jebus/enviPy-bayer
1
0
Fork 0
forked from enviPath/enviPy
Code Issues Pull Requests Actions Releases Activity

[Feature] Update ToS to be more legally safe and sensible (#301)

Browse Source 
- Improved ToS content
- Add ToS pointer and academic use note at signup
- Remove legal collection page (unnecessary)

Reviewed-on: enviPath/enviPy#301
Co-authored-by: Tobias O <tobias.olenyi@envipath.com>
Co-committed-by: Tobias O <tobias.olenyi@envipath.com>
This commit is contained in:
Tobias O
2026-01-20 03:18:40 +13:00
committed by jebus
parent 1fd993927c
commit f905bf21cf
6 changed files with 729 additions and 406 deletions
Download Patch File Download Diff File Expand all files Collapse all files

349
templates/static/privacy_policy.html
View File

@ -18,153 +18,304 @@
<div class="prose max-w-none">
<p class="mb-6 text-lg">
enviPath is committed to protecting your privacy. This Privacy Policy
explains how we collect, use, disclose, and safeguard your information
when you use our platform.
explains how we collect, use, disclose, and safeguard personal
information when you use the enviPath platform and related services
(together, the "Platform").
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
1. Information We Collect
1. Who We Are (Data Controller)
</h2>
<p class="mb-4">
enviPath is operated by enviPath Limited, a legal entity established
in New Zealand, with its principal place of business in Auckland, New
Zealand ("enviPath", "we", "us", or "our").
</p>
<p class="mb-4">
For the purposes of applicable data protection laws, enviPath Limited
is the data controller responsible for personal information processed
through the Platform.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
2. Information We Collect
</h2>
<h3 class="mt-6 mb-3 text-xl font-semibold">Personal Information</h3>
<h3 class="mt-6 mb-3 text-xl font-semibold">
2.1 Personal Information You Provide
</h3>
<p class="mb-4">
We may collect personal information that you voluntarily provide when
you:
</p>
<ul class="mb-4 list-inside list-disc space-y-2">
<li>Register for an account</li>
<li>Use our prediction services</li>
<li>Submit data or pathways</li>
<li>Contact our support team</li>
<li>Participate in our community forums</li>
<li>
Participate in community forums or other community features (where
available)
</li>
</ul>
<p class="mb-4">
This information may include: name, email address, institution
affiliation, and research interests.
This may include your name, email address, institution affiliation,
and research interests (if provided).
</p>
<h3 class="mt-6 mb-3 text-xl font-semibold">Usage Data</h3>
<h3 class="mt-6 mb-3 text-xl font-semibold">
2.2 Usage and Technical Data
</h3>
<p class="mb-4">
We automatically collect certain information when you visit, use, or
navigate the platform. This includes:
</p>
<ul class="mb-4 list-inside list-disc space-y-2">
<li>IP address and browser type</li>
<li>Pages visited and time spent</li>
<li>Referring/exit pages</li>
<li>Prediction queries and results</li>
<li>Operating system and device information</li>
</ul>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
2. How We Use Your Information
</h2>
<p class="mb-4">We use the information we collect to:</p>
<ul class="mb-4 list-inside list-disc space-y-2">
<li>Provide, operate, and maintain our services</li>
<li>Improve and personalize user experience</li>
<li>Understand and analyze usage patterns</li>
<li>Develop new features and services</li>
<li>Communicate with you about updates and support</li>
<li>Prevent fraudulent activities and ensure security</li>
<li>Conduct research and analysis for scientific advancement</li>
</ul>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
3. Data Sharing and Disclosure
</h2>
<p class="mb-4">
We do not sell your personal information. We may share your
information in the following situations:
navigate the Platform. This may include:
</p>
<ul class="mb-4 list-inside list-disc space-y-2">
<li>
<strong>Academic Research:</strong> Anonymized usage data may be
used for research purposes
IP address, browser type, and device/operating system information
</li>
<li>Pages or endpoints accessed and time spent</li>
<li>Referring/exit pages or URLs (where available)</li>
<li>
Prediction queries, submitted data, and generated results, including
associated metadata, for the purposes of platform functionality,
performance monitoring, and research analysis
</li>
<li>
<strong>Legal Requirements:</strong> When required by law or to
protect our rights
</li>
<li>
<strong>Service Providers:</strong> With trusted third parties who
assist in operating our platform
</li>
<li>
<strong>Public Data:</strong> Data you explicitly mark as public
will be accessible to other users
Log and diagnostic information (such as timestamps and error logs)
</li>
</ul>
<h2 class="mt-8 mb-4 text-2xl font-semibold">4. Data Retention</h2>
<h3 class="mt-6 mb-3 text-xl font-semibold">
