Add Privacy policy and Terms of service: #345
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| # Thunderbird Appointment Backend | ||
|
|
||
| This is the backend component of Thunderbird Appointment written in Python using FastAPI, SQLAlchemy, and pytest. | ||
|
|
||
| ## Installation / Running | ||
|
|
||
| ### Development | ||
|
|
||
| A docker file with instructions is provided for development use, please check [appointment/readme.md](../README.md) for more information. | ||
|
|
||
| ### Self-hosting | ||
|
|
||
| More information will be provided in the future. There is currently a docker file provided which we use to deploy to AWS' ECS which should help you get started. | ||
|
|
||
| ## Configuration | ||
|
|
||
| The backend project uses dotenv files to inject environment variables into the application. A starting template can be found as [.env.example](.env.example). Copy that as your .env to get started. | ||
|
|
||
| You will want to ensure any variable ending with `_SECRET` has a secret value assigned. Additionally there are values such as SMTP settings for mail, google authentication credentials for google oauth flow with the google calendar api, and zoom api credentials available. | ||
|
|
||
| ### Authentication | ||
|
|
||
| This project is deployed with Mozilla Accounts (known as fxa in the code.) Since Mozilla Accounts is for internal use you will need to use password authentication. Note: password authentication does not currently have a registration flow. | ||
|
|
||
| ## Commands | ||
|
|
||
| Backend has a light selection of cli commands available to be run inside a container. | ||
|
|
||
| ``` | ||
| run-command main --help | ||
| Usage: run-command main [OPTIONS] COMMAND [ARGS]... | ||
|
|
||
| ╭─ Options ──────────────────────────────────────────────────────╮ | ||
| │ --help Show this message and exit. │ | ||
| ╰────────────────────────────────────────────────────────────────╯ | ||
| ╭─ Commands ─────────────────────────────────────────────────────╮ | ||
| │ download-legal │ | ||
| │ update-db │ | ||
| ╰────────────────────────────────────────────────────────────────╯ | ||
| ``` | ||
|
|
||
| * Download-legal is an internal command to process privacy policy and terms of service files that will be served by the frontend. | ||
| * Update-db runs on docker container entry, and ensures the latest db migration has run, or if it's a new db then to kickstart that. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
There was a problem hiding this comment. Should we document all commands in the readme? I always appreciate having commands listed somewhere with some simple example call. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| import os | ||
|
|
||
| import markupsafe | ||
| import requests | ||
| import markdown | ||
|
|
||
|
|
||
| def run(): | ||
| """Helper function to update privacy and terms. Please check to ensure you're not getting a 404 before committing lol.""" | ||
| print("Downloading the latest legal documents...") | ||
|
|
||
| extensions = ['markdown.extensions.attr_list'] | ||
| # Only english for now. There's no german TB privacy policy? | ||
| locales = ['en'] | ||
|
There was a problem hiding this comment. I was going to pull based on locale, but legal doesn't have a german privacy policy for TB 🤔 There was a problem hiding this comment. @Sancus who do we prod to get privacy policy translated? There was a problem hiding this comment. Well, if you have problems to find somebody 🤚🏻 I'm not exactly a professional translator but a native speaker at least 😅 I can provide a PR if you want. There was a problem hiding this comment. @devmount thanks for the offer! I'm looking into getting this translated right now. We should setup a pipeline for how to do it without relying on SDEs 😅 There was a problem hiding this comment. Of course, still wanted to offer that 😇 |
||
|
|
||
| for locale in locales: | ||
| privacy_policy = os.getenv('TBA_PRIVACY_POLICY_URL').format(locale=locale) | ||
| terms_of_use = os.getenv('TBA_TERMS_OF_USE_URL').format(locale=locale) | ||
|
|
||
| os.makedirs(f'{os.path.dirname(__file__)}/../tmp/legal/{locale}', exist_ok=True) | ||
|
|
||
| if privacy_policy: | ||
| print("Privacy policy url found.") | ||
| contents = requests.get(privacy_policy).text | ||
| html = markupsafe.Markup(markdown.markdown(contents, extensions=extensions)) | ||
|
|
||
| with open(f'{os.path.dirname(__file__)}/../tmp/legal/{locale}/privacy.html', 'w') as fh: | ||
| fh.write(html) | ||
|
|
||
| if terms_of_use: | ||
| print("Terms of use url found.") | ||
| contents = requests.get(terms_of_use).text | ||
| html = markupsafe.Markup(markdown.markdown(contents, extensions=extensions)) | ||
|
|
||
| with open(f'{os.path.dirname(__file__)}/../tmp/legal/{locale}/terms.html', 'w') as fh: | ||
| fh.write(html) | ||
|
|
||
| print("Done! Copy them over to the frontend/src/assets/legal!") | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,2 @@ | ||
