Sidepatch Considers Itself to be the Guardian of Your Information
General Data Protection Regulation
General Data Protection Regulation or GDPR is the EC regulation, which also has an extraterritorial effect - it applies to every organization doing business with EU residents. The regulation or version thereof will soon be in the United Sates and every other country with citizens participating in Internet activities. First and foremost, there is no such thing as GDPR compliant software or code upon which Sidepatch publishes and operates on one.
GDPR is a regulation for organizations, such as Sidepatch, that deal with the individual’s PII (Personally Identifiable Information), which includes all data that could potentially be used to identify an individual. Organizations must enforce GDPR compliance, including the new principles for user consent; the right to be forgotten; and many others. GDPR also states that software, which is used to handle PII, must follow the principles of Security by Design (SbD) and Privacy by Design (PbD). Both are rather broad and theoretical principles, not formally defined yet.
Thus, software could be following the SbD and PbD principles, but that does not make it GDPR compliant. Such design only helps to be GDPR compliant.
GDPR compliance is a matter of a combination of the organizational practices, legal practices, information availability and software configuration.
Our platform is a 100% open-source, highly configurable platform. Sidepatch as an entity assumes full control and full responsibility for our website practices and any compliance requirements.
Our goal is to gradually introduce functionality that helps to establish a GDPR-compliant website configuration. Some of the requirements are already catered for; some require more time and some are still too fuzzy or impossible to process. We are doing the utmost to ensure our policies, website disclaimers and internal process is in alignment with the current state of the GDPR situation.
We will be addressing the following main aspects of this law in the following way:
We inform you as to who we are, why we collect the data, for how long, and who receives it.
This requirement includes and goes beyond the old "European cookie law". We plan to include a site announcement feature (pop-up and link on registration) briefly explaining that the site is collecting personal data and that the details are listed on the Terms and About Us pages.
Sidepatch must have a clear consent, before collecting any data.
The GDPR-notice setting, when activated, will prevent registrations without consent.
Let users access their data, and take it with them.
This is by far the most controversial and unclear requirement. While users can be easily given a "Sidepatch-style" download-package of their data, GDPR postulates broader requirements that include the ability to use that data elsewhere (on another platform). In the absence of an industry-wide standard for data-portability, this requirement is downright impossible to implement. We would be most happy to see such standard developed and applied, as it would mean that users would be finally able to take their Sidepatch/Twitter/Linkedin data and port it elsewhere such as another community site. We are actively supporting such projects and currently working through our programming company on our own blockchain-based specification for the same. Until such standard is available, we will be offering a module that allows users to download their posts/comments in most generic format. The first version of this module will be available before May 25, 2018. Further development and updates will follow.
Let users delete their data
The Account deletion feature in Sidepatch already supports the full removal of the user data and posted content. Content that has been "shared" or "quoted" does not constitute the user content and therefore cannot be deleted.
It is important to note, that this requirement supposedly covers data backups, which for all practical purposes cannot be "edited" to remove specific user-data. The backup policy of Sidepatch is to only maintain backups for no more than 72 hours and purge all the older backups thus deleting the information as requested by the client.
Let users know if data breaches occur
We will inform you in a timely manner of any data breach that may occur.
The biggest question of all here is the data-protection.
GDPR encourages Pseudonymization, Anonymization and Encryption of any data that can identify a user. While Sidepatch supports full-site SSL to process client-to-server and server-to-client data transmission, this requirement is much broader and more complicated.
In theory, we are required to obfuscate/hash/anonymize/etc datasets like names, aliases, addresses, etc. This includes access to the data by our program writers, site administrators and hosting operator, etc. - so it cannot be solved simply by visibility permissions. Moreover, we may start collecting personal data via custom form fields, which our platform would not identify as PII, and would not obfuscate in any way. Therefore, we, our programmers, and hosting operator due our utmost to ensure that the data to be tokenized is collected and handled in a correct way. For the provision of our services, some of the data (like Names) has to remain public (which may or may not be GDPR-compliant).
At this stage, there is no clear path to how we can accommodate for this requirement in a generic, customizable way. We seek and encourage any feedback on what may be the best option.
All-in-all the situation is incredibly uncertain. GDPR regulation, as it stands, effectively makes all current popular social networks and community sites, including Sidepatch, Twitter and Linkedin non-compliant to some degree. It also makes all Wordpress-powered, Joomla-powered, Drupal-powered and just about any CMS-powered websites non-compliant. In other words, 90% of the Internet is currently in breach of the GDPR law and it will take decades before that drops down to even 50%. Nobody really knows what to do about it exactly and there are plenty of services that should supposedly help with some parts of the puzzle, but none offer a full-scope guarantee. We will be observing the situation and will be providing whatever tools we possibly can to comply to the maximum extent we can to comply.
