Rockbox Privacy Policy
First, it must be stated up front that Rockbox is not a legal entity of any sort.
For purposes of this document, "Rockbox" refers to the set of on-line services provided under the rockbox.org domain, and the volunteers that administer these services.
As of this writing, all services are commercially hosted by OVHCloud in the USA, and are administered by a volunteer residing in Suwannee County, Florida, USA.
Data Collected by Rockbox
Rockbox automatically collects the minimum amount of information necessary to provide the services requested by our users, including:
- E-mail address and name provided for authentication and notification purposes.
- IP address, timestamp, and URL (or equivalent) for each request made to our servers.
Additionally, Rockbox collects data that users explicitly choose to send to or through us, including:
- Private personal information added to account profiles (eg legal name or email address)
- Private correspondence with Rockbox administrators, developers, or other users of Rockbox services.
- Information added to public account profiles (eg displayed name or nicknames, location information, etc)
- Public content such as bug tickets, code or documentation submissions, emails to the mailing list, forum posts, IRC channel activity, and so forth.
- Legal name and country of residence for financial contributions.
- Legal name and email address as part of source code or documentation submissions.
External Authentication
- As a user convenience, Rockbox allow users to authenticate using third party credentials for some services.
- If a user explicitly chooses to authenticate using an external authentication provider (eg Google or via OpenID), their credentials are shared with that provider in order to perform the authentication, and periodically checked/refreshed to ensure the authentication session is still valid.
- Other than what is needed for authentication, Rockbox does not supply, request, nor make use of any other information that the external providers may have.
- Rockbox has no control over what information the external authentication provider collects related to these authentication requests, or what they do with this information.
Use & Disclosure of User Data
- Rockbox will only use private user data to provide requested services.
- Rockbox will not use any user data for advertising or marketing purposes.
- Rockbox will not intentionally disclose private user data to third parties except where legally required.
- Rockbox will cooperate with court orders and legal requests from law enforcement.
- Legal names, email address, and timestamps included as part of accepted source code or documentation submissions are permanently incorporated into, and disclosed as part of, the public record of Rockbox's development history.
User Tracking
- Rockbox employs use of "cookies" solely for authentication and session management. Cookies are not shared with any third party.
- Rockbox does not track its users' individual activities, although logs are analysed to provide usage statistics and protect against abuse.
- Rockbox does not use any third-party tracking or analytics services.
- Rockbox will not combine user data or activity data with external data sources.
- Rockbox will not use any user data, or their activity data, for advertising or marketing purposes.
Data retention
- Server log retention varies by individual service, but typically logs are rotated every week and retained for one month.
- Automated backups of all server data occur daily and and are retained for one month.
- Public user-contributed content is retained indefinitely
- Records of all financial contributions are retained for seven years in accordance with US Federal law.
- Rockbox will, on a best-effort basis, respond to account, data, and content deletion requests.
- Legal names, email address, and timestamps included as part of accepted source code or documentation submissions are permanently (and publicly) retained.
Last updated 2024-07-17
Copyright © by the contributing authors.