| *.json | ||
| *.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| <h1>Thunderbird Privacy Notice</h1> | ||
| <p datetime="2024-03-21">Last updated March 21, 2024</p> | ||
| <p>The Thunderbird application allows users to privately integrate and manage their online communications.</p> | ||
| <p>This Privacy Notice explains what data Thunderbird collects and shares, and why. We also adhere to the <a href="https://www.mozilla.org/privacy/">Mozilla Privacy Policy</a> for how we receive, handle, and share information. </p> | ||
| <h2>Thunderbird Collects Data To:</h2> | ||
| <h3>Improve Performance and Stability For Our Users</h3> | ||
| <p>Thunderbird collects telemetry data by default to help improve the performance and stability of Thunderbird. There are two types of telemetry data: interaction data and technical data.</p> | ||
| <p><strong>Interaction data</strong>: Thunderbird receives data about your interactions with the application, such as whether calendars and filters are being used, and how many email accounts a user has.</p> | ||
| <p><strong>Technical data</strong>: Thunderbird also receives basic information about your device and application version, including, hardware configuration, device operating system, and language preference. When Thunderbird sends technical data to us, your IP address is temporarily collected as part of our server logs.</p> | ||
| <p>Read the telemetry documentation and learn how to opt-out of this data collection <a href="https://support.mozilla.org/kb/thunderbird-telemetry">here</a>.</p> | ||
| <h3>Set-Up and Configure Your Email</h3> | ||
| <p>Thunderbird collects your email domain and other technical data to set-up and configure your email account. Other information, like your name, your email messages, and your account’s address book are stored locally on your computer and never sent to us. Learn more <a href="https://support.mozilla.org/kb/automatic-account-configuration">here</a>. </p> | ||
| <p><strong>Email domain</strong>: Thunderbird receives your email address domain. Your full email address is never processed or stored on our servers (unless you choose to share it when you send a crash report). </p> | ||
| <p><strong>Technical data</strong>: Thunderbird also receives information about the application’s version and device operating system. When Thunderbird sends technical data to us, your IP address is temporarily collected as part of our server logs.</p> | ||
| <h3>Set Up and Configure Your Calendar</h3> | ||
| <p>Thunderbird collects the domain for your email/calendar, as well as technical data to set up and configure your calendar. Other information, like your name, your calendar events, and event attendees are stored locally on your computer and never sent to us.</p> | ||
| <p>You can connect your Google, Microsoft, or Apple calendar to Thunderbird and control your calendar right from Thunderbird. </p> | ||
| <p>We do not store your content from integrating Apple Calendar, Google Calendar, or Microsoft 365 with Thunderbird. That information stays on your computer. Nor do we share your content with any third party other than your calendar provider and anyone you specifically choose to send the appointments to.</p> | ||
| <h3>Set Up and Schedule Calendar Appointments with Thunderbird Appointment</h3> | ||
| <p>With Thunderbird Appointment, you can allow others to schedule appointments on your calendar.</p> | ||
| <p>You can connect your Google, Microsoft, or Apple calendar to Thunderbird Appointment to assist with scheduling. </p> | ||
| <p>If you choose to connect your Apple Calendar, Microsoft 365, or Google Calendar to Thunderbird Appointment, we will receive basic information about your calendar invites such as the title, date, stated location, the name and emails of the attendees, and any text in the appointment to display them within Thunderbird Appointment and allow you to invite others to schedule time in your calendar. We will receive technical and interaction data about your interactions with this feature such as how many events you create, whether you have connected to a Google, Microsoft, or Apple account.</p> | ||
| <p>We will only use your data to provide and improve the Thunderbird Appointment service.</p> | ||
| <h3>Review Crash Reports</h3> | ||
| <p>If Thunderbird crashes, we will ask you to share a report with more detailed information about the crash, but you always have the choice to decline. Thunderbird uses the information in the crash report to diagnose and correct the problem that caused the crash.</p> | ||
| <p><strong>Sensitive data</strong>: Crash reports include a “dump file” of Thunderbird’s memory contents at the time of the crash, which may contain data that identifies you or is otherwise sensitive to you.</p> | ||
| <p><strong>Webpage data</strong>: Crash reports include any active URLs at time of crash.</p> | ||
