Skip to content

Latest commit

 

History

History
155 lines (118 loc) · 7.37 KB

PRIVACY-POLICY.md

File metadata and controls

155 lines (118 loc) · 7.37 KB

Privacy Policy for Improved Intra 42

Version: 1.0. Last updated: November 29th, 2021.

This is the privacy policy of the browser extension called "Improved Intra 42", hereafter called "Extension" or "The Extension". Anyone using this extension is called a user, hereafter called "User", "The User" or "A User".

The Extension is findable, downloadable and/or installable from the following sources:

Definitions of terms

A web accessible server is a computer, reachable by anyone using a computer who knows the address of the server. The address is often portrayed in a human- readable format called a domain.

A Web Browser is a software program that allows a user to locate, access and display web pages on the Internet. They are delivired to User using HTTP (Hypertext Transfer Protocol), using HTML (Hypertext Markup Language). A Web Browser is able to translate the delivered data into human-readable content. Web pages are stored on web accessible servers and are reachable by combining a domain and a path to a resource on the server, which is called a URL.

A "browser extension" (also called an "extension" or a "plug-in") is a small piece of sotware that adds a capacity or functionality to a Web Browser. They make use of the same programming language "Javascript", the markup language "HTML", and stylesheets "CSS" as most modern-day websites. Browser extensions generally perform tasks only for a specific list of websites.

A browser extension often has an internal options page, accessible to User by going to Web Browser's extensions overview and clicking the options button for the extension. On this page, User can modify what the extension does. This data is often stored locally or on a web accessible server.

Example products of Web Browsers are Google's "Chrome", Mozilla's "Firefox" and Microsoft's Internet Explorer.

Example products of browser extensions are "uBlock Origin" by Raymond Hill (gorhill), "Tab Manager Plus for Chrome" by stefanxo.com and "Sidebery" by mbnuwq.

Access to websites

The Extension is able to access and read any data from the domains "intra.42.fr" and any of its subdomains, hereafter called "Intranet". It also communicates with the domain "darkintra.freekb.es" in order to synchronize settings set for The Extension by User.

Storing of user data

Any settings modified in The Extension's internal options page by User, can be stored on a publicly accessible web server located at the domain "darkintra.freekb.es", hereafter called the "Sync Server", for synchronization purposes. This is done in a secure manner: the files on this server corresponding to User can only be modified by User using an access key, also called an access token, generated by Intranet. This access key is only generated by request of User, after a visit of the URL "https://darkintra.freekb.es/connect.php" in Web Browser and clicking the "Allow" button on Intranet's website (domain: "api.intra.42.fr"). This access key is never stored on the Sync Server.

All data transmitted to and from the Sync Server are done in a secure manner using SSL/HTTPS encryption.

A copy of all data stored on the Sync Server is stored locally using the "Chrome Extension API". This copy is not synced using Chrome's Storage Sync API.

When is user data stored on the Sync Server

User data is only stored on the Sync Server when User has enabled synchronization in The Extension's settings. If User never modifies any of the default Extension's settings, no user data is stored.

Synchronization is enabled by default, but synchronization is only carried out after User changes any of The Extension's default settings. The extension is perfectly usable without synchronization, although then no customization is possible. The extension will be loaded in a default, fallback state instead.

User data stored on the Sync Server

  • Extension settings set by User, including but not limited to the following:
    • User's preferences regarding color schemes on websites
    • User's choice of allowing Extension to improve upon accessible websites
    • Visual customizations made for User's own profile on Intranet
  • Personally identifiable information, limited to the following:
    • User's "username" and user identification number (ID) on Intranet

In case of data transmission errors between Sync Server and User, some information might be logged. This information could include but is not limited to the User's IP Address, the requested resource, and form data. These logs are used for solving these errors and will be deleted after 4 weeks. They are only accessible to the creator of The Extension.

The Sync Server ensures no data unused by user-facing features of The Extension is stored in its file system. A PHP script will check any data that comes in for usability. Any fields that it does not recognize, will be discarded. Please note that server logs are exempted from this approach: here our server software (Apache2) will select what to store or not. The Sync Server is set to only log warnings and errors. General access to resources is and will never be logged.

Data stored on the Sync Server will never be sold to third parties, nor to anyone or any entity that has no goal related to the goal The Extension tries to achieve: to improve Intranet.

Usage of user data stored on the Sync Server

The user data stored on the Sync Server is used to synchronize User's settings between Web Browsers and devices. This way, User never has to customize their settings on every new installation of Extension. A login to Intranet will be enough to retrieve and apply their settings.

Accessibility of User's data on the Sync Server

User's data on the Sync Server is publicly accessible by anyone who knows User's "username" on Intranet. The data is accessible by going to the following URL in a Web Browser: "https://darkintra.freekb.es/settings/-username-.json", where "-username-" is replaced with User's "username" on Intranet.

Request of deletion of stored user data on the Sync Server

User may request to delete all their data from the Sync Server by disabling synchronization in The Extension's options page. It will be deleted immediately after disablement, which will cause it to cease to exist, meaning the data will no longer be accessible by anyone.

If User wishes to delete their data without having Extension installed, they can request so by sending an e-mail to the creator of Extension. See the paragraph called "Contact & communication" below for contact details.

Use of cookies

The Extension does not make use of any cookies in any way or form. The Sync Server does make use of cookies, but not to track User. Use of cookies created by Sync Server is limited to identifying User when accessing pages on Sync Server's domain, in order to securely store User's data.

Contact & communication

The creator of Extension can be reached by sending an e-mail to the e-mail address [email protected] or [email protected]. Any changes to this Privacy Policy will be announced using pop-up windows on Intranet, added to Intranet by Extension.