What kinds of information do we collect?
Depending on which Services you use, we collect different kinds of information from or about you.
Things you do and information you provide.
We collect the content and other information you provide when you use our Services, including when you sign up for an account, create or share, and message or communicate with others. This can include information in or about the content you provide, such as the location of a photo or the date a file was created. We also collect information about how you use our Services, such as the types of content you view or engage with or the frequency and duration of your activities.
Things others do and information they provide.
We also collect content and information that other people provide when they use our Services, including information about you, such as when they share a photo of you, send a message to you, or upload, sync or import your contact information.
Your networks and connections.
We collect information about the people and groups you are connected to and how you interact with them, such as the people you communicate with the most or the groups you like to share with. We also collect contact information you provide if you upload, sync or import this information (such as an address book) from a device.
Information about payments.
If you use our Services for purchases or financial transactions (like when you buy something on Sidepatch, make a purchase in a game, or make a donation), we collect information about the purchase or transaction. This includes your payment information, such as your credit or debit card number and other card information, and other account and authentication information, as well as billing, shipping and contact details.
We collect information from or about the computers, phones, or other devices where you install or access our Services, depending on the permissions you’ve granted. We may associate the information we collect from your different devices, which helps us provide consistent Services across your devices. Here are some examples of the device information we collect:
Attributes such as the operating system, hardware version, device settings, file and software names and types, battery and signal strength, and device identifiers.
Device locations, including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals.
Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address.
Information from websites and apps that use our Services.
We collect information when you visit or use third-party websites and apps that use our Services (like when they offer our Like button or Sidepatch Log In or use our measurement and advertising services). This includes information about the websites and apps you visit, your use of our Services on those websites and apps, as well as information the developer or publisher of the app or website provides to you or us.
Information from third-party partners.
We receive information about you and your activities on and off Sidepatch from third-party partners, such as information from a partner when we jointly offer services or from an advertiser about your experiences or interactions with them.
How do we use this information?
We are passionate about creating engaging and customized experiences for people. We use all of the information we have to help us provide and support our Services. Here’s how:
Provide, improve and develop Services.
We are able to deliver our Services, personalize content, and make
suggestions for you by using this information to understand how you use and
interact with our Services and the people or things you’re connected to and
interested in on and off our Services.
We also use information we have to provide shortcuts and suggestions to you. For example, we are able to suggest that your friend tag you in a picture by comparing your friend's pictures to information we've put together from your profile pictures and the other photos in which you've been tagged. If this feature is enabled for you, you can control whether we suggest that another user tag you in a photo using the “Timeline and Tagging” settings.
When we have location information, we use it to tailor our Services for you and others, like helping you to check-in and find local events or offers in your area or tell your friends that you are nearby.
We conduct surveys and research test features in development, and analyze the information we have to evaluate and improve products and services, develop new products or features, and conduct audits and troubleshooting activities.
Communicate with you.
We use your information to send you marketing communications, communicate with you about our Services and let you know about our policies and terms. We also use your information to respond to you when you contact us.
Show and measure ads and services.
We use the information we have to improve our advertising and measurement systems so we can show you relevant ads on and off our Services and measure the effectiveness and reach of ads and services.
Promote safety and security.
We use the information we have to help verify accounts and activity, and to promote safety and security on and off of our Services, such as by investigating suspicious activity or violations of our terms or policies. We work hard to protect your account using teams of engineers, automated systems, and advanced technology such as encryption and machine learning. We also offer easy-to-use security tools that add an extra layer of security to your account.
How is this information shared?
Sharing On Our Services
People use our Services to connect and share with others. We make this possible by sharing your information in the following ways:
People you share and communicate with.
When you share and communicate using our Services, you choose the audience who can see what you share. For example, when you post on Sidepatch, you select the audience for the post, such as a customized group of individuals, all of your Friends, or members of a Group. Likewise, when you use Messenger, you also choose the people you send photos to or message.
Public Information is any information you share with a public audience, as
well as information in your Public Profile, or content you share on a
Sidepatch Page or another public forum. Public information is available to
anyone on or off our Services and can be seen or accessed through online
search engines, APIs, and offline media, such as on TV.
In some cases, people you share and communicate with may download or re-share this content with others on and off our Services. When you comment on another person’s post or like their content on Sidepatch, that person decides the audience who can see your comment or like. If their audience is public, your comment will also be public.
People that see content others share about you.
Other people may use our Services to share content about you with the audience they choose. For example, people may share a photo of you, mention or tag you at a location in a post, or share information about you that you shared with them. If you have concerns with someone’s post, social reporting is a way for people to quickly and easily ask for help from someone they trust.
