Unverified Commit 6f10f255 authored by Markus Kirsch's avatar Markus Kirsch Committed by gitbook-bot
Browse files

GitBook: [master] 638 pages modified

parent 97093421
......@@ -647,7 +647,9 @@
* [Terms of Service](legal/terms.md)
* [Master Services Agreement for Self Managed Workspaces](legal/master-services-agreement-for-self-managed-workspaces.md)
* [Privacy Policy](legal/privacy.md)
* [Privacy Policy](legal/privacy/README.md)
* [Data Processing Agreement](legal/privacy/data-processing-agreement.md)
* [Subprocessors](legal/privacy/subprocessors.md)
* [Code of Conduct](legal/code-of-conduct.md)
* [GDPR](legal/gdpr.md)
* [Censorship and Harmful Content](legal/censorship-and-harmful-content.md)
......
# Censorship and Harmful Content
Last updated: May 6th 2020
Last updated: September 24th, 2020
## Our stance on harmful content and censorship in Rocket.Chat
......@@ -8,13 +8,15 @@ Our position:
Rocket.Chat is built to be an open and free communication platform. We want everyone to be able to run it and use our platform freely and to improve people's lives. Today, our platform is used for myriads of different purposes, according to how our users deem it fit for their purposes.
We also do not want to be the judges on what constitutes the “right” way to use Rocket.Chat. Moral values differ from person to person and laws often collide over highly debated issues such as free speech. We believe the users of Rocket.Chat know best how to use our platform to their benefit.
We also do not want to be the judges on what constitutes the “right” way to use Rocket.Chat. Moral values differ from person to person and laws often collide over highly debated issues such as free speech. We believe the users of Rocket.Chat know best how to use our platform to their and everyone else's benefit.
### How does Rocket.Chat deal with reports of illegal content?
Sometimes, our organization receives a request from a law enforcement body with the aim to produce a certain set of user data to aid in a criminal investigation. Or there might be a request to take down content that has been deemed illegal. We treat these requests very carefully and - where we are able and obliged to help - bring this to the attention of the administrator of the instance. Oftentimes, we cannot do anything though.
That is because we have no way to access or control Rocket.Chat servers. Our platform is open source and has no backdoors or whatsoever to allow us to remotely access your installations. In case of instances hoste by us for others, we forward them to the respective administrator. Where the request is about content on a server directly under our control, such as our Open Server, you can contact us directly under legal@rocket.chat.\).
That is because we have no way to access or control self-managed Rocket.Chat servers. Self-managed means that Rocket.Chat is installed on a server we do not own. Our platform is open source and has no backdoors or whatsoever to allow us to remotely access your installations.
In case of Rocket.Chat instances hosted by us for others, we forward reports to the respective administrator and if determined an obvious breach of terms of service we can terminate the hosting. Where the request is about content on a server directly under our control, such as our Open Server, you can contact us directly under [legal@rocket.chat](mailto:legal@rocket.chat) and we will take action.
### Resources for Administrators Be Notified About Harmful Content
......@@ -29,7 +31,7 @@ With this being the current situation, we wanted to share our stance on how we a
* We do not endorse illegal or unethical usage of Rocket.Chat in any way. We understand these terms to be relative and to be interpreted in their local context.
* We want Rocket.Chat to be a platform that allows for free and unrestricted communication. We do not plan or want to build any kind of backdoor, censorship tool or hidden remote control mechanism into Rocket.Chat.
* Administrators are the ones in control over their installation. Administrators are responsible for their decisions on configuration and content moderation within their instance.
* We comply with valid local or international law enforcement requests to produce user data and inform our users affected by these requests.
* We comply with valid local or international law enforcement requests to remove content or produce user data and inform our users affected by these requests.
* On our Open Server run by us, we want to provide users a positive and fun environment to test our platform and get in touch with us.
**While none of these principles are absolute, they are guiding our actions.**
......@@ -44,23 +46,25 @@ If you do not know who is your administrator, you can check the DNS records for
As an ultimate resort, you may want to reach out to the law enforcement body in charge of investigating the potential offense in question. They will tell you the legal remedies available and the potential next steps to take.
