More actions
m Protected "Nest:Privacy policy": High traffic page ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)) |
update privacy policy in accordance with vote |
||
| Line 1: | Line 1: | ||
=== Overview === | |||
Nest is the data controller for all processing activities described in this policy. While Hack Club fiscally sponsors and funds Nest, data decisions and day-to-day administration are made independently by the Nest admin team. | |||
=== What data we keep === | |||
When you create an account on Nest or use our services, we process the following information: | |||
* Account details (managed in Quetzal): numeric ID, Slack user ID, tilde username, name and email if provided, SSH public key, optional profile description, account status (approved/admin), and creation date. | |||
If you have a | * Files and configurations stored in your home directory and related services such as identity.hackclub.app. | ||
* Support correspondence, including the email address you use and any information you provide when you contact us. | |||
* Security and abuse information, such as IP addresses associated with suspected attacks or abuse attempts, collected only to safeguard the service. | |||
=== The purpose and legal basis for each processing === | |||
==== Account management ==== | |||
We process account information in order to provide access to Nest systems and services. This processing is necessary for the performance of the contract between Nest and its users. | |||
==== Support and problem reports ==== | |||
When you contact us regarding technical problems, account issues, or abuse reports, we process the personal data contained in your message in order to resolve the issue. This processing is based on our legitimate interest in maintaining the reliability and security of Nest. | |||
==== How long we keep it ==== | |||
Account data remains until you request its deletion. Files in your home directory remain until you remove them or close your account. Security and abuse records are retained only as long as necessary to protect Nest. | |||
Backups are rotated regularly; expired data is permanently deleted as part of this process. | |||
==== Security and abuse prevention ==== | |||
We may process limited technical information, such as IP addresses associated with suspected abuse or attacks, for the purpose of protecting Nest and its users. This processing is necessary for our legitimate interest in maintaining system security. | |||
=== Data Processors === | |||
Our core infrastructure is located in Finland and operated through Hetzner Online GmbH. We also rely on third-party providers to deliver services: | |||
* Hetzner Online GmbH (EU) – hosting and backup services. | |||
* Automattic, Inc. (US) – Gravatar for profile images. | |||
* Salesforce, Inc. (US) – Slack for community chat and account management. | |||
* Airtable, Inc. (US) – internal coordination. | |||
* AbuseIPDB LLC (US) – reporting and mitigating network abuse. | |||
These providers process personal data on our behalf and are bound by legal and contractual safeguards. | |||
=== International transfers === | |||
Because some providers are based in the United States, personal data may be transferred outside the EU/EEA. Such transfers are protected either by the provider's participation in the EU–US Data Privacy Framework or through Standard Contractual Clauses approved by the European Commission. | |||
=== What we don't do === | |||
We do not log shell activity, monitor user behavior, or track metadata related to your use of Nest beyond what is strictly necessary for account management and system security. We do not profile users or make automated decisions about them. | |||
=== Your rights === | |||
You have the right to request access to your personal data, to request rectification or deletion, and to request restriction of processing. You may also request a copy of your data in a portable format. If you are based in the EU, you have the right to lodge a complaint with your local data protection authority. | |||
To exercise your rights, please contact us at gdpr at hackclub dot app. | |||
=== Automated decision-making === | |||
We do not use automated decision-making or profiling in connection with the processing of your personal data. | |||
=== Access and administrative decisions === | |||
Nest administrators will not access, modify, or disclose user data stored in home directories or services operated by Nest without explicit consent, except in the following limited circumstances: | |||
# To comply with a lawful criminal investigation or legal request; | |||
# To conduct an internal security or abuse investigation approved by a majority of Nest administrators; or | |||
# To perform automated system maintenance or updates required for service reliability. | |||
Administrative actions such as account approvals, suspensions, or terminations are decided by the Nest admin team and are not automated. We do not make decisions affecting users' rights or access based solely on automated processing. | |||
=== User Operated Services === | |||
Some Nest subdomains (e.g., <code>username.hackclub.app</code>) are operated directly by individual users. These users act as independent data controllers for the data processed on their own subdomains and custom domains. If you have a privacy concern or data request related to a user-operated service, please contact the service owner directly or email us at gdpr at hackclub dot app | |||
=== Updates === | |||
We may update this policy to reflect new services or infrastructure changes. For significant updates (such as adding new data processors or controllers), we'll announce them in the <code>#nest</code> Slack channel and update this page with the effective date. We do not have the technical infrastructure to send email updates unless legally required. | |||
=== Technical Security === | |||
All data in transit is encrypted using TLS, and backups are encrypted at rest. SSH keys are stored as plaintext public keys only, never private keys. Access to systems is limited to authorized Nest administrators. | |||
=== How to reach us === | |||
<syntaxhighlight> | |||
Nest | |||
15 Falls Road | |||
Shelburne VT 05482-7480 | |||
</syntaxhighlight>Email: gdpr at hackclub dot app | |||
This Privacy Policy was last updated on 17 October 2025. | |||
Latest revision as of 21:05, 17 October 2025
Overview
Nest is the data controller for all processing activities described in this policy. While Hack Club fiscally sponsors and funds Nest, data decisions and day-to-day administration are made independently by the Nest admin team.
What data we keep
When you create an account on Nest or use our services, we process the following information:
- Account details (managed in Quetzal): numeric ID, Slack user ID, tilde username, name and email if provided, SSH public key, optional profile description, account status (approved/admin), and creation date.
- Files and configurations stored in your home directory and related services such as identity.hackclub.app.
- Support correspondence, including the email address you use and any information you provide when you contact us.
- Security and abuse information, such as IP addresses associated with suspected attacks or abuse attempts, collected only to safeguard the service.
The purpose and legal basis for each processing
Account management
We process account information in order to provide access to Nest systems and services. This processing is necessary for the performance of the contract between Nest and its users.
Support and problem reports
When you contact us regarding technical problems, account issues, or abuse reports, we process the personal data contained in your message in order to resolve the issue. This processing is based on our legitimate interest in maintaining the reliability and security of Nest.
How long we keep it
Account data remains until you request its deletion. Files in your home directory remain until you remove them or close your account. Security and abuse records are retained only as long as necessary to protect Nest.
Backups are rotated regularly; expired data is permanently deleted as part of this process.
Security and abuse prevention
We may process limited technical information, such as IP addresses associated with suspected abuse or attacks, for the purpose of protecting Nest and its users. This processing is necessary for our legitimate interest in maintaining system security.
Data Processors
Our core infrastructure is located in Finland and operated through Hetzner Online GmbH. We also rely on third-party providers to deliver services:
- Hetzner Online GmbH (EU) – hosting and backup services.
- Automattic, Inc. (US) – Gravatar for profile images.
- Salesforce, Inc. (US) – Slack for community chat and account management.
- Airtable, Inc. (US) – internal coordination.
- AbuseIPDB LLC (US) – reporting and mitigating network abuse.
These providers process personal data on our behalf and are bound by legal and contractual safeguards.
International transfers
Because some providers are based in the United States, personal data may be transferred outside the EU/EEA. Such transfers are protected either by the provider's participation in the EU–US Data Privacy Framework or through Standard Contractual Clauses approved by the European Commission.
What we don't do
We do not log shell activity, monitor user behavior, or track metadata related to your use of Nest beyond what is strictly necessary for account management and system security. We do not profile users or make automated decisions about them.
Your rights
You have the right to request access to your personal data, to request rectification or deletion, and to request restriction of processing. You may also request a copy of your data in a portable format. If you are based in the EU, you have the right to lodge a complaint with your local data protection authority.
To exercise your rights, please contact us at gdpr at hackclub dot app.
Automated decision-making
We do not use automated decision-making or profiling in connection with the processing of your personal data.
Access and administrative decisions
Nest administrators will not access, modify, or disclose user data stored in home directories or services operated by Nest without explicit consent, except in the following limited circumstances:
- To comply with a lawful criminal investigation or legal request;
- To conduct an internal security or abuse investigation approved by a majority of Nest administrators; or
- To perform automated system maintenance or updates required for service reliability.
Administrative actions such as account approvals, suspensions, or terminations are decided by the Nest admin team and are not automated. We do not make decisions affecting users' rights or access based solely on automated processing.
User Operated Services
Some Nest subdomains (e.g., username.hackclub.app) are operated directly by individual users. These users act as independent data controllers for the data processed on their own subdomains and custom domains. If you have a privacy concern or data request related to a user-operated service, please contact the service owner directly or email us at gdpr at hackclub dot app
Updates
We may update this policy to reflect new services or infrastructure changes. For significant updates (such as adding new data processors or controllers), we'll announce them in the #nest Slack channel and update this page with the effective date. We do not have the technical infrastructure to send email updates unless legally required.
Technical Security
All data in transit is encrypted using TLS, and backups are encrypted at rest. SSH keys are stored as plaintext public keys only, never private keys. Access to systems is limited to authorized Nest administrators.
How to reach us
Nest
15 Falls Road
Shelburne VT 05482-7480Email: gdpr at hackclub dot app
This Privacy Policy was last updated on 17 October 2025.