Traas.org Privacy Policy
Last updated: 10/8/2015
Tracking
Traas.org does not use any third-party tracking software. It does, however, use web server logs to track basic usage. The data stored in the server logs looks like:
173.245.52.181 - - [06/Oct/2015:17:47:27 +0000] "GET / HTTP/1.1" 200 13089 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
As you can see, the two pieces of personally identifiable information we are
storing are IP address and user-agent string. I need this information for
troubleshooting, diagnosing attacks, etc. I am counting firemen
researching the possibility of not storing personally identifiable information
when the Do Not Track header is set by your browser.
Databases
Traas.org does not use a database, and stores no information about you, or anything else.
CDN, Cookies, SSL
Traas.org uses CloudFlare for DNS management and as a content delivery network for static assets. Additionally, traas.org uses CloudFlare's universal SSL for the site. We use the "Full SSL" option, with an SSL certificate on traas.org that CloudFlare's proxies use to communicate, so anything sent to and from traas.org via HTTPS is encrypted any time traffic is going over the wire. For more information about what data CloudFlare may be collecting, please see their privacy and security policy.
The only cookie set by traas.org is a first-party cookie named __cfduid
that
is used by CloudFlare. For more details, please see CloudFlare's
support article for this topic.
Hosting
Traas.org lives on a DigitalOcean un-managed Virtual Private Server. As such, it shares physical hardware and network resources with other users. Please see DigitalOcean's privacy and security page for more information.
Data Retention
Traas.org does not have an official data retention policy. I delete log files when they start taking too much space. Or whenever I feel like it. Regardless, there's no reason to expect logs to be there if you go around snooping.
Backups are scheduled weekly through DigitalOcean. They retain the backups for a little over 5 weeks. I do not typically take snapshots of the VM; I can re-build the VM in about a half an hour from my orchestration if need be.
Warrant Canary
The operators of traas.org have never been contacted by government officials for to obtain the little data we collect. In the unlikely event that this section is ever removed, assume the worst.