**For administrators:** If you are an administrator, you might have an interest in moderating the content in your instance. Notable features that can help you with that are:
**For administrators:** If you are an administrator, you might have an interest in moderating the content that users create or put in your instance. Notable features that can help you with that are:
* Making use of the “moderator”-permission in channels to appoint individuals to purge or modify inappropriate messages
* Notification feature for the use of specified words of phrases
* Blacklisting certain words or phrases
* Notifying your users of applicable policies via e.g. pinning messages or adding an announcement to the room
* Requiring confirmation of user registration by an administrator, to prevent unvetted users from posting messages
* Enabling end-to-end encryption: with end-to-end encryption enabled, only an encrypted string of the message is stored on the server. This however prevents content auditing via administrators and moves responsibility for content moderation to users.
* Enabling or disabling end-to-end encryption: with end-to-end encryption enabled, only an encrypted string of the message is stored on the server. This however prevents content auditing via administrators and moves responsibility for content moderation to users.
* Turning on GoogleVision integration for image uploads, which has options to block images containing graphic or adult content
All of these features are optional to choose, so you have the total flexibility in what to apply in your specific case. Let us know which kind of features you are currently missing - but would find useful - by opening feature requests in our Github repository \(link\).
All of these features are optional to choose, so you have the total flexibility in what to apply in your specific case. Let us know which kind of features you are currently missing - but would find useful - by opening feature requests in [our Github repository](https://github.com/RocketChat/feature-requests).
**For law enforcement:** We sometimes receive requests from law enforcement to remove content from certain Rocket.Chat instances. We have published guidelines for law enforcement \(link\), how we deal with requests and what to consider before submitting a request to us as the legal entity behind Rocket.Chat.
**For law enforcement:** We sometimes receive requests from law enforcement to remove content from certain Rocket.Chat instances. We have published [guidelines for law enforcement](https://docs.rocket.chat/legal/guidelines-for-law-enforcement), how we deal with requests and what to consider before submitting a request to us as the legal entity behind Rocket.Chat.
**In summary:** In most cases, we cannot remove the majority of content, because it is outside of our control on servers we do not have \(and do not want\) access to. If the content in question is on our Open Server, we remove it if it is a breach of our code of conduct or if we are compelled by a law enforcement request. For servers hosted by us and under control of our customers, we remove content after notifying and in collaboration with the instance owner. For questions or contact, please use [legal@rocket.chat](mailto:legal@rocket.chat)
**In summary:** In most cases, we cannot remove the majority of content, because it is outside of our control on servers we do not have \(and do not want\) access to. If the content in question is on our Open Server, we remove it if it is a breach of our code of conduct or if we are compelled by a law enforcement request. For servers hosted by us and under control of our customers, we remove content after notifying and in collaboration with the customer or directly as a violation of our terms of service. For questions or contact, please use [legal@rocket.chat](mailto:legal@rocket.chat)
**For reporters and media requests:** Are you researching for an article about Rocket.Chat or where Rocket.Chat plays a role?
We would love to explain to you our stance in detail or get a chance to comment before you publish your article. Please reach out to [contact@rocket.chat](mailto:contact@rocket.chat) to get a comment from us on the topic in question.
\*\*\*\*
# Privacy Policy
_Effective date: September 11th, 2020_
_Effective date: August 12th, 2020_
Rocket.Chat Technologies Corp. \("us", "we", or "our"\) operates the [https://rocket.chat](https://rocket.chat) website, the [https://open.rocket.chat](https://open.rocket.chat) community server, the Marketplace, incl. associated Rocket.Chat Apps, Rocket.Chat´s Cloud Offering and the Rocket.Chat mobile applications \(the "Service"\).
......@@ -216,9 +216,7 @@ These third parties have access to your Personal Data only to perform these task
### Subprocessors
A list of our current subprocessors can be found here:
[Rocket.Chat subprocessor list](https://docs.rocket.chat/legal/privacy/subprocessors)
We employ the subprocessors to process personal data. The current list of subprocessors can be found [here](https://docs.rocket.chat/legal/privacy/subprocessors).
