john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
tractatus/public/locales/en/privacy.json
TheFlow fa7d2dffc8 fix(privacy): correct hosting location and enhance EU data protection disclosure 
CRITICAL FIX: Section 9 incorrectly stated data "may be transferred to and
processed in New Zealand" - this is factually incorrect. Data is hosted in
the EU (OVHCloud France, MongoDB Atlas Frankfurt) and NEVER transferred to NZ.

Changes:
- Section 9: Complete rewrite for accuracy
  * Clarified: NZ administration vs. EU hosting
  * Added explicit hosting providers and regions
  * Confirmed NO data transfer to New Zealand
  * Expanded GDPR compliance details (Articles 5, 6, 15-22, 25, 32)
- Section 4: Updated retention periods to match GDPR page (7 years donations,
  14 months analytics anonymization)
- Section 7: Enhanced security specifications (TLS 1.3, AES-256, bcrypt)
- Section 3: Clarified MongoDB hosting is in EU

Translations:
- German (DE): 99/99 professional translations via DeepL ✓
- French (FR): 99/99 professional translations via DeepL ✓

This correction strengthens GDPR compliance messaging and provides accurate
transparency about data residency.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-28 10:46:51 +13:00

153 lines
9.5 KiB
JSON
Raw Blame History

{
"meta": {
"title": "Privacy Policy | Tractatus AI Safety Framework",
"description": "Privacy policy for the Tractatus AI Safety Framework. Learn how we collect, use, and protect your data."
},
"header": {
"title": "Privacy Policy",
"last_updated": "Last updated: October 28, 2025"
},
"privacy_first": {
"badge": "Privacy First:",
"text": "The Tractatus Framework is built on principles of human agency and transparency. We collect minimal data, never sell your information, and give you full control over your data."
},
"section_1": {
"title": "1. Information We Collect",
"subtitle_1_1": "1.1 Information You Provide",
"items_1_1": [
"<strong>Donations (Koha):</strong> Name (optional), email address (required for receipt), country (optional), payment information (processed by Stripe, not stored by us)",
"<strong>Media Inquiries:</strong> Name, email, organization, inquiry details",
"<strong>Case Submissions:</strong> Contact information, case description, supporting evidence",
"<strong>Account Creation (if applicable):</strong> Email, credentials (hashed), optional profile information"
],
"subtitle_1_2": "1.2 Automatically Collected Information",
"items_1_2": [
"<strong>Analytics:</strong> Page views, referring sites, browser type, device type, general location (country-level)",
"<strong>Cookies:</strong> Session management, preferences (e.g., selected currency), analytics",
"<strong>Server Logs:</strong> IP addresses, access times, pages accessed (retained for 90 days for security)"
],
"subtitle_1_3": "1.3 Currency Selection",
"text_1_3": "When you select a currency for donations, we may detect your approximate location to suggest an appropriate currency. This location data is:",
"items_1_3": [
"Derived from your IP address (country-level only, not precise geolocation)",
"Used only to pre-select a currency in the donation form",
"Not stored permanently",
"Can be overridden by manual currency selection"
]
},
"section_2": {
"title": "2. How We Use Your Information",
"items": [
"<strong>Process Donations:</strong> Email receipts, acknowledge public supporters (opt-in only), maintain transparency dashboard",
"<strong>Respond to Inquiries:</strong> Answer media questions, review case submissions, provide support",
"<strong>Improve Services:</strong> Analyze usage patterns, fix bugs, enhance user experience",
"<strong>Security:</strong> Prevent fraud, detect abuse, protect against attacks",
"<strong>Legal Compliance:</strong> Comply with applicable laws, respond to legal requests",
"<strong>Communications:</strong> Send receipts, important updates (we never send marketing emails without explicit opt-in)"
]
},
"section_3": {
"title": "3. Data Sharing and Disclosure",
"subtitle_share": "We Share Your Data With:",
"share_items": [
"<strong>Stripe:</strong> Payment processing for donations (subject to <a href=\"https://stripe.com/privacy\" class=\"text-blue-600 hover:underline\" target=\"_blank\" rel=\"noopener\">Stripe's Privacy Policy</a>)",
"<strong>MongoDB Atlas:</strong> Database hosting in EU (subject to <a href=\"https://www.mongodb.com/legal/privacy-policy\" class=\"text-blue-600 hover:underline\" target=\"_blank\" rel=\"noopener\">MongoDB's Privacy Policy</a>)",
"<strong>Email Service Provider:</strong> For sending receipts and communications"
],
"subtitle_never": "We NEVER:",
"never_items": [
"❌ Sell your personal data",
"❌ Share your data with advertisers",
"❌ Use your data for tracking across other websites",
"❌ Share donor information publicly without explicit opt-in"
],
"subtitle_legal": "Legal Disclosures:",
"legal_text": "We may disclose your information if required by law, court order, or to protect our rights and safety. We will notify you of such requests unless prohibited by law."
},
"section_4": {
"title": "4. Data Retention",
"items": [
"<strong>Donation Records:</strong> Retained for 7 years for tax and legal requirements",
