readthedocs · ericholscher · May 21, 2018 · Apr 20, 2018 · May 1, 2018 · May 2, 2018
diff --git a/docs/advertising-details.rst b/docs/advertising-details.rst
@@ -117,6 +117,7 @@ Analytics
 
 Analytics are a sensitive enough issue that they require their own section.
 In the spirit of full transparency, Read the Docs currently uses Google Analytics (GA).
+We go into a bit of detail on our use of GA in our :doc:`privacy-policy`.
 
 GA is a contentious issue inside Read the Docs and in our community.
 Some users are very sensitive and privacy conscious to usage of GA.

diff --git a/docs/index.rst b/docs/index.rst
@@ -58,6 +58,7 @@ Information about development is also available:
    team
    gsoc
    code-of-conduct
+   privacy-policy
    ethical-advertising
    advertising-details
    sponsors

diff --git a/docs/privacy-policy.rst b/docs/privacy-policy.rst
@@ -0,0 +1,370 @@
+.. This is linked from the footer of readthedocs.org
+.. and from the version (flyout) menu on docs sites
+
+Privacy Policy
+==============
+
+Effective date: **May 25, 2018**
+
+Welcome to Read the Docs.
+At Read the Docs, we believe in protecting the privacy of our
+users, authors, and readers.
+
+
+The short version
+-----------------
+
+We collect your information only with your consent;
+we only collect the minimum amount of personal information that is necessary
+to fulfill the purpose of your interaction with us;
+we don't sell it to third parties;
+and we only use it as this Privacy Policy describes.
+
+Of course, the short version doesn't tell you everything,
+so please read on for more details!
+
+
+Our services
+------------
+
+Read the Docs is made up of:
+
+readthedocs.org
+    This is a website aimed at documentation authors writing and building
+    software documentation. This Privacy Policy applies to this site
+    in full without reservation.
+
+readthedocs.com
+    This website is a commercial hosted offering for hosting private
+    documentation for corporate clients.
+    It is governed by this privacy policy but also separate
+    `terms <https://readthedocs.com/terms/>`_.
+
+readthedocs.io and other domains ("Documentation Sites")
+    These public websites are where Read the Docs hosts documentation on
+    behalf of documentation authors. A best effort is made to apply
+    this Privacy Policy to these sites but the documentation
+    may contain content and files created by documentation authors.
+
+
+What information Read the Docs collects and why
+-----------------------------------------------
+
+Information from website browsers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you're **just browsing the website**, we collect the same basic information that most websites collect.
+We use common internet technologies, such as cookies and web server logs.
+We collect this basic information from everybody, whether they have an account or not.
+
+The information we collect about all visitors to our website includes:
+
+* the visitor's browser type
+* language preference
+* referring site
+* the date and time of each visitor request
+
+We also collect potentially personally-identifying information
+like Internet Protocol (IP) addresses.
+
+
+Why do we collect this?
++++++++++++++++++++++++
+
+We collect this information to better understand how our website visitors
+use Read the Docs, and to monitor and protect the security of the website.
+
+
+Information from users with accounts
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you **create an account**, we require some basic information at the time of account creation.
+You will create your own user name and password, and we will ask you for a valid email account.
+You also have the option to give us more information if you want to,
+and this may include "User Personal Information."
+
+"User Personal Information" is any information about one of our users which could,
+alone or together with other information, personally identify him or her.
+Information such as a user name and password, an email address,
+a real name, and a photograph are examples of "User Personal Information."
+
+User Personal Information does not include aggregated, non-personally identifying information.
+We may use aggregated, non-personally identifying information to operate, improve,
+and optimize our website and service.
+
+Why do we collect this?
++++++++++++++++++++++++
+
+- We need your User Personal Information to create your account, and to provide the services you request.
+- We use your User Personal Information, specifically your user name, to identify you on Read the Docs.
+- We use it to fill out your profile and share that profile with other users.
+- We will use your email address to communicate with you but it is not shared publicly.
+- We limit our use of your User Personal Information to the purposes listed in this Privacy Statement.
+  If we need to use your User Personal Information for other purposes, we will ask your permission first.
+  You can always see what information we have in your
+  `user account <https://readthedocs.org/accounts/edit/>`_.
+
+What information Read the Docs does not collect
+-----------------------------------------------
+
+We do not intentionally collect **sensitive personal information**,
+such as social security numbers, genetic data, health information, or religious information.
+
+Documentation Sites hosted on Read the Docs are public,
+anyone (including us) may view their contents.
+If you have included private or sensitive information in your Documentation Site,
+such as email addresses, that information may be indexed by search engines or used by third parties.
+
+If you're a **child under the age of 13**, you may not have an account on Read the Docs.
