Notification of Changes
Rev I. In the event this Policy is updated, changes will be posted on the Site no less than one week in advance so users remain aware of information collected, how it is used, and under what circumstances, if any, it is disclosed.
Rev II. In the event this Policy is updated, changes will be posted on the Site in detail so users remain aware of information collected, how it is used, and under what circumstances, if any, it is disclosed.
Protection of Financial Information
We removed this section in its entirety. The Financial Services Modernization Act of 1999 does not apply to our products or services, and we neither collect nor provide financial information.
Rev II. To ensure your privacy, this website does not collect any visitor metadata. All server-side logging has been permanently disabled, preventing collection of data such as date and time of access. The Site was carefully developed by hand, and does not use third-party software, analytics, or cookies.
Protection of Children
Rev I. In accordance with the Childrens Online Privacy Protection Act of 1998, NefLabs does not knowingly collect Information from persons under the age of thirteen (13).
Rev II. In accordance with the General Data Protection Regulation of 2018, NefLabs does not knowingly collect Information from persons under the age of sixteen (16).
We find that the GDPR supersedes COPPA globally, and in an effort to maintain policies which reflect international law, we are raising the minimum age of persons from whom we may collect information.
Protection of Communications
Rev I. In accordance with the Electronic Communications Privacy Act of 1986, and in an effort to protect Information from subpoena, all Site-related email messages older than one-hundred eighty (180) days are deleted. All Site-based communications are encrypted for your privacy. The Site has never received an order to disclose the private decryption key to these communications.
Rev II. Messages received through the contact form are anonymous. In accordance with the Electronic Communications Privacy Act of 1986, and in an effort to protect Information from subpoena, messages older than seven (7) days are deleted. For your privacy, all messages received through the contact form are encrypted at rest with a rotating 4096-bit key. The Site has never received an order to disclose the private decryption key to these communications.
This section was updated to more accurately reflect our organizational operations. To clarify, we do not collect "email" on the site; our contact form stores messages as encrypted text. Although the ECPA allows us to hold messages up to 180 days without the potential for subpoena, we typically delete messages immediately after we receive them, and the new 7-day window is an honest reflection of our practices.
We also took the opportunity to clarify how messages received through the contact form are encrypted. Although messages are protected in transit using TLS 1.2, they are also encrypted at rest using a 4096-bit key, which is refreshed at random intervals.
If you have questions regarding our new policy, please reach out to us. We're happy to clarify our statements, address your concerns, and throw shade on corporations with terrible privacy policies.
Published May 04, 2018