Apps, websites and third-party integrations on or using our Services.
When you use third-party apps, websites or other services that use, or are integrated with, our Services, they may receive information about what you post or share. For example, when you play a game with your Sidepatch friends or use the Sidepatch Comment or Share button on a website, the game developer or website may get information about your activities in the game or receive a comment or link that you share from their website on Sidepatch. In addition, when you download or use such third-party services, they can access your Public Profile, which includes your username or user ID, your age range and country/language, your list of friends, as well as any information that you share with them. Information collected by these apps, websites or integrated services is subject to their own terms and policies.
If the ownership or control of all or part of our Services or their assets changes, we may transfer your information to the new owner.
Sharing With Third-Party Partners and Customers
We work with third party companies who help us provide and improve our
Services or who use advertising or related products, which makes it
possible to operate our companies and provide free services to people
around the world.
Here are the types of third parties we can share information with about you:
Advertising, Measurement and Analytics Services (Non-Personally Identifiable Information Only).
We want our advertising to be as relevant and interesting as the other
information you find on our Services. With this in mind, we use all of the
information we have about you to show you relevant ads. We do not share
information that personally identifies you (personally identifiable
information is information like name or email address that can by itself be
used to contact you or identifies who you are) with advertising,
measurement or analytics partners unless you give us permission. We may
provide these partners with information about the reach and effectiveness
of their advertising without providing information that personally
identifies you, or if we have aggregated the information so that it does
not personally identify you. For example, we may tell an advertiser how its
ads performed, or how many people viewed their ads or installed an app
after seeing an ad, or provide non-personally identifying demographic
information (such as 25 year old female, in Madrid, who likes software
engineering) to these partners to help them understand their audience or
customers, but only after the advertiser has agreed to abide by our
Please review your advertising preferences to understand why you’re seeing a particular ad on Sidepatch. You can adjust your ad preferences if you want to control and manage your ad experience on Sidepatch.
Vendors, service providers and other partners.
We transfer information to vendors, service providers, and other partners who globally support our business, such as providing technical infrastructure services, analyzing how our Services are used, measuring the effectiveness of ads and services, providing customer service, facilitating payments, or conducting academic research and surveys. These partners must adhere to strict confidentiality obligations in a way that is consistent with this Data Policy and the agreements we enter into with them. To the maximum extent possible, we maintain control over membership’s data and oversee it such that it is not abused nor circumvented
How can I manage or delete information about me?
You can manage the content and information you share or download when you
use Sidepatch through the various tools you’ll find and through settings.
We store data for as long as it is necessary to provide products and services to you and others, including those described above. Information associated with your account will be kept until you delete your account, or we no longer need the data to provide products and services.
Please remember, the underlying purpose of Sidepatch is to maintain your profile in perpetuity. Still, you can delete your account any time. When you delete your account, we delete things you have posted, such as your photos and status updates. If you do not want to delete your account, but want to temporarily stop using Sidepatch, you may deactivate your account instead. Keep in mind that information that others have shared about you is not part of your account and will not be deleted when you delete your account.
How do we respond to legal requests or prevent harm?
We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; or to prevent death or imminent bodily harm. For example, we may provide information to third-party partners about the reliability of your account to prevent fraud and abuse on and off of our Services. Information we receive about you, including financial transaction data related to purchases made with Sidepatch, may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm. We also may retain information from accounts disabled for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.
How our global services operate
Sidepatch may share information internally within or with third parties for
purposes described in this policy. Information collected within the
European Economic Area (“EEA”) may, for example, be transferred to
countries outside of the EEA for the purposes as described in this policy.
We utilize standard contract clauses approved by the European Commission,
adopt other means under European Union law, and obtain your consent to
legitimize data transfers from the EEA to the United States and other
We do not mine subscription external emails with the email@example.com format nor do we monitor the content of individual mobile conversations upon which our mobile platform is installed.
In registering as a member of Sidepatch, you are accepting this Privacy Statement, Terms of Agreement, and agree to waive your rights under GDPR only to the extent necessary to provide services, as the industry technology develops to comply with GDPR.
You can contact us using the information provided below with questions or concerns.
How will we notify you of changes to this policy?
We’ll notify you before we make changes to this policy and give you the opportunity to review and comment on the revised policy before continuing to use our Services.
How to contact Sidepatch with questions
If you have questions about this policy, here’s how you can reach us:
Please contact Sidepatch, LLC, though the Contact US or by mail at:
P O Box 2182
Middleburg, VA 20118-2182
Date of Last Revision: April 26, 2018
Sidepatch © 2018