+Read the Docs does not knowingly collect information from or direct any of our content specifically to children under 13.
+If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account.
+We don't want to discourage you from writing software documentation, but those are the rules.
+
+How we share the information we collect
+---------------------------------------
+
+We **do not** share, sell, rent, or trade User Personal Information with
+third parties for their commercial purposes.
+
+We do not disclose User Personal Information outside Read the Docs,
+except in the situations listed in this section or
+in the section below on compelled disclosure.
+
+We **do** share certain aggregated, non-personally identifying information
+with others about how our users, collectively, use Read the Docs.
+For example, we may compile statistics on the prevalence of
+different types of documentation across Read the Docs for a blog post
+or popularity of programming languages for advertising partners.
+
+We **do** host advertising on Documentation Sites.
+This advertising is first-party advertising hosted by Read the Docs.
+We **do not** run any code from advertisers and all ad images are hosted
+on Read the Docs' servers. For more details, see our document on
+:doc:`advertising-details`.
+
+We may use User Personal Information with your permission,
+so we can perform services you have requested.
+For example, if you request service on commercially hosted docs,
+we will ask your permission to sync your private repositories.
+
+We may share User Personal Information with a limited number of third party vendors
+who process it on our behalf to provide or improve our service,
+and who have agreed to privacy restrictions similar to our own Privacy Statement.
+For more details, see our next section on
+:ref:`third parties <privacy-policy-third-parties>`.
+
+
+.. _privacy-policy-third-parties:
+
+Third party vendors
+~~~~~~~~~~~~~~~~~~~
+
+As we mentioned, we may share some information with third party vendors
+or it may be collected by them on our behalf.
+The information collected and stored by third parties
+is subject to their policies and practices.
+This list will be updated from time to time
+and we encourage you to check back periodically.
+
+Payment processing
+++++++++++++++++++
+
+Should you choose to donate to Read the Docs, purchase a `Gold subscription`_,
+or become a subscriber to Read the Docs' commercial hosting product,
+your payment information and details will be processed by Stripe.
+Read the Docs does not store your payment information.
+
+.. _Gold subscription: https://readthedocs.org/accounts/gold/
+
+Site monitoring
++++++++++++++++
+
+Read the Docs uses Sentry and New Relic to diagnose errors
+and improve the performance of our site.
+Both companies take part in the EU-US Privacy Shield framework.
+We aim to minimize the amount of personal information shared,
+but the information may include your IP address.
+
+Analytics
++++++++++
+
+We go into detail on analytics in a
+:ref:`separate section specific to analytics <privacy-policy-analytics>`.
+
+Email newsletter
+++++++++++++++++
+
+If you sign up for the `Read the Docs email newsletter`_,
+your email address and name will be stored by Mailchimp.
+This newsletter is separate from creating a Read the Docs account and
+signing up for Read the Docs does not opt you in for the newsletter.
+
+You can manage your email subscription
+including unsubscribing and deleting your records with Mailchimp.
+There is a link to do so in the footer of any newsletter you receive from us.
+
+.. _Read the Docs email newsletter: http://readthedocs.us3.list-manage.com/subscribe?u=a6a22369cc2b356379cf789ca&id=a85a83a5a5
+
+
+Public Information on Read the Docs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Most of Read the Docs is public-facing including
+user names, project names, and Documentation Sites.
+If your content is public-facing, third parties may access it.
+We do not sell that content; it is yours.
+
+
+Our use of cookies and tracking
+-------------------------------
+
+Cookies
+~~~~~~~
+
+Read the Docs uses cookies to make interactions with our service easy and meaningful.
+We use cookies to keep you logged in, remember your preferences,
+and provide information for future development of Read the Docs.
+
+A cookie is a small piece of text that our web server stores on your computer or mobile device,
+which your browser sends to us when you return to our site.
+Cookies do not necessarily identify you if you are merely visiting Read the Docs;
+however, a cookie may store a unique identifier for each logged in user.
+The cookies Read the Docs sets are essential for the operation of the website,
+or are used for performance or functionality.
+By using our website, you agree that we can place these types of cookies on your computer or device.
+If you disable your browser or device's ability to accept cookies,
+you will not be able to log in to Read the Docs.
+
+.. _privacy-policy-analytics:
+
+Google Analytics
+~~~~~~~~~~~~~~~~
+
+We use Google Analytics as a third party tracking service,
+but we don't use it to track you individually or collect your User Personal Information.
+We use Google Analytics to collect information about how our website performs
+and how our users, in general, navigate through and use Read the Docs.
+This helps us evaluate our users' use of Read the Docs;
+compile statistical reports on activity; and improve our content and website performance.
+
+Google Analytics gathers certain simple, non-personally identifying information over time,
+such as your IP address, browser type, internet service provider, referring and exit pages,
