constitute legal advice or create an attorney-client relationship;
**(c)** Should be supplemented with independent legal counsel for specific situations;
**(d)** May not address all applicable laws in every jurisdiction.
### 16.2 Professional Consultation
Users are encouraged to:
**(a)** Seek independent legal counsel for complex intellectual property matters;
**(b)** Consult with qualified professionals before making significant licensing decisions;
**(c)** Obtain professional advice when facing potential infringement claims;
**(d)** Understand that our guidance cannot replace professional legal advice.
### 16.3 Limitation of Liability
To the extent permitted by law:
**(a)** We provide this Policy and related guidance on an "as is" basis;
**(b)** We disclaim liability for decisions made in reliance on this Policy;
**(c)** Users assume responsibility for their own compliance with applicable laws;
**(d)** Professional legal advice should be sought for significant legal decisions.
**Last Updated:** [Date to be inserted]
**Effective Date:** [Date to be inserted]
---
*By participating in our community, you agree to abide by this DMCA and Intellectual Property Compliance Policy. This Policy is designed to protect the rights of creators whilst fostering an environment of innovation and knowledge sharing. For questions or concerns, please contact us at dmca@nhcarrigan.com.*
src/content/docs/legal/government.md
+411 -18
View File
@@ -2,33 +2,426 @@
title: Government Actions and Compliance
---
## 1. Introduction
# GOVERNMENT ACTIONS AND COMPLIANCE TRANSPARENCY REPORT
The purpose of this document is to maintain transparency regarding any government or legal authority's actions against our organisation that result in a release of your data to those authorities.
**MAINTAINING TRANSPARENCY IN GOVERNMENT AND LEGAL AUTHORITY INTERACTIONS**
### 1.1. Disclaimers
## 1. INTRODUCTION AND POLICY STATEMENT
- We do not provide any sort of proactive information to regulatory agencies.
- We do not, and will never, set up "backdoors" or other direct access routes for regulatory agencies to surveil or access your data.
- All data in this document cover the entirety of NHCarrigan's lifetime, from our inception in
### 1.1 Transparency Commitment
## 2. Requests for Information
This transparency report is published to maintain complete transparency regarding any actions taken by government agencies, law enforcement authorities, or other legal entities that may result in the disclosure of user data or information stored by nhcarrigan ("we," "us," "our," or "the Company").
We have received 0 requests for information/data from authoritative agencies.
### 1.2 Scope and Coverage
| Agency | Data Requested | Result |
| ------ | -------------- | ------ |
This report covers:
## 3. Warrants and Subpoenas
**(a)** All formal requests for information or data from governmental or regulatory authorities;
We have been the subject of 0 warrants or subpoenas for our information/data.
**(b)** All warrants, subpoenas, court orders, or similar legal instruments served upon our organisation;
| Agency | Date of Action | Result |
| ------ | -------------- | ------ |
**(c)** Any asset seizures, data searches, or investigative actions affecting our systems or data;
## 4. Asset Seizures
**(d)** All time periods from the inception of nhcarrigan operations to the date of this report.
We have had our data/information searched or seized 0 times.
### 1.3 Reporting Principles
| Agency | Scope of Search | Result |
| ------ | --------------- | ------ |
Our transparency reporting is guided by the following principles:
**(a)** **Comprehensive Coverage:** All relevant actions and requests are documented without exception;
**(b)** **Regular Updates:** This report is updated promptly following any new developments;
**(c)** **Legal Compliance:** All disclosures comply with applicable laws and court-imposed restrictions;
**(d)** **User Protection:** We prioritise transparency whilst respecting ongoing legal proceedings and user privacy.
## 2. POLICY DECLARATIONS
### 2.1 Proactive Information Sharing
We explicitly declare that:
**(a)** We do not provide any proactive information to regulatory agencies, law enforcement, or government entities without legal compulsion;
**(b)** We do not engage in voluntary information sharing programmes with government agencies;
**(c)** We do not participate in mass surveillance or data collection programmes;
**(d)** All government data requests must follow proper legal channels and procedures.
### 2.2 System Integrity and Access
We firmly commit that:
**(a)** We do not, and will never, create "backdoors" or direct access routes for regulatory agencies to access user data or systems;
**(b)** We do not implement any covert monitoring or surveillance capabilities at the request of government entities;
**(c)** We do not provide real-time access to user communications or data without proper legal process;
**(d)** Any access to user data by authorities must be pursuant to valid legal process and within the bounds of applicable law.
### 2.3 Legal Process Requirements
For any disclosure of user information, we require:
**(a)** Valid legal process appropriate to the type of information requested;
**(b)** Proper jurisdictional authority over the matter in question;
**(c)** Specificity in the request regarding the information sought and the legal basis;
**(d)** Compliance with applicable data protection and privacy laws.
### 2.4 User Notification Policy
Subject to legal restrictions and court orders:
**(a)** We endeavour to notify affected users of government requests for their information;
**(b)** We provide reasonable advance notice where legally permissible;
**(c)** We challenge overly broad or inappropriate requests through legal channels;
**(d)** We advocate for the narrowest possible scope of any required disclosures.
## 3. INFORMATION REQUESTS
### 3.1 Summary Statistics
**Total Requests Received:** 0 (Zero)
**Time Period Covered:** From inception of nhcarrigan operations through the date of this report
### 3.2 Types of Information Requests
We categorise information requests as follows:
**(a)** **Emergency Requests:** Involving immediate threats to life or safety;
**(b)** **Criminal Investigations:** Related to suspected criminal activity;
**(c)** **Civil Matters:** Arising from civil litigation or administrative proceedings;
**(d)** **Regulatory Inquiries:** From regulatory bodies regarding compliance or oversight.
### 3.3 Detailed Request Log
| Request Date | Agency/Authority | Type of Request | Information Requested | Legal Basis | Response Date | Result/Action Taken | User Notification |
|--------------|------------------|-----------------|----------------------|-------------|---------------|---------------------|-------------------|
| No requests received to date | | | | | | | |
### 3.4 Response Procedures
When we receive information requests, our standard procedure includes:
**(a)** **Legal Review:** Assessment by qualified legal counsel of the validity and scope of the request;
**(b)** **Minimal Disclosure:** Limiting any disclosure to the minimum information required by law;
**(c)** **Documentation:** Maintaining detailed records of all requests and responses;
**(d)** **Transparency Reporting:** Including appropriate information in this public transparency report.
## 4. WARRANTS AND SUBPOENAS
### 4.1 Summary Statistics
**Total Warrants Received:** 0 (Zero)
**Total Subpoenas Received:** 0 (Zero)
**Time Period Covered:** From inception of nhcarrigan operations through the date of this report
### 4.2 Types of Legal Process
We track the following types of legal process:
**(a)** **Search Warrants:** Authorising search and seizure of specific information or systems;
**(b)** **Subpoenas:** Compelling production of documents or testimony;
**(c)** **Court Orders:** Directing specific actions or disclosures;
**(d)** **National Security Letters:** Administrative subpoenas related to national security investigations (where applicable).
### 4.3 Detailed Process Log
| Service Date | Court/Agency | Type of Process | Scope of Request | Response Required | Response Date | Compliance Action | Challenge Filed | User Notification |
|--------------|--------------|-----------------|------------------|-------------------|---------------|-------------------|-----------------|-------------------|
| No legal process served to date | | | | | | | | |
### 4.4 Legal Challenge Policy
Our policy regarding legal challenges includes:
**(a)** **Threshold Review:** Automatic legal review of all process for validity and scope;
**(b)** **Challenge Criteria:** Filing challenges when process is overbroad, invalid, or inappropriate;
**(c)** **User Advocacy:** Advocating for user privacy rights within legal constraints;
**(d)** **Procedural Compliance:** Ensuring all responses comply with applicable legal requirements.
## 5. ASSET SEIZURES AND SEARCHES
### 5.1 Summary Statistics
**Total Seizures/Searches:** 0 (Zero)
**Time Period Covered:** From inception of nhcarrigan operations through the date of this report
### 5.2 Types of Seizures and Searches
We categorise enforcement actions as follows:
**(a)** **Physical Seizures:** Seizure of physical hardware, servers, or storage media;
**(b)** **Digital Searches:** Direct access to or copying of digital information;
**(c)** **Account Freezes:** Temporary or permanent restriction of access to accounts or systems;
**(d)** **Data Preservation:** Requirements to preserve specific data pending legal proceedings.
### 5.3 Detailed Action Log
| Action Date | Agency | Type of Action | Scope of Search/Seizure | Legal Authority | Property/Data Affected | Recovery/Return | Impact Assessment |
|-------------|--------|----------------|-------------------------|-----------------|------------------------|-----------------|-------------------|
| No seizures or searches to date | | | | | | | |
### 5.4 Response and Mitigation Procedures
In the event of asset seizures or searches, our procedures include:
**(a)** **Immediate Assessment:** Rapid evaluation of the scope and impact of the action;
**(b)** **Legal Representation:** Immediate engagement of qualified legal counsel;
**(c)** **User Protection:** Implementation of measures to protect user data and privacy;
**(d)** **Service Continuity:** Actions to maintain service availability where legally permissible.
## 6. DATA PROTECTION AND PRIVACY SAFEGUARDS
### 6.1 Technical Safeguards
We implement technical measures to protect user data:
**(a)** **Encryption:** All user data is encrypted both in transit and at rest;
**(b)** **Access Controls:** Strict access controls limit personnel who can access user data;
**(c)** **Audit Logging:** Comprehensive logging of all access to user data;
**(d)** **Data Minimisation:** Collection and retention of only necessary user information.
### 6.2 Legal Safeguards
Our legal protections include:
