Last revised and updated 10/29/2021
The technology we use allows us to go far beyond regulatory minimums and offer you a service that truly respects your privacy!
1. Basis of this service
Please note that blua.blue is open-source and the following can only be understood in the context of https://blua.blue, a privately maintained webspace. Our data is stored on own servers rented through our hosting provider and secured with state-of-the-art encryption technology.
2. Two types of data
We will distinguish between personal and non-personal data.
Person data includes, but is not limited to, information like your email address, billing
information and alike.
We limit the collection of such data intentionally to a minimum and only add to it if necessary.
Non-personal data helps us to generate statistics and improve user experience, but holds no connection to - or has been removed from - any data that could identify an individual.
In addition to the data we collect, any data users provide (public articles, profile picture, username, etc) is processable by us (and the world). Although the responsibility of such content is governed by our terms and conditions, a mindful approach when publishing anything online is wise.
3. Third parties and data security
We use as little "outside help" as possible to avoid handing off personal data. From captcha to data-warehousing, our services are internal and data isn't shared. However, we can't do it all. In particular, we use
Controlled / processed data
Mailjet, a GDPR* and CCPA* compliant mailing service.
User communication, authentication, service facilitation and marketing
email, username, statistical behavior on email interaction
Piwik.pro, a GDPR* and CCPA* compliant analytics tool
Create statistics on (unique) readership, improve service & appearance
browser cookies, browsing behavior, device information, location, IP address
We are intentionally not using extensive data collectors including famous search engines or social media platforms. This means that services like "sign up with your X-account" are not possible and advertisement might not be as targeted as you are used to. However, we believe that's in your best interest.
* CCPA - California Consumer Privacy Act of 2018 and GDPR - General Data Protection Regulation (EU) regulate better control over citizens' data. We extend the gist of this approach to all our users.
4. Data persistence protection and security
We do not give any guarantees regarding the lifespan of this service nor data persistence. Our due diligence cannot exceed regular backups in case of catastrophic events. Instead, we introduce the concept of the opposite: Our servers are set up to permanently erase all data in case of termination or malfunction of the system, making data-leaks improbable. We secure data on the same physical hardware our server side code runs, effectively eliminating network communication between stored data and processing. Client communication is secured via SSL encryption and additional measurements against certain attacks.
5. Dear Californians & EU citizens and all others
The following disclaimer is a legal requirement of CCPA:
The following rights extend to EU citizens according to GDPR:
- Request access to your personal data
- Request correction of the personal data
- Request erasure of your personal data (right to forget)
- Withdraw your consent and opt-out from our communications
- Object to processing of your personal data
- Request the restriction of processing of your personal data
- Request the transfer of your personal data
Our reality: ALL users can make such requests as often as needed. The processes of deleting all traces of your account and collecting all information ever obtained are automated and can be processed fast if requested. Should you not have an account with us, we will not collect or share personal data unless you interact with the platform without being a member (e.g. DCMA reporting). However, to verify that (and fulfill this legal requirement), you can send us an inquiry with "California Shine the Light" at firstname.lastname@example.org and we will respond within 30 days.
6. About changes to this policy
Changes to this policy are communicated via banner on this website and/or email communication. All changes take effect
- immediately for new users
- after 30 days for users who agreed to a previous version of this policy