+time stamp, and similar data about your use of Read the Docs.
+We do not link this information to any of your personal information such as your user name.
+
+Read the Docs will not, nor will we allow any third party to,
+use the Google Analytics tool to track our users individually;
+collect any User Personal Information other than IP address;
+or correlate your IP address with your identity.
+Google provides further information about its own privacy practices and offers a
+`browser add-on to opt out of Google Analytics tracking <https://tools.google.com/dlpage/gaoptout>`_.
+
+
+How Read the Docs secures your information
+------------------------------------------
+
+Read the Docs takes all measures reasonably necessary to protect
+User Personal Information from unauthorized access, alteration, or destruction;
+maintain data accuracy; and help ensure the appropriate use of User Personal Information.
+We follow generally accepted industry standards to protect the personal information
+submitted to us, both during transmission and once we receive it.
+
+No method of transmission, or method of electronic storage, is 100% secure.
+Therefore, we cannot guarantee its absolute security.
+
+
+Read the Docs' global privacy practices
+---------------------------------------
+
+**Information that we collect will be stored and processed in the United States**
+in accordance with this Privacy Policy.
+However, we understand that we have users from
+different countries and regions with different privacy expectations,
+and we try to meet those needs.
+
+We provide the same standard of privacy protection to all our users around the world,
+regardless of their country of origin or location,
+Additionally, we require that if our vendors or affiliates have access to
+User Personal Information, they must comply with our privacy policies and
+with applicable data privacy laws.
+
+In particular:
+
+* Read the Docs provides clear methods of unambiguous,
+  informed consent at the time of data collection,
+  when we do collect your personal data.
+* We collect only the minimum amount of personal data necessary, unless you choose to provide more.
+  We encourage you to only give us the amount of data you are comfortable sharing.
+* We offer you simple methods of accessing, correcting, or deleting the data we have collected.
+* We also provide our users a method of recourse and enforcement.
+
+
+Resolving Complaints
+--------------------
+
+If you have concerns about the way Read the Docs is handling your User Personal Information,
+please let us know immediately by emailing us at [email protected].
+
+
+How we respond to compelled disclosure
+--------------------------------------
+
+Read the Docs may disclose personally-identifying information
+or other information we collect about you to law enforcement in response
+to a valid subpoena, court order, warrant, or similar government order,
+or when we believe in good faith that disclosure is reasonably necessary
+to protect our property or rights, or those of third parties or the public at large.
+
+In complying with court orders and similar legal processes,
+Read the Docs strives for transparency.
+When permitted, we will make a reasonable effort to notify users
+of any disclosure of their information,
+unless we are prohibited by law or court order from doing so,
+or in rare, exigent circumstances.
+
+
+How you can access and control the information we collect
+---------------------------------------------------------
+
+If you're already a Read the Docs user, you may access, update, alter,
+or delete your basic user profile information by
+`editing your user account <https://readthedocs.org/accounts/edit/>`_.
+
+
+Data retention and deletion
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Read the Docs will retain User Personal Information for as long
+as your account is active or as needed to provide you services.
+
+We may retain certain User Personal Information indefinitely,
+unless you delete it or request its deletion.
+For example, we don't automatically delete inactive user accounts,
+so unless you choose to delete your account,
+we will retain your account information indefinitely.
+
+If you would like to delete your User Personal Information,
+you may do so in your `user account <https://readthedocs.org/accounts/delete/>`_.
+We will retain and use your information as necessary to comply with
+our legal obligations, resolve disputes, and enforce our agreements,
+but barring legal requirements, we will delete your full profile.
+
+Our web server logs for both readthedocs.org and documentation sites
+are deleted after 10 days barring legal obligations.
+
+
+Changes to our Privacy Policy
+-----------------------------
+
+We reserve the right to revise this Privacy Policy at any time.
+If we change this Privacy Policy in the future,
+we will post the revised Privacy Policy and update the "Effective Date," above,
+to reflect the date of the changes.
+
+
+Contacting Read the Docs
+------------------------
+
+Questions regarding Read the Docs' Privacy Policy or
+information practices should be directed to
+[email protected].
diff --git a/readthedocs/restapi/templates/restapi/footer.html b/readthedocs/restapi/templates/restapi/footer.html
@@ -123,7 +123,11 @@
 
       <hr/>
       {% block footer %}
-      Free document hosting provided by <a href="https://readthedocs.org">Read the Docs</a>.
+        <small>
+          <span>Hosted by <a href="https://readthedocs.org">Read the Docs</a></span>
+          <span> &middot; </span>
+          <a href="https://docs.readthedocs.io/en/latest/privacy-policy.html">Privacy Policy</a>
+        </small>
       {% endblock %}
 
       {% if not new_theme %}