**(a)** **Qualified Legal Review:** All government requests reviewed by qualified legal counsel;
**(b)** **Narrow Interpretation:** Interpreting all legal process as narrowly as legally permissible;
**(c)** **Challenge Preparation:** Maintaining resources to challenge inappropriate or overbroad requests;
**(d)** **Jurisdictional Analysis:** Careful analysis of jurisdictional issues in cross-border requests.
### 6.3 Operational Safeguards
Our operational procedures include:
**(a)** **Incident Response:** Established procedures for responding to government actions;
**(b)** **Communication Plans:** Clear communication protocols with users and stakeholders;
**(c)** **Documentation Standards:** Comprehensive documentation of all interactions with authorities;
**(d)** **Recovery Procedures:** Plans for service recovery following any enforcement actions.
### 6.4 International Considerations
For cross-border requests, we consider:
**(a)** **Treaty Obligations:** Applicable mutual legal assistance treaties and agreements;
**(b)** **Local Law Compliance:** Requirements under local data protection and privacy laws;
**(c)** **Diplomatic Channels:** Appropriate use of diplomatic channels for sensitive matters;
**(d)** **Conflict Resolution:** Procedures for resolving conflicts between different legal systems.
## 7. REPORTING METHODOLOGY AND LIMITATIONS
### 7.1 Data Collection
This transparency report is compiled using:
**(a)** **Legal Records:** Comprehensive records of all legal process received;
**(b)** **Communication Logs:** Documentation of all communications with government agencies;
**(c)** **Internal Reports:** Regular internal assessments of government interaction;
**(d)** **Legal Review:** Quarterly review by qualified legal counsel for completeness and accuracy.
### 7.2 Reporting Limitations
This report is subject to the following limitations:
**(a)** **Legal Restrictions:** Some information may be withheld due to court orders or legal restrictions;
**(b)** **Classification Issues:** Certain national security matters may not be reportable;
**(c)** **Ongoing Proceedings:** Active legal matters may limit the detail that can be disclosed;
**(d)** **Aggregation Requirements:** Some jurisdictions may require statistical aggregation rather than detailed reporting.
### 7.3 Update Schedule
This report is updated according to the following schedule:
**(a)** **Quarterly Updates:** Regular updates published every three months;
**(b)** **Event-Driven Updates:** Additional updates following significant developments;
**(c)** **Annual Review:** Comprehensive annual review and analysis;
**(d)** **Legal Milestone Updates:** Updates following resolution of significant legal matters.
### 7.4 Verification and Accuracy
We ensure report accuracy through:
**(a)** **Multi-Source Verification:** Cross-referencing multiple internal sources;
**(b)** **Legal Review:** Review by qualified legal counsel before publication;
**(c)** **External Audit:** Periodic external audit of transparency reporting procedures;
**(d)** **Correction Procedures:** Clear procedures for correcting any errors or omissions.
## 8. CONTACT INFORMATION AND SUPPORT
### 8.1 Legal Process Service
For service of legal process:
**Email:** legal@nhcarrigan.com
**Physical Address:** [To be provided when applicable]
**Business Hours:** Monday through Friday, 9:00 AM to 5:00 PM Pacific Standard Time
### 8.2 General Inquiries
For questions about this transparency report:
**Email:** transparency@nhcarrigan.com
**Subject Line:** Government Transparency Report Inquiry
### 8.3 Media and Press Inquiries
For media inquiries regarding government actions:
**Email:** press@nhcarrigan.com
**Response Time:** Within 24 hours for urgent matters
### 8.4 User Support
For users concerned about government access to their data:
**Email:** privacy@nhcarrigan.com
**Forum:** https://forum.nhcarrigan.com
**Response Time:** Within 48 hours for privacy-related inquiries
## 9. FUTURE DEVELOPMENTS
### 9.1 Policy Evolution
We continuously review and improve our government transparency policies based on:
**(a)** **Legal Developments:** Changes in applicable laws and regulations;
**(b)** **Industry Standards:** Evolving best practices in transparency reporting;
**(c)** **Stakeholder Feedback:** Input from users, legal experts, and privacy advocates;
**(d)** **Operational Experience:** Lessons learned from any government interactions.
### 9.2 Enhanced Reporting
We are committed to enhancing this transparency report through:
**(a)** **Additional Metrics:** Expanding the types of statistics and information reported;
**(b)** **Improved Analysis:** Providing more detailed analysis of trends and implications;
**(c)** **Interactive Features:** Developing interactive tools for exploring transparency data;
**(d)** **International Perspective:** Expanding coverage to include international legal developments.
### 9.3 Stakeholder Engagement
We engage with stakeholders through:
**(a)** **Public Consultation:** Regular opportunities for public input on transparency policies;
**(b)** **Expert Advisory:** Consultation with legal and privacy experts;
**(c)** **Industry Collaboration:** Participation in industry transparency initiatives;
**(d)** **Academic Partnership:** Collaboration with academic researchers on transparency issues.
## 10. LEGAL DISCLAIMER
### 10.1 Report Limitations
This transparency report:
**(a)** Is provided for informational purposes and public accountability;
**(b)** Does not constitute legal advice or create attorney-client privilege;
**(c)** May be subject to legal restrictions on disclosure in some jurisdictions;
**(d)** Represents our good faith effort to provide accurate and complete information.
### 10.2 Legal Compliance
This report is prepared in compliance with:
**(a)** All applicable transparency reporting requirements;
**(b)** Court orders and legal restrictions on disclosure;
**(c)** Data protection and privacy laws;
**(d)** National security and law enforcement confidentiality requirements.
### 10.3 No Warranties
We provide this report without warranties of any kind and disclaim liability for:
**(a)** Decisions made in reliance on this report;
**(b)** Any inaccuracies or omissions due to legal restrictions;
**(c)** Changes in legal or factual circumstances after publication;
**(d)** Interpretation of the information provided.
**Report Period:** From inception of nhcarrigan operations through [Date to be inserted]
**Publication Date:** [Date to be inserted]
**Next Scheduled Update:** [Date to be inserted]
---
*This transparency report demonstrates our commitment to user privacy and government accountability. We will continue to update this report regularly and advocate for user rights within the bounds of applicable law. For questions about this report, please contact us at transparency@nhcarrigan.com.*
src/content/docs/legal/license.md
+1855 -825
View File
File diff suppressed because it is too large Load Diff
src/content/docs/legal/privacy.md
+358 -133
View File
@@ -2,241 +2,466 @@
title: Privacy Policy
---
## 1. Overview and Scope
# PRIVACY POLICY
### 1.1. General Applicability
**YOUR PRIVACY RIGHTS AND OUR DATA PROTECTION COMMITMENTS**
This privacy policy ("General Policy") governs the collection, use, storage, and protection of data across all our services, platforms, and applications (collectively referred to as "Services").
## 1. INTRODUCTION AND SCOPE
### 1.2. Project-Specific Policies
### 1.1 About This Policy
Individual projects or Services may be subject to additional, project-specific privacy policies ("Project Policies"). These Project Policies apply concurrently with the General Policy. In the event of any conflict between the General Policy and a Project Policy, the stricter privacy protections shall prevail.
This Privacy Policy ("Policy") sets out how nhcarrigan ("we," "us," "our," or "the Company") collects, uses, stores, and protects your personal information when you use our services, applications, and platforms (collectively, the "Services").
### 1.3. Policy Updates and Retroactivity
### 1.2 Policy Applicability
We reserve the right to modify, amend, or update this General Policy and any Project Policies at any time. All changes to these policies, including the General Policy and any Project Policies, are retroactive and apply to previously collected data as well as data collected after the changes take effect.
This Policy applies to:
### 1.4. Notification of Changes
**(a)** All services, websites, and applications operated by nhcarrigan;
We will make reasonable efforts to notify users of significant changes to our privacy policies. However, it is the user's responsibility to regularly review the applicable privacy policies for any updates.
**(b)** All users of our Services, regardless of location;
### 1.5. Acceptance of Terms
**(c)** All personal data collected through our Services;
By accessing, using, or continuing to use our Services, you explicitly acknowledge and agree to be bound by the most current version of the General Policy and any applicable Project Policies. If you do not agree with the terms of these policies, you must immediately cease using our Services.
**(d)** Both current and former users of our Services.
### 1.6. Effective Date
### 1.3 Additional Policies
The effective date of the current version of this policy will be clearly stated at the beginning of the document. Each revision will be numbered or dated for easy reference.
Specific Services may be subject to additional privacy notices or terms ("Service-Specific Policies"). Where such policies exist:
## 2. Data Collection, Documentation, and User Rights
**(a)** They supplement this main Policy;
### 2.1. Data Collection Practices
**(b)** In case of conflict, the most privacy-protective terms shall apply;
We strive to collect only the data necessary for the proper functioning and improvement of our Services. However, the scope of data collection may change as our Services evolve.
**(c)** We shall clearly identify when additional policies apply.
### 2.2. Documentation Efforts
### 1.4 Policy Updates
We make every effort to maintain accurate and up-to-date documentation regarding our data collection practices. This includes:
We reserve the right to update this Policy at any time. Changes may:
- Regular reviews of our data collection processes
- Timely updates to our privacy policy and related documentation
- Clear communication about significant changes in data collection
**(a)** Take effect immediately upon publication;
### 2.3. Potential Undocumented Data Collection
**(b)** Apply retroactively to previously collected data;
Despite our best efforts, it is possible that at any given time, an application or Service may collect data that is not explicitly documented. This may occur due to:
**(c)** Require your continued consent through ongoing use of our Services.
- Recent updates or changes to our Services
- Technical issues or bugs
- Third-party integrations or dependencies
### 1.5 Acceptance and Consent
### 2.4. General Data Rights
By using our Services, you:
Regardless of whether specific data collection is documented, users have the following rights:
**(a)** Acknowledge that you have read and understood this Policy;
#### 2.4.1. Right to Access:
**(b)** Consent to our collection and processing of your personal data as described;
At any time, you may request a complete copy of your data stored by one of our applications. Requests must be done via `privacy@nhcarrigan.com` from the email address the data belongs to. This ensures that a user cannot impersonate you and request your data. We may request additional identifying information, depending on the structure of the data collected by the application.