| <p><strong>Add-on data</strong>: Crash reports include a list of all add-ons that you were using at the time of the crash, and the time since: the start-up of the program, the last crash, and the last install.</p> | ||
| <p><strong>Technical data</strong>: Crash reports include data on why Thunderbird crashed and the state of device memory and execution during the crash. When Thunderbird sends technical data to us, your IP address is temporarily collected as part of our server logs.</p> | ||
| <p><strong>Email address</strong>: If you choose, crash reports include your email address.</p> | ||
| <p>Read the full documentation <a href="https://support.mozilla.org/kb/mozilla-crash-reporter-tb">here</a>.</p> | ||
| <h3>Improve Security for Our Users Everywhere</h3> | ||
| <p><strong>Technical data for updates</strong>: To ensure you have the most up-to-date version of the product, Thunderbird checks for updates by periodically connecting to Thunderbird’s servers. Your application version, language, and device operating system are used to apply the correct updates. <a href="https://support.mozilla.org/kb/thunderbird-makes-unrequested-connections#w_auto-update-checking">Learn more</a>.</p> | ||
| <p><strong>Technical data for add-ons blocklist</strong>: To help to protect you from any malicious add-ons, Thunderbird periodically checks for blocklisted add-ons. Your Thunderbird version and language, device operating system, and list of installed add-ons are needed to apply and update the add-ons blocklist. <a href="https://support.mozilla.org/kb/thunderbird-makes-unrequested-connections#w_extension-blocklist-updating">Learn more</a>.</p> | ||
| <h3>Install and Update Add-Ons</h3> | ||
| <p>You can install add-ons from addons.thunderbird.net or from the Thunderbird Add-ons Manager, which is accessible by clicking on Tools > Add-ons. To keep your installed add-ons up to date—like add-on descriptions, download counts, and ratings—the Thunderbird application periodically connects to our servers to install any updates. </p> | ||
| <p><strong>Search queries</strong>: If you enter keywords into the search field for the Add-ons Manager, those keywords will be sent to Thunderbird to perform the search.</p> | ||
| <p><strong>Interaction data</strong>: We receive aggregate data about visits to the Thunderbird website and the Add-ons Manager in Thunderbird, as well as interactions with content on those pages. Read about data practices on <a href="https://www.mozilla.org/privacy/websites/">Mozilla websites</a>.</p> | ||
| <p><strong>Technical data for updates</strong>: Thunderbird periodically connects to our server to install updates to add-ons. Your installed add-ons, application version, language, and device operating system are used to apply the correct updates. When Thunderbird sends technical data to us, your IP address is temporarily collected as part of our server logs.</p> | ||
| <h2>Thunderbird May Disclose Information To:</h2> | ||
| <p><strong>Mozilla Affiliates</strong>: Thunderbird is a project of MZLA Technologies Corporation, a subsidiary of Mozilla Foundation and as such, shares some of the same infrastructure. This means that, from time to time, your data (e.g., crash reports, and technical and interaction data) may be disclosed to Mozilla Corporation and Mozilla Foundation. If so, it will be maintained in accordance with the commitments we make in this Privacy Notice.</p> | ||
| <p><strong>DNS servers, Standard Autoconfiguration URIs, and Mozilla's Configuration Database</strong>: To simplify the email set-up process, Thunderbird tries to determine the correct settings for your account by contacting Mozilla’s configuration database as well as external servers. These include DNS servers and standard autoconfiguration URIs. During this process, your email domain may be sent to Mozilla's configuration database, and your email address may be disclosed to your network administrators.</p> | ||
| <p><strong>Amazon Web Services</strong>: Thunderbird uses Amazon Web Services (AWS) to host its servers and as a content delivery network. Your device’s IP address is collected as part of AWS’s server logs.</p> | ||
| <p><strong>Email address providers</strong>: Thunderbird has partnered with Gandi.net and Mailfence to allow you to create a new email address through Thunderbird. If you choose to use this feature, your email address search terms are sent to Gandi.net and Mailfence to return available addresses. In addition, your country location is also shared to provide the correct prices. You can learn more about <a href="https://contract.gandi.net/v5/contracts/14420/Privacy_Policy_US_2.0_en.pdf">Gandi.net’s</a> and <a href="https://mailfence.com/en/privacy.jsp">Mailfence’s</a> data practices by reading their privacy notices.</p> |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, thank you for this documentation 👏🏻