2.3 Cookies and Similar Technologies
</h3>
<p class="mb-4">
We retain your personal information for as long as necessary to
provide our services and fulfill the purposes outlined in this policy.
You may request deletion of your account and associated data at any
time.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
5. Analytics and Cookies
</h2>
<p class="mb-4">
We use Matomo analytics to understand how users interact with our
platform. This helps us improve our services. For more details, see
our
We use cookies and similar technologies for essential functionality
and, where applicable, analytics. For more details, see our
<a href="/cookie-policy" class="link link-primary">Cookie Policy</a>.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">6. Data Security</h2>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
3. How We Use Your Information
</h2>
<p class="mb-4">
We implement appropriate technical and organizational security
measures to protect your personal information. However, no electronic
transmission or storage is 100% secure, and we cannot guarantee
absolute security.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">7. Your Rights</h2>
<p class="mb-4">
Depending on your location, you may have the following rights:
We collect and use personal information only where necessary for
legitimate and lawful purposes connected with operation and
improvement of the Platform. These purposes include:
</p>
<ul class="mb-4 list-inside list-disc space-y-2">
<li>Access to your personal data</li>
<li>Correction of inaccurate data</li>
<li>Deletion of your data</li>
<li>Restriction of processing</li>
<li>Data portability</li>
<li>Objection to processing</li>
<li>Providing, operating, and maintaining the Platform</li>
<li>
Creating and administering user accounts, authentication, and access
control
</li>
<li>Responding to enquiries and providing support</li>
<li>
Monitoring usage patterns and improving Platform functionality,
performance, and usability
</li>
<li>
Ensuring Platform security, preventing misuse, and investigating
suspected breaches
</li>
<li>
Conducting scientific research and statistical analysis using
<strong>anonymised or aggregated data only</strong>, such that
individuals are not identifiable in published outputs
</li>
<li>
Complying with legal obligations and responding to lawful requests
</li>
</ul>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
8. Third-Party Services
4. Legal Bases for Processing (EEA, UK, and Swiss Users)
</h2>
<p class="mb-4">
Our platform may contain links to third-party websites or integrate
with external services (e.g., Discourse community forums). We are not
responsible for the privacy practices of these third parties.
Where the GDPR (or similar laws) applies, we process personal data on
the following legal bases:
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">9. Children's Privacy</h2>
<ul class="mb-4 list-inside list-disc space-y-2">
<li>
<strong>Performance of a contract</strong> (to provide access to the
Platform and its services)
</li>
<li>
<strong>Legitimate interests</strong> (such as operating the
Platform, improving functionality, conducting anonymised research,
ensuring security, and maintaining service reliability)
</li>
<li>
<strong>Compliance with legal obligations</strong> (where
applicable)
</li>
<li>
<strong>Consent</strong> (where required, for example for
non-essential cookies)
</li>
</ul>
<p class="mb-4">
enviPath is not intended for users under the age of 16. We do not
knowingly collect personal information from children. If you believe
we have collected information from a child, please contact us.
Where processing is based on consent, you may withdraw your consent at
any time. Withdrawal does not affect the lawfulness of processing
before withdrawal.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
10. Changes to This Policy
5. Data Sharing and Disclosure
</h2>
<p class="mb-4">
We may update this Privacy Policy from time to time. We will notify
you of any changes by posting the new policy on this page and updating
the "Last updated" date.
We do not sell personal information. We only share personal
information in the following limited circumstances:
</p>
<ul class="mb-4 list-inside list-disc space-y-2">
<li>
<strong>Service Providers:</strong> With trusted third-party
providers who process data on our behalf for hosting,
authentication, analytics, or technical support, subject to
confidentiality and data protection obligations
</li>
<li>
<strong>Academic and Scientific Research:</strong> Using
<strong>anonymised or aggregated</strong> data only, such that
individuals cannot be identified
</li>
<li>
<strong>Legal and Regulatory Requirements:</strong> Where disclosure
is required by law, or necessary to protect our legal rights or the
rights and safety of others
</li>
<li>
<strong>Public Contributions:</strong> Content or data that you