**(c)** Agree to be bound by the current version of this Policy.
#### 3.4.2. Right to Rectification:
### 1.6 Contact for Privacy Matters
You may request corrections to any inaccurate data we hold about you.
For all privacy-related inquiries, please contact us at: **privacy@nhcarrigan.com**
#### 3.4.3. Right to Erasure:
## 2. INFORMATION WE COLLECT
At any time, you may request complete removal of your stored data. Requests must be done via `privacy@nhcarrigan.com` from the email address the data belongs to. This ensures that a user cannot impersonate you and request your data. We may request additional identifying information, depending on the structure of the data collected by the application.
### 2.1 Types of Personal Information
This will **not** opt you out of future data collection unless specifically requested. We reserve the right to refuse removal requests when the data are necessary for specific functionality of the app, in circumstances where removing your data would compromise the functionality for all users.
We may collect the following categories of personal information:
#### 3.4.4. Right to Restrict Processing:
**(a)** **Identity Information:** Name, username, email address, and demographic information;
At any time, you may request to opt out of data collection for an application by requesting removal of your data and discontinuing interaction with the application. We may request additional identifying information, depending on the structure of the data collected by the application.
**(b)** **Technical Information:** IP address, browser type, device information, and operating system;
We reserve the right to refuse opt-out requests when the data are necessary for specific functionality of the app, in circumstances where opting-out would compromise the functionality for all users.
**(c)** **Usage Information:** How you interact with our Services, including pages visited and features used;
#### 3.4.5. Right to Data Portability:
**(d)** **Communication Information:** Messages sent through our platforms and support communications;
You may request a copy of your data in a structured, commonly used, and machine-readable format.
**(e)** **Account Information:** Registration details, preferences, and account settings.
### 3.5. Exercising Your Rights
### 2.2 Methods of Collection
To exercise any of these rights or to inquire about data we may hold:
We collect personal information through:
- Contact us through `privacy@nhcarrigan.com`.
- Be prepared to verify your identity to protect the security of your information
**(a)** **Direct Provision:** Information you provide when registering, using our Services, or contacting us;
### 3.6. Opting Out of Data Collection
**(b)** **Automated Collection:** Technical data collected through cookies, logs, and analytics tools;
- You may cease using our Services
- For specific types of data collection, we may offer granular opt-out options
- Note that opting out of essential data collection may limit or prevent your use of certain Services
**(c)** **Third-Party Sources:** Information from integrated services and platforms (with your consent).
### 3.7. Response Time and Process
### 2.3 Undocumented Collection
We will make reasonable efforts to respond to all data-related requests within 30 days. Complex requests may require additional time, in which case we will notify you.
Despite our best efforts to maintain comprehensive documentation:
### 3.8. Limitations
**(a)** Some data collection may occur that is not explicitly documented;
While we strive to honour all legitimate requests, be aware that legal requirements may sometimes prevent us from fully complying with certain requests.
**(b)** This may result from system updates, third-party integrations, or technical changes;
### 3.9. Ongoing Commitment
**(c)** You maintain all privacy rights regardless of documentation status;
We are committed to transparency and user privacy. We continuously work to improve our data practices and documentation to ensure the highest standards of data protection and user trust.
**(d)** We commit to honouring all data subject rights for any collected information.
## 4. Data Retention
## 3. HOW WE USE YOUR INFORMATION
### 4.1. Retention Principle
### 3.1 Primary Purposes
We adhere to the principle of data minimization, storing personal data for the shortest time necessary to fulfil the purposes for which it was collected and to ensure the proper functioning of our applications.
We process your personal information for the following purposes:
### 4.2. Retention Periods
**(a)** **Service Provision:** To provide, operate, and maintain our Services;
Specific retention periods may vary depending on the type of data and the purpose for which it is processed. Generally:
**(b)** **Communication:** To respond to inquiries and provide customer support;
- Active user data is retained for the duration of the user's account activity
- Inactive user data may be retained for a period after the last user interaction, typically not exceeding 12 months
- Aggregated and anonymized data may be retained indefinitely for analytical purposes
**(c)** **Improvement:** To analyse usage patterns and enhance our Services;
### 4.3. Automatic Deletion
**(d)** **Security:** To protect against fraud, abuse, and security threats;
Where technically feasible, we implement automated processes to delete or anonymize personal data that has exceeded its retention period.
**(e)** **Legal Compliance:** To fulfil our legal obligations and protect our rights.
### 4.4. Legal and Regulatory Compliance
### 3.2 Legal Basis for Processing
Certain data may be retained for longer periods if required by applicable laws, regulations, or to comply with legal obligations.
Our legal basis for processing personal information includes:
### 4.5. Backup Retention
**(a)** **Consent:** Where you have explicitly agreed to processing;
For data recovery purposes, backups may contain personal data for a period beyond the active retention period. These backups are secured and accessed only when necessary for system restoration.
**(b)** **Contract:** Where processing is necessary to perform our Services;
### 4.6. User-Initiated Deletion
**(c)** **Legitimate Interests:** Where we have legitimate business interests that do not override your rights;
Users may request the deletion of their data at any time, subject to our legitimate business needs and legal obligations.
**(d)** **Legal Obligation:** Where required by applicable law.
## 5. Availability of Data
### 3.3 Automated Decision-Making
### 5.1. Access Control
We may use automated systems for:
Access to user data is strictly controlled and limited to authorized members of the nhcarrigan team on a need-to-know basis.
**(a)** Spam detection and content moderation;
### 5.2. Purpose Limitation
**(b)** Security threat identification;
Data access by the nhcarrigan team is permitted only for the following purposes:
**(c)** Service personalisation and recommendations.
- Debugging application issues
- Improving application functionality and user experience
- Contributing to the development and maintenance of the application
- Responding to user support requests
- Ensuring compliance with legal and regulatory requirements
You have the right to request human review of automated decisions that significantly affect you.
### 5.3. Data Security Measures
## 4. DATA SHARING AND DISCLOSURE
We implement robust security measures to protect data from unauthorized access, including but not limited to:
### 4.1 Internal Access
- Encryption of data in transit and at rest
- Multi-factor authentication for developer accounts
- Regular security audits and vulnerability assessments
- Logging of data access and modifications
Access to your personal information within our organisation is restricted to:
### 5.4. Developer Training and Accountability
**(a)** Authorised team members on a need-to-know basis;
All team members with data access are:
**(b)** Personnel responsible for system maintenance and support;
- Required to undergo privacy and security training
- Bound by confidentiality agreements
- Subject to disciplinary action for unauthorized data access or misuse
**(c)** Individuals involved in legal compliance and security matters.
### 5.5. Third-Party Access
### 4.2 Third-Party Sharing
We do not sell user data. In cases where third-party service providers require access to perform specific functions:
We may share your information with:
- Access is limited to the minimum necessary data
- Providers are bound by strict contractual obligations to protect user data
- We regularly review and audit third-party practices
**(a)** **Service Providers:** Third-party companies that help us operate our Services;
### 5.6. Transparency
**(b)** **Legal Authorities:** When required by law, court order, or to protect legal rights;
We maintain logs of data access by our team and can provide this information upon justified request, subject to privacy and security considerations.
**(c)** **Business Partners:** With your explicit consent and for specific purposes;
### 5.7. User Data Requests
**(d)** **Successors:** In the event of a merger, acquisition, or business transfer.
Users may request information about how their data has been accessed or used by contacting our designated data protection contact.
### 4.3 Data Sale Prohibition
### 5.8. Continuous Improvement
We do not and will not sell your personal information to third parties for commercial purposes.
We regularly review and update our data handling practices to ensure the highest standards of data protection and to minimize unnecessary access to personal information.
### 4.4 International Transfers
## 6. Contact Information and Data Inquiries
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:
We value transparency and are committed to addressing any questions or concerns you may have regarding our privacy practices. There are several ways to reach us:
**(a)** Adequacy decisions by relevant authorities;
### 6.1. Forum
**(b)** Standard contractual clauses;
For immediate assistance and community support, join our forum: https://forum.nhcarrigan.com
**(c)** Other legally recognised transfer mechanisms.
### 6.2. Email Contact
## 5. YOUR PRIVACY RIGHTS
For privacy-specific inquiries or formal requests, please email: `privacy@nhcarrigan.com`
### 5.1 General Rights
### 6.3. Response Time
Regardless of your location, you have the following rights regarding your personal information:
We strive to respond to all inquiries within 5 business days. Complex issues may require additional time.
**(a)** **Right of Access:** Request a copy of the personal information we hold about you;
### 6.4. Types of Inquiries
**(b)** **Right of Rectification:** Request correction of inaccurate or incomplete information;
We welcome contact regarding:
**(c)** **Right of Erasure:** Request deletion of your personal information in certain circumstances;
- Questions about this privacy policy
- Inquiries about our data collection and use practices
- Requests to exercise your data rights (access, rectification, erasure, etc.)
- Reporting of potential data breaches or security concerns
- Suggestions for improving our privacy practices
**(d)** **Right to Restrict Processing:** Request limitation of how we process your information;
### 6.5. Information to Include
**(e)** **Right to Data Portability:** Receive your information in a structured, commonly used format.
To help us address your inquiry efficiently, please include:
### 5.2 Exercising Your Rights
- Your full name
- The email address associated with your account (if applicable)
- A detailed description of your question or concern
- Any relevant dates, times, or specific instances related to your inquiry
To exercise any of these rights:
### 6.6. Verification Process
**(a)** Submit requests to **privacy@nhcarrigan.com** from the email address associated with your account;
For security reasons, we may need to verify your identity before processing certain requests, especially those related to personal data.
**(b)** Provide sufficient information to verify your identity;
### 6.7. Alternative Contact Methods
**(c)** Specify clearly which right you wish to exercise;
If you are unable to use Discord or email, please visit our website for additional contact options: https://nhcarrigan.com
**(d)** Include any relevant details or documentation to support your request.
### 6.8. Updates and Notifications
### 5.3 Response Timeframes
If you wish to receive updates about changes to our privacy policy or data practices, please bookmark this page.