"<strong>Server Logs:</strong> Deleted after 90 days",
"<strong>Analytics Data:</strong> Aggregated and anonymized after 14 months",
"<strong>User Accounts:</strong> Retained until you request deletion, plus 30 days",
"<strong>Inquiries/Submissions:</strong> Retained for 2 years, then archived or deleted"
]
},
"section_5": {
"title": "5. Your Rights",
"intro": "You have the right to:",
"items": [
"<strong>Access:</strong> Request a copy of your personal data",
"<strong>Correction:</strong> Update or correct inaccurate information",
"<strong>Deletion:</strong> Request deletion of your data (subject to legal obligations)",
"<strong>Portability:</strong> Receive your data in a machine-readable format (JSON, CSV)",
"<strong>Opt-Out:</strong> Withdraw consent for public acknowledgements anytime",
"<strong>Object:</strong> Object to processing of your data"
],
"contact": "To exercise your rights, email: <a href=\"mailto:privacy@agenticgovernance.digital\" class=\"text-blue-600 hover:underline\">privacy@agenticgovernance.digital</a>"
},
"section_6": {
"title": "6. Cookies and Tracking",
"essential": "<strong>Essential Cookies:</strong> Required for site functionality (session management, authentication)",
"preference": "<strong>Preference Cookies:</strong> Remember your settings (currency selection, theme preferences)",
"analytics": "<strong>Analytics Cookies:</strong> Privacy-respecting analytics (no cross-site tracking)",
"control": "You can control cookies through your browser settings. Disabling cookies may affect site functionality."
},
"section_7": {
"title": "7. Security",
"intro": "We implement industry-standard security measures:",
"items": [
"TLS 1.3 encryption for all connections",
"Encrypted database storage (AES-256 at rest)",
"Password hashing (bcrypt with salt)",
"Regular security audits and vulnerability scanning",
"Access controls and intrusion detection monitoring",
"No storage of payment card data (handled by Stripe PCI-compliant systems)"
],
"disclaimer": "While we take reasonable precautions, no system is completely secure. Report security issues to: <a href=\"mailto:security@agenticgovernance.digital\" class=\"text-blue-600 hover:underline\">security@agenticgovernance.digital</a>"
},
"section_8": {
"title": "8. Children's Privacy",
"text": "The Tractatus Framework is not directed at children under 13. We do not knowingly collect information from children. If you believe a child has provided us with personal data, please contact us at <a href=\"mailto:privacy@agenticgovernance.digital\" class=\"text-blue-600 hover:underline\">privacy@agenticgovernance.digital</a>."
},
"section_9": {
"title": "9. Data Location and International Operations",
"intro": "The Tractatus Framework is administered from Aotearoa New Zealand, but our infrastructure is hosted with <strong>OVHCloud in the European Union</strong> (France). Your data is stored and processed within the EU, benefiting from robust EU data protection standards.",
"hosting_heading": "Hosting and Data Residency:",
"hosting_items": [
"<strong>Primary Hosting:</strong> OVHCloud (France, EU) - all user data stored in EU jurisdiction",
"<strong>Database:</strong> MongoDB Atlas (EU-West region, Frankfurt, Germany)",
"<strong>Payment Processing:</strong> Stripe (uses Standard Contractual Clauses for EU-US data transfers)",
"<strong>No Data Transfer to NZ:</strong> Your personal data is not transferred to or processed in New Zealand"
],
"gdpr_heading": "GDPR Compliance:",
"gdpr_text": "As our infrastructure is hosted in the EU, we benefit from the protections of the General Data Protection Regulation (GDPR). EU users' data never leaves EU jurisdiction during normal operations. We comply with GDPR requirements including:",
"gdpr_items": [
"Lawful basis for processing (Article 6)",
"Data minimization and purpose limitation (Article 5)",
"Your rights under Articles 15-22 (access, rectification, erasure, portability, objection)",
"Privacy by Design and Default (Article 25)",
"Data security measures (Article 32)"
],
"non_eu_text": "<strong>For non-EU users:</strong> Your data is processed in the EU and benefits from GDPR protections, regardless of your location. We extend GDPR rights to all users globally."
},
"section_10": {
"title": "10. Changes to This Policy",
"text": "We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated \"Last updated\" date. Material changes will be communicated via email (for users who provided email) or prominent notice on the website."
},
"section_11": {
"title": "11. Contact Us",
"intro": "For privacy-related questions or concerns:",
"email": "Email:",
"email_address": "privacy@agenticgovernance.digital",
"dpo": "Data Protection Officer:",
"dpo_name": "John Stroh",
"postal": "Postal Address:",
"postal_text": "Available upon request"
},
"te_tiriti": {
"title": "Te Tiriti o Waitangi | Treaty Commitment",
"text": "As a New Zealand-based project, we acknowledge Te Tiriti o Waitangi and our commitment to partnership, protection, and participation. Our privacy practices respect Māori concepts of data sovereignty (rangatiratanga) and collective guardianship (kaitiakitanga)."
}
}
Reference in a new issue View git blame Copy permalink