### Analytics
......
# Data Processing Agreement
Are you a Rocket.Chat customer and looking for a GDPR-compliant **data processing agreement \(DPA\)**?
You can find one here:
[Link to Data Processing Agreement Signature Form](https://sign.zoho.com/signform?form_link=234b4d535f49562351d2cf518ebdad978d344a54b95dc2f9d8a382d79fbed65b2fadf2781f81e4ad81514ab4f39f2fdfdfda6c03fd5beb4bbf48465bf2595f98447acd8bfaacb7d3#)
[Link to Data Processing Agreement Signature Form](https://sign.zoho.com/signform?form_link=234b4d535f495623d70dd82f224c3e5934721c48021f650513e1c4b57fe79e962ee536c2f6aad51c7368f76df5cf60d50d6f45c9f7bd43ad1092195a08b56917819b6128a6e5c1bd#)
It is **pre-signed** and only needs to be signed from your end for your compliance purposes. It contains EU standard contract clauses as a data transfer mechanism for data controllers subject to EU law.
It is **pre-signed** and only needs to be signed from your end for your compliance purposes. It contains EU standard contract clauses as a data transfer mechanism for data controllers subject to EU law. Keep in mind that our privacy policy is already part of any customer agreement and therefore already is deemed sufficient by most jurisdictions as a "contractual agreement" to prescribe our processing of personal data.
The data processing addendum might also make sense for customers, that run a **self-managed instance** of Rocket.Chat, but **connect to Rocket.Chat services** such as the push notification gateway or the marketplace. For this, you generally need to **register your server.** In these cases, personal data is processed by us to provide you these services and you might be required by the applicable laws to have a DPA in place. Our DPA is flexible enough to cover for these cases as well.
The DPA covers our hosted offering. The DPA can also cover cases of customers, that run a **self-managed instance** of Rocket.Chat, but **connect to Rocket.Chat services** such as the push notification gateway or the marketplace. For this, you generally need to **register your server.** In these cases, personal data is processed by us to provide you these services and you might be required by the applicable laws to have a DPA in place. Our DPA is flexible enough to cover for these cases as well.
_Info: The DPA is not valid for individual Rocket.Chat users. For them, only our privacy policy applies. It also does not cover processing of third-party apps from our marketplace \(beyond us providing the capability to consume such apps\) and in case of multiple DPAs being submitted, only the most recent version applies._
_Info: The DPA is not valid for individual Rocket.Chat users \(individual persons\). For them, only the privacy policy of their Rocket.Chat workspace \(provided by the data controller\) applies. This DPA also does not cover processing of third-party apps from our marketplace \(beyond us providing the capability to consume such apps\) and in case of multiple DPAs being submitted, only the most recent version applies._
**How does it work?**
1. Click the link to request your copy. Enter your email-address and you will receive an authentication code to your email.
2. Enter your authentication code and accept the ZOHO Sign Terms and Conditions for Electronic Signature.
3. Fill out the remaining fields, such as company name and address. Check optional fields and enter additional information into the text boxes. Keep in mind that excluding certain types of personal data but effectively entering them into our services does not preclude us from processing such data.
3. Fill out the remaining fields, such as company name and address. Check optional fields and enter additional information into the text boxes. Keep in mind that excluding certain types of personal data but effectively entering them into our services does not preclude us from processing such data. You can forward the document to be signed by someone else, by using the function within ZOHO Sign.
4. Once all mandatory fields are filled out, click "finish".
5. Choose your delivery method \(download a copy or send via email\)
5. Choose your delivery method \(download a copy or send via email\). A copy of the DPA with your signature will be mailed to us automatically.
For questions, contact [privacy@rocket.chat](mailto:privacy@rocket.chat)
......@@ -2,9 +2,7 @@
This page lists Rocket.Chat's current subprocessors for personal data and is updated on a regular basis.
Last update: 10.09.2020
Last update: 24.09.2020
<table>
<thead>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment