dnt-policy.txt 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219
  1. Do Not Track Compliance Policy
  2. Version 1.0
  3. This domain complies with user opt-outs from tracking via the "Do Not Track"
  4. or "DNT" header [http://www.w3.org/TR/tracking-dnt/]. This file will always
  5. be posted via HTTPS at https://example-domain.com/.well-known/dnt-policy.txt
  6. to indicate this fact.
  7. SCOPE
  8. This policy document allows an operator of a Fully Qualified Domain Name
  9. ("domain") to declare that it respects Do Not Track as a meaningful privacy
  10. opt-out of tracking, so that privacy-protecting software can better determine
  11. whether to block or anonymize communications with this domain. This policy is
  12. intended first and foremost to be posted on domains that publish ads, widgets,
  13. images, scripts and other third-party embedded hypertext (for instance on
  14. widgets.example.com), but it can be posted on any domain, including those users
  15. visit directly (such as www.example.com). The policy may be applied to some
  16. domains used by a company, site, or service, and not to others. Do Not Track
  17. may be sent by any client that uses the HTTP protocol, including websites,
  18. mobile apps, and smart devices like TVs. Do Not Track also works with all
  19. protocols able to read HTTP headers, including SPDY.
  20. NOTE: This policy contains both Requirements and Exceptions. Where possible
  21. terms are defined in the text, but a few additional definitions are included
  22. at the end.
  23. REQUIREMENTS
  24. When this domain receives Web requests from a user who enables DNT by actively
  25. choosing an opt-out setting in their browser or by installing software that is
  26. primarily designed to protect privacy ("DNT User"), we will take the following
  27. measures with respect to those users' data, subject to the Exceptions, also
  28. listed below:
  29. 1. END USER IDENTIFIERS:
  30. a. If a DNT User has logged in to our service, all user identifiers, such as
  31. unique or nearly unique cookies, "supercookies" and fingerprints are
  32. discarded as soon as the HTTP(S) response is issued.
  33. Data structures which associate user identifiers with accounts may be
  34. employed to recognize logged in users per Exception 4 below, but may not
  35. be associated with records of the user's activities unless otherwise
  36. excepted.
  37. b. If a DNT User is not logged in to our service, we will take steps to ensure
  38. that no user identifiers are transmitted to us at all.
  39. 2. LOG RETENTION:
  40. a. Logs with DNT Users' identifiers removed (but including IP addresses and
  41. User Agent strings) may be retained for a period of 10 days or less,
  42. unless an Exception (below) applies. This period of time balances privacy
  43. concerns with the need to ensure that log processing systems have time to
  44. operate; that operations engineers have time to monitor and fix technical
  45. and performance problems; and that security and data aggregation systems
  46. have time to operate.
  47. b. These logs will not be used for any other purposes.
  48. 3. OTHER DOMAINS:
  49. a. If this domain transfers identifiable user data about DNT Users to
  50. contractors, affiliates or other parties, or embeds from or posts data to
  51. other domains, we will either:
  52. b. ensure that the operators of those domains abide by this policy overall
  53. by posting it at /.well-known/dnt-policy.txt via HTTPS on the domains in
  54. question,
  55. OR
  56. ensure that the recipient's policies and practices require the recipient
  57. to respect the policy for our DNT Users' data.
  58. OR
  59. obtain a contractual commitment from the recipient to respect this policy
  60. for our DNT Users' data.
  61. NOTE: if an “Other Domain” does not receive identifiable user information
  62. from the domain because such information has been removed, because the
  63. Other Domain does not log that information, or for some other reason, these
  64. requirements do not apply.
  65. c. "Identifiable" means any records which are not Anonymized or otherwise
  66. covered by the Exceptions below.
  67. 4. PERIODIC REASSERTION OF COMPLIANCE:
  68. At least once every 12 months, we will take reasonable steps commensurate
  69. with the size of our organization and the nature of our service to confirm
  70. our ongoing compliance with this document, and we will publicly reassert our
  71. compliance.
  72. 5. USER NOTIFICATION:
  73. a. If we are required by law to retain or disclose user identifiers, we will
  74. attempt to provide the users with notice (unless we are prohibited or it
  75. would be futile) that a request for their information has been made in
  76. order to give the users an opportunity to object to the retention or
  77. disclosure.
  78. b. We will attempt to provide this notice by email, if the users have given
  79. us an email address, and by postal mail if the users have provided a
  80. postal address.
  81. c. If the users do not challenge the disclosure request, we may be legally
  82. required to turn over their information.
  83. d. We may delay notice if we, in good faith, believe that an emergency
  84. involving danger of death or serious physical injury to any person
  85. requires disclosure without delay of information relating to the
  86. emergency.
  87. EXCEPTIONS
  88. Data from DNT Users collected by this domain may be logged or retained only in
  89. the following specific situations:
  90. 1. CONSENT / "OPT BACK IN"
  91. a. DNT Users are opting out from tracking across the Web. It is possible
  92. that for some feature or functionality, we will need to ask a DNT User to
  93. "opt back in" to be tracked by us across the entire Web.
  94. b. If we do that, we will take reasonable steps to verify that the users who
  95. select this option have genuinely intended to opt back in to tracking.
  96. One way to do this is by performing scientifically reasonable user
  97. studies with a representative sample of our users, but smaller
  98. organizations can satisfy this requirement by other means.
  99. c. Where we believe that we have opt back in consent, our server will
  100. send a tracking value status header "Tk: C" as described in section 6.2
  101. of the W3C Tracking Preference Expression draft:
  102. http://www.w3.org/TR/tracking-dnt/#tracking-status-value
  103. 2. TRANSACTIONS
  104. If a DNT User actively and knowingly enters a transaction with our
  105. services (for instance, clicking on a clearly-labeled advertisement,
  106. posting content to a widget, or purchasing an item), we will retain
  107. necessary data for as long as required to perform the transaction. This
  108. may for example include keeping auditing information for clicks on
  109. advertising links; keeping a copy of posted content and the name of the
  110. posting user; keeping server-side session IDs to recognize logged in
  111. users; or keeping a copy of the physical address to which a purchased
  112. item will be shipped. By their nature, some transactions will require data
  113. to be retained indefinitely.
  114. 3. TECHNICAL AND SECURITY LOGGING:
  115. a. If, during the processing of the initial request (for unique identifiers)
  116. or during the subsequent 10 days (for IP addresses and User Agent strings),
  117. we obtain specific information that causes our employees or systems to
  118. believe that a request is, or is likely to be, part of a security attack,
  119. spam submission, or fraudulent transaction, then logs of those requests
  120. are not subject to this policy.
  121. b. If we encounter technical problems with our site, then, in rare
  122. circumstances, we may retain logs for longer than 10 days, if that is
  123. necessary to diagnose and fix those problems, but this practice will not be
  124. routinized and we will strive to delete such logs as soon as possible.
  125. 4. AGGREGATION:
  126. a. We may retain and share anonymized datasets, such as aggregate records of
  127. readership patterns; statistical models of user behavior; graphs of system
  128. variables; data structures to count active users on monthly or yearly
  129. bases; database tables mapping authentication cookies to logged in
  130. accounts; non-unique data structures constructed within browsers for tasks
  131. such as ad frequency capping or conversion tracking; or logs with truncated
  132. and/or encrypted IP addresses and simplified User Agent strings.
  133. b. "Anonymized" means we have conducted risk mitigation to ensure
  134. that the dataset, plus any additional information that is in our
  135. possession or likely to be available to us, does not allow the
  136. reconstruction of reading habits, online or offline activity of groups of
  137. fewer than 5000 individuals or devices.
  138. c. If we generate anonymized datasets under this exception we will publicly
  139. document our anonymization methods in sufficient detail to allow outside
  140. experts to evaluate the effectiveness of those methods.
  141. 5. ERRORS:
  142. From time to time, there may be errors by which user data is temporarily
  143. logged or retained in violation of this policy. If such errors are
  144. inadvertent, rare, and made in good faith, they do not constitute a breach
  145. of this policy. We will delete such data as soon as practicable after we
  146. become aware of any error and take steps to ensure that it is deleted by any
  147. third-party who may have had access to the data.
  148. ADDITIONAL DEFINITIONS
  149. "Fully Qualified Domain Name" means a domain name that addresses a computer
  150. connected to the Internet. For instance, example1.com; www.example1.com;
  151. ads.example1.com; and widgets.example2.com are all distinct FQDNs.
  152. "Supercookie" means any technology other than an HTTP Cookie which can be used
  153. by a server to associate identifiers with the clients that visit it. Examples
  154. of supercookies include Flash LSO cookies, DOM storage, HTML5 storage, or
  155. tricks to store information in caches or etags.
  156. "Risk mitigation" means an engineering process that evaluates the possibility
  157. and likelihood of various adverse outcomes, considers the available methods of
  158. making those adverse outcomes less likely, and deploys sufficient mitigations
  159. to bring the probability and harm from adverse outcomes below an acceptable
  160. threshold.
  161. "Reading habits" includes amongst other things lists of visited DNS names, if
  162. those domains pertain to specific topics or activities, but records of visited
  163. DNS names are not reading habits if those domain names serve content of a very
  164. diverse and general nature, thereby revealing minimal information about the
  165. opinions, interests or activities of the user.