Data use policy

Why isn't this a "Privacy Policy"?

Many websites link to their “privacy policies” from their homepages, but what they actually tell you is how they plan to use your data. We believe that it is important to be transparent that this policy is a promise about how we will use the data you leave when you visit this site, but neither this promise nor the promise of any other site gives you full privacy.

The privacy policy is a compulsory legal disclosure of how the website operator collects, retains, and shares personally identifiable information. In other words, it’s often a list of ways your personal data are not private and under their control. There are legitimate reasons that people and organisations running websites need to keep data about your visits. We limit the data that we keep to only the data that we need for maintaining the site and satisfying legal and funding-related reporting requirements.

Visiting Security-in-a-Box

Securityinabox.org is operated by Tactical Tech, a non-profit operating from Berlin, Germany and is governed by EU Data law.

When you visit this site, we collect information about your visit of the sort that web browsers and servers typically make available. If you don’t have Do not Track enabled, we may still collect the following anonymous/anonymised information when you visit our website:

  • the time and date you visited the site
  • the first page you visit
  • how many times you click on links
  • how long you stayed on the site
  • the last page you visit before leaving
  • what site brought you to the page (if you followed a link form another page, like on a search engine or social media)
  • what sites you visited through links on our site
  • what you download from our site
  • what keyword or keywords you used if you found the site through a search engine
  • what browser you use
  • what operating system you use
  • what kind of device you use (computer vs smartphone vs tablet)
  • what brand device you use
  • what model device you use
  • your country
  • your IP address (We anonymise Visitors' IP addresses in our stats: we use this information to protect our servers from misuse. We do not use this information to identify Security-in-a-Box visitors.)
  • your screen resolution
  • language of your browser
  • number of times you have visited the site
  • days since the last time you visited the site

We do this to better understand how people use the site and so that we can fix problems with the site when they arise. From time to time, we also release reports that include very general information about who visits this site, like the total number of visitors or which countries or other websites comprise the most visits.

We may collect statistics about the behaviour of visitors to the Security-in-a-Box. For instance, Security-in-a-Box may reveal how many visitors navigate from one page to another within the toolkit. We do this so that we can figure out how we can improve the toolkit and develop content that better suits your needs.

We collect this information using open source analytics software that we host ourselves. This means that even the people who wrote the software do not see any of your information. This is done through a combination of server logs, javascript, and cookies. We need the server logs to protect this site and our servers, but you can block javascript using NoScript and turn off or delete cookies and the site will continue to work correctly. We do not partner with third parties to collect this information, nor do we share information with third parties, with the exception of the release of non-personally-identifying information in formats described above.

I am using a VPN

VPNs can obscure your IP address and your country location, but some data may still be visible. If you use a VPN while visiting our website, and you haven’t enabled DNT, we would see all of the above information, save your IP address and country location, which would show the IP address and country of the exit point of your VPN.

I am actually using TOR

Just as when you are using a VPN, we can still access the above information, though the changing exit node IP addresses does add a complication. Furthermore, if we wanted to, we could go back through the exit node IP Addresses which are routinely published by Tor and determine if you are using TOR. But, that is something that we have never done and would not do. We will also see similar information if you visit this site through our Onion service .

Occasionally, we may link to projects from Tactical Tech, Front Line Defenders, or other partners from this site.

In the case of other projects hosted by Tactical Tech, we may offers the opportunity to engaging in a way that requires collecting personally identifying information, like providing an email address so that we can send you updates that you have decided that you want to receive. In that case, Tactical Tech collects such information only as is necessary or appropriate to fulfil the purpose of the visitor’s interaction. You can always refuse to supply your unique information or withdraw your consent at any time. This may prevent you from fully engaging in certain activities, but we try hard to make as much of our content available without any kind of barrier. Any way that you chose to engage with a Tactical Tech site is voluntary and will not effect your use of Security-in-a-Box. Through your use of Security-in-a-Box itself, you will not be asked to provide personally identifying information.

Projects and sites hosted by Front Line Defenders and other parters have their own data use policies and you should check the applicable policies if you have question about your data and those sites.

Changes to this Policy

Although most changes are likely to be minor, we may change the Security-in-a-Box Privacy Policy from time to time, in response to legal and technical changes and at our discretion. We encourage visitors to frequently check this page for any changes to this Data Use Policy. Your continued use of this site after any change in this Data Use Policy constitutes your acceptance of these change.

Contacts

All questions related to the data use policies of Security-in-a-Box should be directed in writing to the Tactical Tech Data Protection Officer.

Reusing this Data Use Policy

You are welcome to reuse and be inspired by this Data Use Policy after making sure it complies with the way your website tracks, uses and discloses users information.

This document was last updated 25 May 2018.