Effective date: September 12, 2018
The Feedsubs service is operated by Nicolas Le Manchet and hosted within the European Union.
The service collects a minimal amount of personal information about users, most of which is technically required to operate.
- Username: when registering a user chooses a pseudonym that he will use to connect to the service.
- Email address: optionally a user may provide one or many email addresses. These are used only to provide additional features like recovering a forgotten password.
- IP addresses: all pages visited while using the service are recorded in a log that includes the date, page, username and IP address of the visitor. These information are stored temporarily in order to protect the service from abuses.
- Password: to access the service users must register using a password. This password is only used securely by the service. It is never stored (only a secure hash is stored) and never shared with third parties.
The processing of this data is based on Art. 6 (1) (f) of the GDPR. Our legitimate interests is to securely operate the service.
Data accessible by providers
The service relies on technical providers to operate. These provider are data processors that may have access to a subset of the data collected by the service.
- Digital Ocean: provides the cloud infrastructure this service uses for operating. They mainly have access to visitors' IP addresses and temporary backups of the service data.
- Mailgun: the European branch of Mailgun is used to send one-off emails related to the service, for example during registration or if a user forgets his password. Mailgun may have access to the user's email address and to the content of the email. Mailgun is not used for any kind of mass-mailing or newsletter.
- Sentry: provides a tool used for debugging errors that may happen while using the service. Sentry may receive part of the user's data in the rare case of an error. This includes mainly the username, the IP address, page visited and browser information. The data is deleted by Sentry after 7 days.
No data is shared with third parties for the purpose of tracking or advertising.
A user may download all the personal information stored by the service using the tool available in the settings page. This includes portability data that can be used with other similar services. The same information may also be requested by email.
A user may change incorrect information using the settings page. At any time a user may request all his data to be permanently deleted using the automated tool in the settings page.
In the event of a security breach, users have the right to know that their data has been accessed by an unauthorized third party. In such case users having a registered email address will be contacted by email.
The service takes security very seriously, a non-exhaustive list of measures taken to protect personal information includes:
- Using TLS to encrypt traffic between users and the service.
- Only storing fingerprints of passwords according to the industry standard.
- Maintaining operating systems and libraries used up to date.
- Use of firewalls to protect the backend infrastructure.
- Use of two factors authentication to access third party accounts.
- Collecting a minimal amount of data to limit the impact of security breaches.
If you believe you have discovered a security vulnerability, please inform only firstname.lastname@example.org.