explicitly designate as public may be accessible to other users and
the public (depending on Platform functionality)
</li>
</ul>
<p class="mb-4">
We do not authorise third parties to use personal information for
their own independent purposes.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">11. Contact Us</h2>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
6. International Data Transfers
</h2>
<p class="mb-4">
If you have questions or concerns about this Privacy Policy, please
<a href="/contact" class="link link-primary">contact us</a>.
The Platform is operated from New Zealand. Personal information may be
processed or stored in New Zealand and other jurisdictions where we or
our service providers operate.
</p>
<p class="mb-4">
New Zealand is recognised by the European Commission as providing an
adequate level of protection for personal data. Where personal
information is transferred to jurisdictions outside the European
Economic Area, we take reasonable steps to ensure appropriate
safeguards are in place.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">7. Data Retention</h2>
<p class="mb-4">
We retain personal information only for as long as reasonably
necessary to fulfil the purposes described in this Privacy Policy,
unless a longer retention period is required or permitted by law.
</p>
<ul class="mb-4 list-inside list-disc space-y-2">
<li>
<strong>Account information:</strong> retained for the duration of
the user account
</li>
<li>
<strong>Usage and log data:</strong> retained for up to
<strong>[X] months</strong>
</li>
<li>
<strong>Backup data:</strong> retained for up to
<strong>[Y] months</strong>
</li>
</ul>
<p class="mb-4">
You may request deletion of your account and associated personal
information at any time, subject to legal or technical retention
requirements (for example, security logs and backups retained for
limited periods).
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">8. Data Security</h2>
<p class="mb-4">
We implement appropriate technical and organisational measures
designed to protect personal information from loss, unauthorised
access, misuse, alteration, or disclosure. However, no electronic
transmission or storage method is 100% secure, and we cannot guarantee
absolute security.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
9. Your Rights and Choices
</h2>
<p class="mb-4">
Depending on your location, you may have rights relating to your
personal information, including:
</p>
<ul class="mb-4 list-inside list-disc space-y-2">
<li>Request access to personal information we hold about you</li>
<li>Request correction of inaccurate or incomplete information</li>
<li>Request deletion of personal information (where applicable)</li>
<li>Object to or restrict certain processing (where applicable)</li>
<li>Request data portability (where applicable)</li>
</ul>
<p class="mb-4">
<strong>New Zealand users</strong> have rights under the Privacy Act
2020 to request access to, and correction of, personal information.
</p>
<p class="mb-4">
To exercise your rights, please contact us using the details in the
"Contact Us" section below. We may need to verify your identity before
responding.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
10. Third-Party Services
</h2>
<p class="mb-4">
The Platform may integrate or link to third-party services (for
example, community forums such as Discourse). Third-party services
operate independently and have their own privacy practices. We
encourage you to review their policies.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">11. Childrens Privacy</h2>
<p class="mb-4">
The Platform is not intended for users under the age of 16. We do not
knowingly collect personal information from children. If you believe
that we have collected personal information from a child, please
contact us so we can take appropriate steps.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">
12. Changes to This Policy
</h2>
<p class="mb-4">
We may update this Privacy Policy from time to time. We will post the
updated policy on this page and update the "Last updated" date.
Changes take effect when posted.
</p>
<h2 class="mt-8 mb-4 text-2xl font-semibold">13. Contact Us</h2>
<p class="mb-4">
For questions, requests, or concerns about this Privacy Policy or our
handling of personal information, please contact us:
</p>
<ul class="mb-4 list-inside list-disc space-y-2">
<li>
<strong>Email:</strong>
<a href="mailto:privacy@envipath.org" class="link link-primary"
>privacy@envipath.org</a
>
</li>
<li>
<strong>Contact:</strong>
<a href="/contact" class="link link-primary">/contact</a>
</li>
<li>
<strong>Operator:</strong> enviPath Limited, Auckland, New Zealand
</li>
</ul>
<div class="alert alert-info mt-8">
<svg
@ -180,7 +331,7 @@
d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z"
></path>
</svg>
<span>Last updated: 2025</span>
<span>version: 1, Last updated: January 2026</span>
</div>
</div>
</div>