We endeavour to respond to all privacy requests within:
### 6.9. Legal Inquiries
**(a)** **Simple requests:** Five (5) business days;
For legal or formal inquiries, please use the email provided above and clearly mark your message as a legal inquiry.
**(b)** **Complex requests:** Thirty (30) days, with notification if additional time is required;
### 6.10. Accessibility
**(c)** **Urgent security matters:** Within twenty-four (24) hours where possible.
If you require this information in an alternative format for accessibility reasons, please let us know, and we will do our best to accommodate your needs.
### 5.4 Limitations on Rights
Your privacy rights may be limited where:
**(a)** Deletion would compromise essential functionality for all users;
**(b)** We have overriding legitimate interests or legal obligations;
**(c)** Information is necessary for the establishment, exercise, or defence of legal claims;
**(d)** Processing is required for compliance with legal obligations.
## 6. DATA RETENTION AND DELETION
### 6.1 Retention Principles
We retain personal information based on the following principles:
**(a)** **Data Minimisation:** We keep only what is necessary for the stated purposes;
**(b)** **Purpose Limitation:** Information is retained only as long as needed for its original purpose;
**(c)** **Legal Requirements:** Some information may be retained to comply with legal obligations.
### 6.2 Retention Periods
General retention periods include:
**(a)** **Active Account Data:** Retained whilst your account remains active;
**(b)** **Inactive Account Data:** Retained for up to twelve (12) months after last activity;
**(c)** **Communication Records:** Retained for up to three (3) years for support purposes;
**(d)** **Legal and Compliance Data:** Retained as required by applicable laws.
### 6.3 Automated Deletion
Where technically feasible, we implement automated systems to:
**(a)** Delete information that has exceeded its retention period;
**(b)** Anonymise data where deletion is not possible;
**(c)** Regularly review and purge unnecessary information.
### 6.4 Backup Retention
For system recovery purposes:
**(a)** Backups may contain personal information beyond active retention periods;
**(b)** Backup systems are secured and accessed only when necessary for restoration;
**(c)** Personal information in backups is subject to the same protection standards.
## 7. DATA SECURITY
### 7.1 Security Measures
We implement comprehensive security measures including:
**(a)** **Encryption:** Data is encrypted both in transit and at rest;
**(b)** **Access Controls:** Multi-factor authentication and role-based access restrictions;
**(c)** **Monitoring:** Continuous monitoring for security threats and unauthorised access;
**(d)** **Regular Audits:** Periodic security assessments and vulnerability testing.
### 7.2 Personnel Security
All team members with access to personal information:
**(a)** Undergo privacy and security training;
**(b)** Sign confidentiality agreements;
**(c)** Are subject to background checks where legally permissible;
**(d)** Face disciplinary action for unauthorised access or misuse.
### 7.3 Incident Response
In the event of a data breach:
**(a)** We will investigate and contain the incident promptly;
**(b)** Affected users will be notified within seventy-two (72) hours where feasible;
**(c)** Relevant authorities will be notified as required by law;
**(d)** We will provide regular updates on our investigation and remediation efforts.
### 7.4 Third-Party Security
Third-party service providers must:
**(a)** Maintain equivalent security standards;
**(b)** Sign data processing agreements;
**(c)** Undergo regular security assessments;
**(d)** Notify us immediately of any security incidents.
## 8. COOKIES AND TRACKING TECHNOLOGIES
### 8.1 Use of Cookies
We use cookies and similar technologies to:
**(a)** Remember your preferences and settings;
**(b)** Analyse usage patterns and improve our Services;
**(c)** Provide personalised content and features;
**(d)** Maintain security and prevent fraud.
### 8.2 Types of Cookies
We may use the following types of cookies:
**(a)** **Essential Cookies:** Necessary for basic functionality;
**(b)** **Performance Cookies:** Help us understand how our Services are used;
**(c)** **Functional Cookies:** Remember your choices and preferences;
**(d)** **Targeting Cookies:** Used to deliver relevant content (with consent).
### 8.3 Cookie Management
You can manage cookies through:
**(a)** Your browser settings;
**(b)** Our cookie preference centre (where available);
**(c)** Opt-out tools provided by third-party services.
Please note that disabling certain cookies may affect the functionality of our Services.
## 9. CHILDREN'S PRIVACY
### 9.1 Age Restrictions
Our Services are not intended for children under the age of thirteen (13), or the minimum digital age of consent in your jurisdiction, whichever is higher.
### 9.2 Collection from Children
We do not knowingly collect personal information from children under the applicable minimum age. If we become aware that we have collected such information:
**(a)** We will delete the information promptly;
**(b)** We will notify the child's parent or guardian if possible;
**(c)** We will take steps to prevent future collection.
### 9.3 Parental Rights
Parents and guardians have the right to:
**(a)** Review any personal information we hold about their child;
**(b)** Request deletion of their child's information;
**(c)** Refuse to permit further collection from their child.
## 10. CONTACT INFORMATION AND COMPLAINTS
### 10.1 Privacy Contact
For all privacy-related matters, contact our Data Protection Officer at:
**Email:** privacy@nhcarrigan.com
**Forum:** https://forum.nhcarrigan.com (for general inquiries)
### 10.2 Information to Include
When contacting us about privacy matters, please provide:
**(a)** Your full name and contact information;
**(b)** Details of your request or concern;
**(c)** Any relevant account information or identifiers;
**(d)** Supporting documentation if applicable.
### 10.3 Response Commitment
We commit to:
**(a)** Acknowledging all privacy inquiries within two (2) business days;
**(b)** Providing substantive responses within the timeframes specified in this Policy;
**(c)** Treating all inquiries with respect and confidentiality;
**(d)** Following up to ensure your concerns have been adequately addressed.
### 10.4 Complaints and Escalation
If you are not satisfied with our response:
**(a)** You may request escalation to senior management;
**(b)** You have the right to lodge a complaint with relevant data protection authorities;
**(c)** You may seek independent legal advice regarding your rights.
### 10.5 Supervisory Authority Contact
For complaints in jurisdictions with data protection authorities, you may contact your local supervisory authority. In the European Union, you can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en
## 11. UPDATES AND EFFECTIVE DATE
### 11.1 Policy Updates
We may update this Policy periodically to reflect:
**(a)** Changes in our data processing practices;
**(b)** New legal requirements or regulatory guidance;
**(c)** Feedback from users and data protection authorities;
**(d)** Technological developments and security enhancements.
### 11.2 Notification of Changes
We will notify you of material changes through:
**(a)** Prominent notices on our Services;
**(b)** Email notifications to registered users;
**(c)** Updates to our website and documentation.
### 11.3 Version History
Previous versions of this Policy are available upon request for transparency and reference purposes.
**Last Updated:** [Date to be inserted]
**Effective Date:** [Date to be inserted]
---
*This Privacy Policy is designed to comply with applicable data protection laws whilst providing clear information about our privacy practices. If you have any questions or concerns, please do not hesitate to contact us.*
src/content/docs/legal/security.md
+547 -74
View File
@@ -2,135 +2,608 @@
title: Security Policy
---
## 1. Introduction
# SECURITY POLICY
This Security Policy outlines the procedures for reporting security vulnerabilities in our applications and the terms under which we handle such reports. By participating in our security reporting process, you agree to comply with this policy.
**PROTECTING OUR SYSTEMS AND YOUR DATA THROUGH RESPONSIBLE SECURITY PRACTICES**
## 2. Scope
## 1. INTRODUCTION AND SCOPE
This policy applies to all applications, services, and systems maintained by our organization, including but not limited to:
### 1.1 Policy Overview
- Our main websites and applications
- All open-source projects hosted on our repositories
- Any associated APIs or backend services
This Security Policy ("Policy") establishes the procedures and terms under which we handle the reporting and resolution of security vulnerabilities discovered in our applications, systems, and services. By participating in our security reporting process, you acknowledge and agree to comply with all provisions of this Policy.
## 3. Reporting a Vulnerability
### 1.2 Scope of Coverage
### 3.1 Reporting Channels
This Policy applies to all applications, services, and systems maintained by nhcarrigan, including but not limited to:
If you discover a security vulnerability within any of our applications or systems, please report it through one of the following secure channels:
**(a)** All primary websites and web applications operated under our domain;
1. Send an email to `security@nhcarrigan.com`
**(b)** Mobile applications distributed through official channels;
### 3.2 Public Disclosure Prohibition
**(c)** Open-source projects hosted in our official repositories;
Do NOT disclose the vulnerability publicly or through any public channels, including but not limited to:
**(d)** Application Programming Interfaces (APIs) and backend services;
- Public GitHub issues
- Social media platforms
- Public forums or chat rooms
- Blog posts or articles
**(e)** Infrastructure and hosting environments that support our services;
### 3.3 Required Information
**(f)** Associated documentation, support systems, and auxiliary platforms.
When reporting a vulnerability, please provide:
### 1.3 Security Principles
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested mitigation or fix (if known)
Our security programme is founded on the following principles:
## 4. Response Process
**(a)** **Transparency:** We maintain open communication about our security practices whilst protecting sensitive operational details;
### 4.1 Acknowledgment
**(b)** **Collaboration:** We work cooperatively with security researchers and the broader community to identify and address vulnerabilities;
We will acknowledge receipt of your vulnerability report within 3 business days.
**(c)** **Continuous Improvement:** We regularly assess and enhance our security measures based on emerging threats and best practices;
### 4.2 Assessment and Verification
**(d)** **User Protection:** Our primary focus is protecting the confidentiality, integrity, and availability of user data and systems.
Our security team will assess the reported vulnerability and may contact you for additional information if needed.
### 1.4 Legal Framework
### 4.3 Resolution Timeline
This Policy is designed to operate within the framework of applicable laws and regulations, including but not limited to computer fraud and abuse laws, data protection regulations, and responsible disclosure principles recognised in the security research community.
We strive to resolve confirmed vulnerabilities within 90 days of the initial report, depending on the complexity and severity of the issue.
## 2. VULNERABILITY REPORTING PROCEDURES
## 5. Disclosure Policy
### 2.1 Reporting Channels
### 5.1 Coordinated Disclosure
If you discover a security vulnerability within any of our systems or applications, please report it exclusively through our designated secure reporting channel:
We practice coordinated disclosure. We will work with you to ensure that a fix is available before any public disclosure of the vulnerability.
**Primary Contact:** security@nhcarrigan.com
### 5.2 Public Acknowledgment
**Subject Line Format:** [SECURITY] Brief description of vulnerability
With your permission, we may publicly acknowledge your contribution in discovering and reporting the vulnerability after it has been resolved.
**Alternative Contact:** For urgent matters requiring immediate attention, you may also contact our general support team with clear indication of the security nature of your report.
## 6. Legal Safe Harbor
### 2.2 Public Disclosure Prohibition
### 6.1 Authorization
To protect our users and systems, you must not disclose security vulnerabilities publicly or through any public channels until we have had reasonable opportunity to investigate and address the issue. Prohibited disclosure methods include, but are not limited to:
We authorize security research and vulnerability disclosure activities, provided they are conducted in accordance with this policy and all applicable laws.
**(a)** Public GitHub issues or pull requests;
### 6.2 Scope of Protection
**(b)** Social media platforms (Twitter, LinkedIn, Facebook, etc.);
We will not initiate legal action for accidental, good faith violations of this policy. This safe harbor applies only to activities that:
**(c)** Public forums, discussion boards, or community platforms;
- Comply with all aspects of this Security Policy
- Do not compromise or attempt to compromise the privacy or safety of our users, employees, or systems
- Do not violate any applicable laws
**(d)** Blog posts, articles, or public presentations;
### 6.3 Limitations
**(e)** Security mailing lists or vulnerability databases;
This safe harbor does not apply to:
**(f)** Any other medium accessible to the general public.
- Vulnerabilities or information obtained through means other than security research
- Research conducted on third-party applications or services that integrate with our systems
### 2.3 Required Information for Vulnerability Reports
## 7. Bug Bounty Program
To facilitate effective investigation and resolution, please include the following information in your vulnerability report:
We do not currently offer monetary rewards or "bug bounties" for reporting security vulnerabilities. Your contributions to our security are greatly appreciated, but are on a voluntary basis.
**(a)** **Detailed Description:** A comprehensive explanation of the vulnerability, including the potential security impact and risk level;
We will gladly thank you in our [Hall of Fame](/community/hall-of-fame)
**(b)** **Reproduction Steps:** Clear, step-by-step instructions that allow our team to reproduce the vulnerability consistently;
## 8. Data Protection and Privacy
**(c)** **Technical Details:** Relevant technical information such as affected URLs, parameters, request/response examples, and system configurations;
### 8.1 Handling of Submitted Information
**(d)** **Proof of Concept:** Where appropriate and safe, include demonstration code or screenshots that illustrate the vulnerability without causing harm;
Any information you provide in your vulnerability report will be handled in accordance with our Privacy Policy and applicable data protection laws.
**(e)** **Suggested Remediation:** If known, provide recommendations for addressing the vulnerability or mitigating the risk;
### 8.2 Confidentiality
**(f)** **Discovery Context:** Information about how the vulnerability was discovered and any tools or techniques used.
We will treat all vulnerability reports as confidential and will not share the information beyond what is necessary to address the reported issue.
### 2.4 Information Handling and Confidentiality
## 9. Proactive Measures
All vulnerability reports and related communications will be handled with strict confidentiality in accordance with our privacy policy and applicable data protection laws. We commit to:
In order to maintain the best possible effort to protect your data and the safety of our applications, we implement the following proactive security measures.
**(a)** Limiting access to vulnerability information to authorised personnel only;
### 9.1. Code Scanning
**(b)** Implementing appropriate security measures to protect report details;
Our projects are scanned for potential security risks and vulnerabilities using SonarQube. You can view the latest scan reports [on our dashboard](https://quality.nhcarrigan.link).
**(c)** Not sharing vulnerability information with third parties without explicit consent, except as required by law;
### 9.2. Local Scanning
**(d)** Maintaining detailed records of all communications and actions taken.
We also run a weekly scan on all of our projects using local tooling:
## 3. RESPONSE PROCEDURES AND TIMELINES
- Gitleaks (to detect leaked secrets and credentials)
- Grype (secondary detection for vulnerabilities in dependencies)
- Snyk (in-depth scanning of code and dependencies)
- Syft (to generate Software Bill of Materials for third-party auditors to use)
- Trivy (to detect vulnerabilities in dependencies)
### 3.1 Initial Acknowledgement
The results of these scans are found at https://security.nhcarrigan.com
We will acknowledge receipt of your vulnerability report within the following timeframes:
## 10. Compliance with Laws and Regulations
**(a)** **Standard Reports:** Within three (3) business days of receipt;
All security research and vulnerability disclosure activities must comply with all applicable local, state, and federal laws, as well as any relevant international laws.
**(b)** **High-Priority Reports:** Within twenty-four (24) hours for reports indicating critical vulnerabilities or active exploitation;
## 11. Policy Updates
**(c)** **Complex Reports:** Within five (5) business days for reports requiring initial technical assessment before acknowledgement.
We reserve the right to update or modify this Security Policy at any time. Any changes will be effective immediately upon posting the updated policy on our website or repository.
### 3.2 Assessment and Verification Process
## 12. Contact Information
Following initial acknowledgement, our security team will:
For any questions regarding this Security Policy, please contact us at `security@nhcarrigan.com`.
**(a)** Conduct a thorough technical assessment of the reported vulnerability;
By reporting a security vulnerability to us, you acknowledge that you have read, understood, and agree to this Security Policy.
**(b)** Attempt to reproduce the issue using the provided steps and information;
**(c)** Evaluate the potential impact and risk level of the vulnerability;
**(d)** Determine the scope of affected systems and users;
**(e)** Develop an appropriate response and remediation plan.
### 3.3 Communication and Updates
Throughout the investigation and resolution process, we will:
**(a)** Provide regular status updates on the progress of our investigation;
**(b)** Communicate any additional information required to complete our assessment;
**(c)** Notify you of our preliminary findings and proposed resolution timeline;
**(d)** Keep you informed of any changes to our remediation plans or timelines.
### 3.4 Resolution Timeline
We are committed to resolving confirmed vulnerabilities within the following timeframes:
**(a)** **Critical Vulnerabilities:** Within seven (7) days for issues posing immediate risk to user data or system integrity;
**(b)** **High-Risk Vulnerabilities:** Within thirty (30) days for significant security issues requiring comprehensive remediation;
**(c)** **Medium-Risk Vulnerabilities:** Within sixty (60) days for moderate security concerns;
**(d)** **Low-Risk Vulnerabilities:** Within ninety (90) days for minor security issues;
**(e)** **Complex Vulnerabilities:** Extended timelines may be necessary for issues requiring significant architectural changes or third-party coordination, with regular communication about progress.
## 4. COORDINATED DISCLOSURE POLICY
### 4.1 Coordinated Disclosure Principles
We practice coordinated disclosure to balance transparency with security. This approach ensures that:
**(a)** Vulnerabilities are thoroughly investigated and properly addressed before public disclosure;
**(b)** Users and affected parties have adequate time to apply security updates;
**(c)** The security research community benefits from shared knowledge whilst minimising potential harm.
### 4.2 Disclosure Timeline
Our standard coordinated disclosure timeline follows this process:
**(a)** **Initial Report:** Vulnerability reported through appropriate channels;
**(b)** **Assessment Period:** Investigation and verification (up to 30 days);
**(c)** **Remediation Period:** Development and deployment of fixes (30-90 days depending on complexity);
**(d)** **Public Disclosure:** Joint announcement of vulnerability and resolution (after fix deployment and reasonable notice period).
### 4.3 Public Acknowledgement
With your explicit consent, we may publicly acknowledge your contribution in discovering and reporting the vulnerability after it has been resolved. Such acknowledgement may include:
**(a)** Recognition in our security advisories or public statements;
**(b)** Listing in our security researchers hall of fame;
**(c)** Social media recognition and appreciation;
**(d)** References in relevant security documentation or case studies.
### 4.4 Researcher Discretion
You retain the right to:
**(a)** Request anonymity in all public communications and acknowledgements;
**(b)** Decline participation in joint disclosure activities;
**(c)** Publish your own disclosure after coordinated resolution, following responsible disclosure principles;
**(d)** Specify your preferred method and format for public acknowledgement.
## 5. LEGAL SAFE HARBOUR PROVISIONS
### 5.1 Authorisation for Security Research
We explicitly authorise security research and vulnerability disclosure activities conducted in accordance with this Policy and applicable laws. This authorisation is intended to encourage responsible security research whilst protecting both researchers and our organisation.
### 5.2 Scope of Safe Harbour Protection
Our safe harbour provisions apply to security research activities that:
**(a)** Comply with all requirements and restrictions outlined in this Policy;
**(b)** Are conducted in good faith for the purpose of improving security;
**(c)** Do not compromise the privacy, safety, or security of our users, employees, or systems;
**(d)** Do not violate applicable laws or regulations;
**(e)** Are conducted without commercial motivation or malicious intent.
### 5.3 Protected Activities
Under this safe harbour, we will not initiate legal action against researchers for activities including:
**(a)** Accessing systems or data necessary to identify and document security vulnerabilities;
**(b)** Circumventing security measures solely for the purpose of vulnerability research;
**(c)** Creating accounts or using services as reasonably necessary for security testing;
**(d)** Downloading or accessing data that is the direct result of a security vulnerability, provided such access is limited to demonstrating the issue.
