mirror of
https://gitlab.com/hagrid-keyserver/hagrid.git
synced 2023-02-13 20:55:02 -05:00
67 lines
3.5 KiB
Handlebars
67 lines
3.5 KiB
Handlebars
{{#> layout }}
|
|
<div class="about">
|
|
<center><h2><a href="/about">About</a> | <a href="/about/news">News</a> | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | Privacy</h2></center>
|
|
|
|
<p style="text-align: left;">
|
|
The public keyserver running on keys.openpgp.org processes, stores and
|
|
distributes OpenPGP key data. The specific way in which data is processed
|
|
differs by type as follows:
|
|
<ul>
|
|
<li><b>E-Mail Addresses</b>
|
|
<p>E-Mail addresses contained in <abbr title="Packet Tag 13">User
|
|
IDs</abbr> are personally identifiable information (PII).
|
|
Special care is taken to make sure they are used only with
|
|
consent:
|
|
<ul>
|
|
<li>
|
|
Publishing requires <a target="_blank"
|
|
href="https://en.wikipedia.org/wiki/Opt-in_email#Confirmed_opt-in_(COI)_/_Double_opt-in_(DOI)">double
|
|
opt-in</a> validation, to prove ownership of the
|
|
e-mail address in question.
|
|
</li>
|
|
<li>Addresses are searchable by exact E-Mail address,
|
|
but not by associated name.</li>
|
|
<li>Enumeration of addresses is not possible.</li>
|
|
<li>Deletion of addresses is possible via simple proof
|
|
of ownership in an automated fashion, similar to
|
|
publication. To unlist an address where this isn't
|
|
possible, write to support at keys dot openpgp dot
|
|
org.
|
|
</li>
|
|
</ul>
|
|
</p>
|
|
<p>This data is never handed to third parties.
|
|
</p>
|
|
</li>
|
|
<li><b>Public Key Data</b>
|
|
<p>The cryptographic content of OpenPGP keys is not considered personally
|
|
identifiable information. This includes specifically
|
|
<abbr title="Packet Tags 6 and 14">public key material</abbr>,
|
|
<abbr title="Packet Tag 2, Signature types 0x10-0x13, 0x18, 0x19, 0x1F">self-signatures</abbr>, and
|
|
<abbr title="Packet Tag 2, Signature types 0x20, 0x28, 0x30">revocation signatures</abbr>.
|
|
</p>
|
|
<p>This data is not usually collectively available ("as
|
|
a dump"), but may be handed upon request to third
|
|
parties for purposes of development or research.
|
|
</p>
|
|
</li>
|
|
<li><b>Other User ID data</b>
|
|
<p>An OpenPGP key may contain personal data other than E-Mail
|
|
addresses, such as <abbr title="Packet Tag 13">User IDs</abbr>
|
|
that do not contain E-Mail addresses, or <abbr
|
|
title="Packet Tag 17">image attributes</abbr>. This data is stripped
|
|
during upload and never stored, processed, or distributed in
|
|
any way.
|
|
</p>
|
|
<p>OpenPGP packet types that were not specifically mentioned above are
|
|
stripped during upload and never stored, processed or
|
|
distributed in any way.
|
|
</p>
|
|
</li>
|
|
</ul>
|
|
<p style="text-align: left">Data is never relayed to third parties outside of
|
|
what is available from the <a href="/about/api">public API interfaces</a>,
|
|
and what is described in this policy.
|
|
</p>
|
|
</div>
|
|
{{/layout}}
|