### 5.4 Limitations and Exclusions
This safe harbour protection does not apply to:
**(a)** Activities that violate applicable laws, regardless of research intent;
**(b)** Research conducted on third-party systems or applications that integrate with our services;
**(c)** Activities that involve social engineering, phishing, or physical security testing;
**(d)** Accessing, modifying, or deleting data belonging to other users;
**(e)** Conducting denial-of-service attacks or similar disruptive activities;
**(f)** Activities conducted after we have requested cessation or identified security policy violations.
### 5.5 Compliance Requirements
To maintain safe harbour protection, researchers must:
**(a)** Report vulnerabilities through designated channels within a reasonable timeframe;
**(b)** Provide sufficient detail to allow us to reproduce and address the vulnerability;
**(c)** Avoid disclosing vulnerabilities publicly before coordinated resolution;
**(d)** Cooperate with our investigation and remediation efforts;
**(e)** Cease testing activities upon request from our security team.
## 6. BUG BOUNTY PROGRAMME
### 6.1 Current Programme Status
At present, we do not operate a formal monetary bug bounty programme. Our security efforts rely on the goodwill and community spirit of security researchers who contribute to improving our security posture on a voluntary basis.
### 6.2 Non-Monetary Recognition
While we do not currently offer financial rewards, we deeply appreciate security researchers' contributions and provide recognition through:
**(a)** **Hall of Fame Recognition:** Public acknowledgement in our security contributors hall of fame;
**(b)** **Community Recognition:** Acknowledgement in our community forums and social media channels;
**(c)** **Professional References:** With your consent, we may serve as a reference for your security research activities;
**(d)** **Networking Opportunities:** Introduction to other security professionals and organisations within our network.
### 6.3 Future Programme Development
We continuously evaluate the possibility of implementing a formal bug bounty programme. Factors influencing this decision include:
**(a)** The volume and quality of vulnerability reports received;
**(b)** Available resources for programme administration and reward distribution;
**(c)** Legal and regulatory considerations in relevant jurisdictions;
**(d)** Alignment with our organisational priorities and community values.
### 6.4 Alternative Contribution Opportunities
Security researchers interested in contributing to our security efforts may also consider:
**(a)** Contributing to our open-source security tools and documentation;
**(b)** Participating in community discussions about security best practices;
**(c)** Helping to educate other community members about security awareness;
**(d)** Collaborating on security-related content and educational materials.
## 7. DATA PROTECTION AND PRIVACY
### 7.1 Handling of Submitted Information
All information provided in vulnerability reports will be processed and protected in accordance with our Privacy Policy and applicable data protection laws. This includes:
**(a)** Implementing appropriate technical and organisational measures to protect report data;
**(b)** Limiting access to vulnerability information to authorised personnel only;
**(c)** Using vulnerability information solely for the purpose of investigation and remediation;
**(d)** Maintaining confidentiality of researcher information and contact details.
### 7.2 Data Retention Policies
We retain vulnerability reports and related communications:
**(a)** **Active Cases:** For the duration of the investigation and remediation process;
**(b)** **Resolved Cases:** For up to three (3) years following resolution for audit and reference purposes;
**(c)** **Legal Requirements:** As required by applicable laws and regulations;
**(d)** **Historical Analysis:** Anonymised trend data may be retained indefinitely for security improvement purposes.
### 7.3 Confidentiality Commitments
We commit to treating all vulnerability reports as confidential information and will not:
**(a)** Share report details with unauthorised third parties;
**(b)** Use vulnerability information for purposes other than remediation and security improvement;
**(c)** Disclose researcher identity or contact information without explicit consent;
**(d)** Publicly discuss specific vulnerability details before coordinated disclosure.
### 7.4 Researcher Privacy Rights
Security researchers maintain standard privacy rights regarding their personal information, including:
**(a)** The right to request access to personal data we hold about them;
**(b)** The right to request correction of inaccurate personal information;
**(c)** The right to request deletion of personal data in certain circumstances;
**(d)** The right to object to or restrict processing of personal data where legally applicable.
## 8. PROACTIVE SECURITY MEASURES
### 8.1 Security Monitoring and Assessment
To maintain the highest possible security standards and protect user data, we implement comprehensive proactive security measures across all our systems and applications.
### 8.2 Automated Security Scanning
Our security programme includes regular automated scanning and assessment using industry-standard tools:
**(a)** **Static Code Analysis:** Regular scanning of source code for potential security vulnerabilities using SonarQube and similar tools;
**(b)** **Dynamic Application Security Testing:** Ongoing testing of running applications to identify runtime vulnerabilities;
**(c)** **Infrastructure Scanning:** Regular assessment of our hosting infrastructure and network security;
**(d)** **Dependency Scanning:** Continuous monitoring of third-party libraries and components for known vulnerabilities.
### 8.3 Security Tool Integration
We utilise a comprehensive suite of security tools integrated into our development and deployment processes:
**(a)** **Gitleaks:** Automated detection of secrets, credentials, and sensitive information in code repositories;
**(b)** **Grype:** Secondary vulnerability scanning for dependencies and container images;
**(c)** **Snyk:** In-depth analysis of code and dependencies for security vulnerabilities and license compliance;
**(d)** **Syft:** Generation of Software Bills of Materials (SBOMs) for third-party security audits;
**(e)** **Trivy:** Comprehensive vulnerability scanning for containers, filesystems, and cloud configurations.
### 8.4 Public Security Reporting
We maintain transparency about our security posture through publicly accessible security reports and dashboards:
**(a)** **Quality Dashboard:** Real-time security and quality metrics available at https://quality.nhcarrigan.link;
**(b)** **Security Reports:** Comprehensive security scan results published at https://security.nhcarrigan.com;
**(c)** **Regular Updates:** Weekly scanning cycles ensure up-to-date security information;
**(d)** **Trend Analysis:** Historical data tracking to identify and address security trends over time.
### 8.5 Security Development Lifecycle
Our development processes incorporate security at every stage:
**(a)** **Secure Coding Standards:** All developers follow established secure coding guidelines and best practices;
**(b)** **Security Code Reviews:** Mandatory security-focused code reviews for all changes and new features;
**(c)** **Automated Testing:** Security tests integrated into continuous integration and deployment pipelines;
**(d)** **Regular Training:** Ongoing security awareness and training for all development team members.
## 9. COMPLIANCE AND REGULATORY CONSIDERATIONS
### 9.1 Legal Compliance Requirements
All security research and vulnerability disclosure activities must comply with applicable laws and regulations, including but not limited to:
**(a)** Computer Fraud and Abuse Act (CFAA) and similar legislation in various jurisdictions;
**(b)** Data protection and privacy laws (GDPR, CCPA, etc.);
**(c)** Export control regulations affecting security tools and techniques;
**(d)** Industry-specific regulations applicable to our services or user base.
### 9.2 International Considerations
Given the global nature of our services and user base, researchers should be aware that:
**(a)** Different jurisdictions may have varying legal frameworks for security research;
**(b)** Cross-border data transfer and access may be subject to additional regulations;
**(c)** Some security research techniques may be legal in one jurisdiction but prohibited in another;
**(d)** Researchers are responsible for ensuring their activities comply with laws in their jurisdiction.
### 9.3 Ethical Guidelines
Beyond legal compliance, we expect all security research to adhere to widely recognised ethical guidelines:
**(a)** **Minimise Harm:** Avoid actions that could compromise user privacy, data integrity, or system availability;
**(b)** **Respect Boundaries:** Cease testing when requested or when encountering systems outside our scope;
**(c)** **Professional Conduct:** Maintain professional standards in all communications and interactions;
**(d)** **Community Benefit:** Focus on activities that benefit the broader security community and user protection.
### 9.4 Reporting Regulatory Concerns
If vulnerability research reveals potential regulatory compliance issues or legal violations:
**(a)** Include such concerns in your initial vulnerability report;
**(b)** We will assess the regulatory implications as part of our investigation;
**(c)** We may need to report certain types of vulnerabilities to relevant regulatory authorities;
**(d)** Researchers will be kept informed of any regulatory reporting requirements that may affect disclosure timelines.
## 10. CONTACT INFORMATION AND SUPPORT
### 10.1 Primary Security Contact
For all security-related matters, including vulnerability reports, questions about this Policy, and general security inquiries:
**Email:** security@nhcarrigan.com
**Response Time:** We aim to respond to all security inquiries within 24 hours during business days
**Emergency Contact:** For critical security issues requiring immediate attention, mark your email with [URGENT] in the subject line
### 10.2 Alternative Contact Methods
If you are unable to use our primary email contact:
**General Support:** contact@nhcarrigan.com (clearly mark security-related messages)
**Community Forum:** https://forum.nhcarrigan.com (for general security discussions only, not vulnerability reports)
**Documentation:** This Policy and related security documentation is maintained at our official documentation site
### 10.3 Response Commitments and Service Levels
We commit to maintaining the following response standards:
**(a)** **Initial Acknowledgement:** All security reports acknowledged within 24-72 hours;
**(b)** **Status Updates:** Regular progress updates provided at least weekly for active investigations;
**(c)** **Technical Clarification:** Response to technical questions within 2-3 business days;
**(d)** **Escalation Path:** Clear escalation procedures for urgent matters or communication issues.
### 10.4 Communication Preferences and Requirements
To ensure effective communication:
**(a)** **Language:** All communications should be in English to ensure proper understanding and response;
**(b)** **Technical Detail:** Provide sufficient technical detail to enable reproduction and assessment;
**(c)** **Contact Information:** Include reliable contact information for follow-up questions;
**(d)** **Time Zone Considerations:** Our primary response times are based on Pacific Standard Time business hours.
### 10.5 Support Resources
Additional resources available to security researchers:
**(a)** **Documentation:** Comprehensive security policy documentation and guidelines;
**(b)** **Community Support:** Access to our community forums for general security discussions;
**(c)** **Educational Resources:** Links to security research best practices and legal guidelines;
**(d)** **Feedback Mechanisms:** Opportunities to provide feedback on our security policies and procedures.
## 11. POLICY UPDATES AND MAINTENANCE
### 11.1 Regular Review and Updates
This Security Policy is reviewed and updated regularly to ensure:
**(a)** **Legal Compliance:** Alignment with current laws and regulations;
**(b)** **Best Practices:** Incorporation of industry best practices and standards;
**(c)** **Community Feedback:** Response to input from security researchers and community members;
**(d)** **Operational Experience:** Refinement based on our experience with vulnerability reports and security incidents.
### 11.2 Change Notification Process
Changes to this Policy will be communicated through:
**(a)** **Direct Notification:** Email notification to researchers who have previously submitted reports;
**(b)** **Public Announcement:** Updates posted on our website and community forums;
**(c)** **Documentation Updates:** Version-controlled updates to our official documentation;
**(d)** **Industry Channels:** Notification through relevant security community channels where appropriate.
### 11.3 Effective Date and Implementation
Policy updates will:
**(a)** Include clear effective dates for all changes;
**(b)** Provide reasonable notice periods for significant changes;
**(c)** Maintain backward compatibility for ongoing vulnerability reports;
**(d)** Include transition procedures for any changes affecting active security research.
### 11.4 Feedback and Continuous Improvement
We welcome feedback on this Policy from:
**(a)** Security researchers who have participated in our vulnerability disclosure process;
**(b)** Legal and compliance professionals familiar with relevant regulations;
**(c)** Industry peers and security community members;
**(d)** Internal team members involved in security operations and incident response.
## 12. ACKNOWLEDGEMENTS AND RECOGNITION
### 12.1 Community Appreciation
We extend our sincere gratitude to the global security research community for their valuable contributions to improving the security of our systems and protecting our users. The collaborative approach to security research benefits everyone and represents the best of community-driven innovation.
### 12.2 Commitment to Excellence
This Security Policy represents our ongoing commitment to:
**(a)** **Transparency:** Maintaining open and honest communication about our security practices;
**(b)** **Collaboration:** Working cooperatively with researchers to address security concerns;
**(c)** **Continuous Improvement:** Regularly enhancing our security measures and response procedures;
**(d)** **User Protection:** Prioritising the security and privacy of our users above all other considerations.
### 12.3 Future Development
We are committed to the ongoing development and improvement of our security programme, including:
**(a)** Regular assessment of our security policies and procedures;
**(b)** Investment in security tools and technologies;
**(c)** Training and professional development for our security team;
**(d)** Engagement with the broader security community and industry initiatives.
**Last Updated:** [Date to be inserted]
**Effective Date:** [Date to be inserted]
**Policy Version:** 2.0
---
*By reporting a security vulnerability to us, you acknowledge that you have read, understood, and agree to comply with this Security Policy. This Policy is designed to promote responsible security research whilst protecting the interests of our users, our organisation, and the broader community. For questions about this Policy or to report security vulnerabilities, please contact us at security@nhcarrigan.com.*
src/content/docs/legal/subprocessors.md
+505 -17
View File
@@ -2,28 +2,516 @@
title: Data Subprocessors
---
## 1. Subprocessors
# DATA SUBPROCESSORS AND THIRD-PARTY PROCESSING
The following entities process your data on our behalf. Interacting with our applications is subject to the privacy policies and terms of these entities.
**TRANSPARENCY IN DATA PROCESSING RELATIONSHIPS**
### 1.1. Primary Subprocessors
## 1. INTRODUCTION AND OVERVIEW
These entities directly store, manage, or handle our application data.
### 1.1 Purpose and Scope
| Entity | Data Processed |
| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Anthropic | Messages/commands sent to and from any of our applications that use an AI integration. |
| DigitalOcean | Any data transmitted over the network to and from our applications. |
| MongoDB | Any data provided to our applications when you interact with them. |
| Stripe | Information provided during the identity and age verification processes necessary to access certain applications and community channels, and payment information for invoices. |
This document provides comprehensive information about third-party entities that process personal data on behalf of nhcarrigan ("we," "us," "our," or "the Company"). By using our services, you acknowledge that your data may be processed by these subprocessors in accordance with their respective privacy policies and our contractual agreements.
### 1.2. Secondary Subprocessors
### 1.2 Legal Framework
In addition to our primary subprocessors, platforms and services you engage with in order to interface with our applications maintain their own privacy policies, and may store your data pursuant to those policies.
This disclosure is provided in accordance with:
Such platforms include, but are not limited to:
**(a)** Data protection regulations requiring transparency about third-party processing;
- Discord
- GitHub
- Paypal
- Twitch
**(b)** Our commitment to user privacy and informed consent;
**(c)** Contractual obligations with our users regarding data processing;
**(d)** Industry best practices for data processing transparency.
### 1.3 Data Processing Principles
All subprocessor relationships are governed by:
**(a)** **Purpose Limitation:** Data processing is limited to specified, legitimate purposes;
**(b)** **Data Minimisation:** Only necessary data is shared with subprocessors;
**(c)** **Security Requirements:** All subprocessors must maintain appropriate security measures;
**(d)** **Contractual Protection:** Formal agreements govern all data processing relationships.
### 1.4 User Rights and Protections
Your rights regarding subprocessor data processing include:
**(a)** **Transparency:** Full disclosure of all entities processing your data;
**(b)** **Consent:** Your continued use constitutes consent to the processing described;
**(c)** **Control:** Rights to access, correct, and delete data processed by subprocessors;
**(d)** **Notice:** Advance notification of changes to subprocessor arrangements.
## 2. PRIMARY SUBPROCESSORS
### 2.1 Definition and Role
Primary subprocessors are third-party entities that directly process, store, or manage data on our behalf as part of our core service delivery. These relationships involve direct contractual arrangements and technical integrations.
### 2.2 Primary Subprocessor Details
#### 2.2.1 Anthropic
**Data Processing Role:** Artificial Intelligence and Natural Language Processing
**Types of Data Processed:**
- Messages and commands sent to and from applications utilising AI integration services
- User interactions with AI-powered features
- Content analysis for service improvement and safety
**Processing Purpose:**
- Providing AI-powered responses and functionality
- Natural language understanding and generation
- Content moderation and safety filtering
- Service improvement and optimisation
**Data Transfer Mechanism:** Encrypted API communications
**Retention Period:** As specified in Anthropic's data retention policies
**Security Measures:** Industry-standard encryption and access controls
**Location:** United States
**Privacy Policy:** https://www.anthropic.com/privacy
#### 2.2.2 DigitalOcean
**Data Processing Role:** Infrastructure and Hosting Services
**Types of Data Processed:**
- All data transmitted over networks to and from our applications
- System logs and performance metrics
- Backup data and system configurations
- Network traffic metadata
**Processing Purpose:**
- Providing cloud infrastructure and hosting services
- Ensuring system availability and performance
- Maintaining security and monitoring systems
- Data backup and disaster recovery
**Data Transfer Mechanism:** Encrypted network transmission
**Retention Period:** As required for service provision and legal compliance
**Security Measures:** SOC 2 Type II compliance, encryption, access controls
**Location:** Multiple global data centres (primarily United States and Europe)
**Privacy Policy:** https://www.digitalocean.com/legal/privacy-policy
#### 2.2.3 MongoDB
**Data Processing Role:** Database Management and Storage
**Types of Data Processed:**
- All structured data provided to our applications through user interactions
- User account information and preferences
- Application data and user-generated content
- System configuration and metadata
**Processing Purpose:**
- Providing database hosting and management services
- Ensuring data availability and integrity
- Facilitating data backup and recovery
- Supporting application functionality
**Data Transfer Mechanism:** Encrypted database connections
**Retention Period:** As configured in our data retention policies
**Security Measures:** Encryption at rest and in transit, access controls, audit logging
**Location:** Configurable global regions (primarily United States)
**Privacy Policy:** https://www.mongodb.com/legal/privacy-policy
#### 2.2.4 Stripe
**Data Processing Role:** Payment Processing and Identity Verification
**Types of Data Processed:**
- Payment information including credit card details and billing addresses
- Identity verification information for age and identity confirmation
- Transaction history and payment method data
- Information necessary for regulatory compliance (KYC/AML)
**Processing Purpose:**
- Processing payments and managing billing
- Verifying user identity and age for service access
- Preventing fraud and ensuring regulatory compliance
- Managing subscriptions and recurring payments
**Data Transfer Mechanism:** PCI DSS compliant encrypted transmissions
**Retention Period:** As required by payment regulations and Stripe policies
**Security Measures:** PCI DSS Level 1 compliance, tokenisation, fraud detection
**Location:** Global processing infrastructure with data residency options
**Privacy Policy:** https://stripe.com/privacy
## 3. SECONDARY SUBPROCESSORS
### 3.1 Definition and Role
Secondary subprocessors are platforms and services that users interact with directly to access our services. While we do not have direct contractual control over these entities, user interaction with our services through these platforms may result in data processing by these entities under their own terms and policies.
### 3.2 Platform Integration Notice
When you access our services through third-party platforms, your interactions are subject to both our privacy policy and the privacy policies of these platforms. We recommend reviewing the privacy policies of all platforms you use to access our services.
### 3.3 Secondary Subprocessor Platforms
#### 3.3.1 Discord
**Relationship Type:** Community Platform Integration
**Data Processing Context:**
- User interactions in Discord servers managed by or affiliated with nhcarrigan
- Bot services and integrations provided through Discord
- Community management and moderation activities
**User Responsibility:** Review Discord's Privacy Policy and Terms of Service
**Privacy Policy:** https://discord.com/privacy
#### 3.3.2 GitHub
**Relationship Type:** Development Platform and Code Repository
**Data Processing Context:**
- Contributions to open-source projects
- Issue reporting and feature requests
- Code repository access and version control
- Development collaboration activities
**User Responsibility:** Review GitHub's Privacy Statement and Terms of Service
**Privacy Policy:** https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
#### 3.3.3 PayPal
**Relationship Type:** Alternative Payment Processing
**Data Processing Context:**
- Payment processing for services and donations
- Transaction history and payment verification
- Dispute resolution and customer service
**User Responsibility:** Review PayPal's Privacy Statement and User Agreement
**Privacy Policy:** https://www.paypal.com/us/legalhub/privacy-full
#### 3.3.4 Twitch
**Relationship Type:** Live Streaming Platform Integration
**Data Processing Context:**
- Live streaming services and chat interactions
- Channel management and viewer analytics
- Content delivery and broadcasting services
**User Responsibility:** Review Twitch's Privacy Notice and Terms of Service
**Privacy Policy:** https://www.twitch.tv/p/legal/privacy-notice
## 4. SUBPROCESSOR MANAGEMENT AND GOVERNANCE
### 4.1 Due Diligence Process
Before engaging any primary subprocessor, we conduct comprehensive due diligence including:
**(a)** **Security Assessment:** Evaluation of data security measures and certifications;
**(b)** **Privacy Review:** Analysis of privacy policies and data processing practices;
**(c)** **Compliance Verification:** Confirmation of regulatory compliance and certifications;
**(d)** **Contract Negotiation:** Establishment of data processing agreements with appropriate protections.
### 4.2 Ongoing Monitoring
We maintain ongoing oversight of subprocessor relationships through:
**(a)** **Regular Audits:** Periodic review of subprocessor security and privacy practices;
**(b)** **Performance Monitoring:** Assessment of service quality and compliance;
**(c)** **Incident Management:** Coordination on security incidents and data breaches;
**(d)** **Contract Management:** Regular review and update of contractual terms.
### 4.3 Data Processing Agreements
All primary subprocessors are bound by data processing agreements that include:
**(a)** **Purpose Limitation:** Specific restrictions on data use and processing purposes;
**(b)** **Security Requirements:** Mandatory security controls and incident response procedures;
**(c)** **Confidentiality:** Strict confidentiality and non-disclosure obligations;
**(d)** **Audit Rights:** Our right to audit subprocessor data processing practices.
### 4.4 Subprocessor Change Management
Changes to subprocessor arrangements are managed through:
**(a)** **Impact Assessment:** Evaluation of privacy and security implications;
**(b)** **User Notification:** Advance notice to users of significant changes;
**(c)** **Transition Planning:** Careful planning to minimise service disruption;
**(d)** **Documentation Updates:** Timely updates to this disclosure document.
## 5. DATA TRANSFER AND SECURITY
### 5.1 International Data Transfers
When data is transferred internationally to subprocessors, we ensure appropriate safeguards through:
**(a)** **Adequacy Decisions:** Reliance on jurisdictions with adequate data protection laws;
**(b)** **Standard Contractual Clauses:** Implementation of EU Standard Contractual Clauses where applicable;
**(c)** **Certification Schemes:** Use of subprocessors with recognised privacy certifications;
**(d)** **Binding Corporate Rules:** Acceptance of subprocessors with approved internal data transfer rules.
### 5.2 Security Requirements
All primary subprocessors must maintain security measures including:
**(a)** **Encryption:** Data encryption both in transit and at rest;
**(b)** **Access Controls:** Role-based access controls and multi-factor authentication;
**(c)** **Monitoring:** Continuous monitoring for security threats and incidents;
**(d)** **Incident Response:** Established procedures for responding to security incidents.
### 5.3 Compliance and Certifications
We prefer subprocessors with recognised compliance certifications such as:
**(a)** **SOC 2 Type II:** System and Organisation Controls for service organisations;
**(b)** **ISO 27001:** International standard for information security management;
**(c)** **PCI DSS:** Payment Card Industry Data Security Standard (for payment processors);
**(d)** **GDPR Compliance:** Demonstrated compliance with General Data Protection Regulation.
### 5.4 Data Breach Response
In the event of a data breach involving a subprocessor:
**(a)** **Immediate Notification:** Subprocessors must notify us within 24 hours;
**(b)** **Impact Assessment:** Joint assessment of the scope and impact of the breach;
**(c)** **User Notification:** Prompt notification to affected users where required;
**(d)** **Remediation:** Collaborative efforts to contain and remedy the breach.
## 6. USER RIGHTS AND CONTROL
### 6.1 Transparency Rights
Users have the right to:
**(a)** **Information:** Full transparency about subprocessor data processing activities;
**(b)** **Updates:** Regular updates about changes to subprocessor arrangements;
**(c)** **Access:** Information about how to exercise rights with each subprocessor;
**(d)** **Contact:** Direct communication channels for subprocessor-related concerns.
### 6.2 Data Subject Rights
Regarding data processed by subprocessors, users may:
**(a)** **Request Access:** Obtain information about data processing activities;
**(b)** **Seek Rectification:** Request correction of inaccurate data;
**(c)** **Demand Erasure:** Request deletion of personal data in certain circumstances;
**(d)** **Restrict Processing:** Limit how data is processed by subprocessors.
### 6.3 Exercise of Rights
To exercise rights regarding subprocessor data processing:
**(a)** **Primary Contact:** Contact us at privacy@nhcarrigan.com for coordination;
**(b)** **Direct Contact:** Contact subprocessors directly using their provided channels;
**(c)** **Documentation:** Provide sufficient information to verify identity and specify requests;
**(d)** **Response Time:** Allow reasonable time for investigation and response.
### 6.4 Complaint Mechanisms
If you have concerns about subprocessor data processing:
**(a)** **Internal Escalation:** Raise concerns through our customer support channels;
**(b)** **Supervisory Authorities:** Contact relevant data protection authorities;
**(c)** **Legal Remedies:** Pursue legal remedies available in your jurisdiction;
**(d)** **Alternative Resolution:** Participate in mediation or arbitration where available.
## 7. UPDATES AND CHANGES
### 7.1 Change Notification Process
We will notify users of changes to subprocessor arrangements through:
**(a)** **Email Notification:** Direct notification to registered users for significant changes;
**(b)** **Website Updates:** Updates to this document with change logs and effective dates;
**(c)** **Service Notifications:** In-app notifications where technically feasible;
**(d)** **Community Announcements:** Public announcements in community forums.
### 7.2 Types of Changes Requiring Notification
Changes requiring advance notification include:
**(a)** **New Subprocessors:** Addition of new primary subprocessors;
**(b)** **Changed Processing:** Significant changes to data processing purposes or methods;
**(c)** **Location Changes:** Changes to data processing locations or jurisdictions;
**(d)** **Security Changes:** Material changes to security measures or protections.
### 7.3 Objection Rights
If you object to changes in subprocessor arrangements:
**(a)** **Notification Period:** We typically provide 30 days' notice of significant changes;
**(b)** **Objection Process:** You may object within the notification period;
**(c)** **Alternative Arrangements:** We will consider reasonable alternative arrangements where possible;
**(d)** **Service Termination:** You may terminate services if objections cannot be accommodated.
### 7.4 Emergency Changes
In emergency situations requiring immediate subprocessor changes:
**(a)** **Immediate Implementation:** Changes may be implemented without prior notice;
**(b)** **Prompt Notification:** Users will be notified as soon as reasonably possible;
**(c)** **Explanation:** Full explanation of the circumstances requiring emergency changes;
**(d)** **Remediation Options:** Information about available remediation options.
## 8. CONTACT INFORMATION AND SUPPORT
### 8.1 Primary Contact
For questions about subprocessor data processing:
**Email:** privacy@nhcarrigan.com
**Subject Line:** Subprocessor Data Processing Inquiry
**Response Time:** Within 5 business days for standard inquiries
### 8.2 Rights Requests
For exercising data subject rights regarding subprocessor processing:
**Email:** privacy@nhcarrigan.com
**Subject Line:** Data Subject Rights - Subprocessor
**Required Information:** Please include your full name, account information, and specific request details
### 8.3 Complaints and Concerns
For complaints about subprocessor data processing:
**Email:** privacy@nhcarrigan.com
**Subject Line:** Subprocessor Complaint
**Alternative:** Contact relevant supervisory authorities in your jurisdiction
### 8.4 Technical Support
For technical issues related to third-party platform integrations:
**Email:** support@nhcarrigan.com
**Community Forum:** https://forum.nhcarrigan.com
**Response Time:** Within 48 hours for technical support requests
## 9. COMPLIANCE AND REGULATORY INFORMATION
### 9.1 Regulatory Framework
This subprocessor disclosure is maintained in compliance with:
**(a)** **General Data Protection Regulation (GDPR):** EU data protection requirements;
**(b)** **California Consumer Privacy Act (CCPA):** California privacy law requirements;
**(c)** **Other Applicable Laws:** Additional data protection laws in relevant jurisdictions;
**(d)** **Industry Standards:** Best practices for data processing transparency.
### 9.2 Regular Review
This document is reviewed and updated:
**(a)** **Quarterly:** Regular quarterly review for accuracy and completeness;
**(b)** **Change-Triggered:** Updates following any changes to subprocessor arrangements;
**(c)** **Annual Audit:** Comprehensive annual audit of all subprocessor relationships;
**(d)** **Regulatory Updates:** Updates following changes in applicable laws or regulations.
### 9.3 Documentation Standards
We maintain documentation standards including:
**(a)** **Version Control:** Clear versioning and change tracking for all updates;
**(b)** **Audit Trail:** Complete records of all changes and their justifications;
**(c)** **Legal Review:** Review by qualified legal counsel before publication;
**(d)** **Stakeholder Input:** Consideration of feedback from users and privacy advocates.
**Document Version:** 2.0
**Last Updated:** [Date to be inserted]
**Next Review Date:** [Date to be inserted]
**Effective Date:** [Date to be inserted]
---
*This document provides transparency about our data processing relationships to help you make informed decisions about using our services. By using our services, you acknowledge understanding of these subprocessor arrangements and consent to the data processing described herein. For questions or concerns about subprocessor data processing, please contact us at privacy@nhcarrigan.com.*
src/content/docs/legal/terms.md
+259 -1024
View File
File diff suppressed because it is too large Load Diff