Privacy Policy

 

Effective Date: 10 December, 2022

Welcome to Certified.Social, a Mastodon server/Web site (“Certified.Social,” “Web site,” “Site”, “Server”, “Node”, “Instance”, “We”, “Us”) owned by a Delaware corporation (“The Corporation”, “Parent Corporation”). This Privacy Policy applies to any information that is collected while you are on the Site and our Server. In compliance with the EU GDPR and the California CCPA, our goal with this policy is to be transparent about the personally identifiable and publicly published information we collect through the Certified.Social Site and Server or their APIs, how we use it, and how it is shared. This Privacy Policy is part of our Terms of Service, and by using the Site and/or Server you agree to both. Terms with initial capital letters used in this Privacy Policy shall have the respective meanings assigned to them in the Terms of Service.

The policy also describes the choices available to you regarding our use of your personal information and how you can access and update this information. This policy does not apply to the practices of companies that Certified.Social does not own or control, or to individuals that we do not employ or manage.

Don’t stop reading, please. Or at least make sure your legal or business representative reads it and informs you of its contents. We have tried to write this in accessible language for non-lawyers and non-techies. By using the Site and Server, you are agreeing to be bound by these Terms. You should know what they say, especially because if you do not agree to these Terms, you should not use the Site or Server. It also contains information that you might use to your benefit.

CERTIFIED.SOCIAL CLIENTS’ SPECIAL REQUIREMENTS

Certified.Social understands that many of its clients are high-profile individuals who want to maintain clear boundaries between their public and business and private lives. We also understand that striking this balance can be challenging given the nature of social media. Certified.Social takes these matters seriously, and has the following policies to ensure your privacy and safety:

  1. Client login credentials should not include a personal or business e-mail address. We strongly suggest creating a dedicated e-mail address for purposes of logging into the site and receiving notifications (feel free to forward those e-mails to other addresses you own). We also suggest using a complicated password for your account, and storing your login credentials in a secure password manager such as LastPass, Bitwarden, or Dashlane. We will be glad to help you set things up in this regard.
  2. Clients are asked to not provide Certified.Social with any direct and personal contact information including e-mail addresses, phone numbers, and credentials for other Internet services. If you need to get in touch with us, please do so through the business representation contact information you’ll be asked as a part of setting up your client account.
  3. Contact information of business associates used to verify the client will be retained indefinitely by Certified.Social and stored in encrypted digital or hard-copy format. Such information will not be shared outside the company. This policy will apply if Certified.Social is acquired or merged with another company.
  4. It is strongly suggested that if a client posts contact information in any public forum that they choose an address, phone number, etc. that shields them. Certified.Social assumes no liability if a client posts private information or content on its public Mastodon server.
  5. Clients are welcome to allow members of their personal or business staff or third-party contractors to post content to their behalf. Since Mastodon only allows one set of login credentials per account, it is strongly suggested that access to these credentials be shared only with highly trusted parties. Certified.Social assumes no liability for any posts or their content. If you feel your account has been stolen or need to change your credentials quickly, Certified.Social will do its utmost to assist you.
  6. Certified.Social will have access to information like your IP address (which may indicate physical location) and login times. We discuss how this information is used and under what limited circumstances it may be shared below. However, as a public figure this information could compromise your privacy, so please consult with your IT or physical security staff if this is a concern. You are welcome to use Web proxies to shield yourself when logging in if this is a major concern.
  7. As with any other Mastodon server, the administrative staff will potentially have access to your Private DMs (direct messages) sent to other Mastodon users The server’s back-end is not encrypted (including via end-to-end encryption). Select Certified.Social staff will only access these messages in the course of an investigation into violations of the site’s standards or at the request of a law enforcement agency, all according to a documented procedure. It is important you’re aware of this. For conversations you truly want to remain private and confidential between yourself and another party, we recommend using an app with end-to-end encryption like Telegram Messenger or a (for private group chats) a Discord server.

CLIENT CONTACT, VERIFICATION AND FINANCIAL INFORMATION

Our Site’s and Server’s registration and billing process requires Clients to provide us with contact information to establish Client accounts and contact information of associated trusted parties to verify Client’s identity. In this process, Certified.Social may request personally identifiable information including name, address, city, state, ZIP/postal code, telephone number and e-mail address.

Certified.Social securely stores financial information entered by users, such as credit card numbers, purchase order numbers and related identification information. The financial information is used only to bill the user for products and services. A client’s credit card information may be transmitted only to the appropriate credit card company and/or credit card payment processing company.

Certified.Social may disclose a user’s contact or financial information if required to do so by law or in the good-faith belief that such disclosure is necessary to comply with an order of a court or government authority, or a subpoena. Certified.Social may also disclose a user’s contact or financial information in the good-faith belief that such disclosure is necessary to protect Certified.Social, its Parent Corporation, or the Site or Server, or enforce the applicable Terms or Conduct and Content Standards, in conjunction with an investigation or legal, equitable or administrative action or proceeding.

In the case of a merger, acquisition, bankruptcy, or other sale of all or a portion of the Certified.Social’s and/or its Parent Corporation’s assets or stock, your contact and/or financial information may be transferred.

WHAT DO WE USE YOUR INFORMATION FOR?

Any of the information we collect from you may be used in the following ways:

    1. To provide the core functionality of the Mastodon platform. You can only interact with other people’s content and post your own content when you are logged in. For example, you may follow other people to view their combined posts in your own personalized home timeline.
    2. To aid moderation of the Certified.Social community, for example comparing your IP address with other known ones to determine ban evasion or other violations.
    3. The e-mail address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, and to respond to inquiries, and/or other requests or questions

.

WHAT INFORMATION DO WE COLLECT?

We collect information when you use our Mastodon Server or our Site: We use free and open-source software provided by Mastodon gGmbH. This software allows you to participate in the de-centralized and federated Mastodon micro-blogging and social network. You should also remember that anything you post on the forum is public and therefore is not covered by this privacy policy– it is visible to everyone on the Internet.

Your public content may be downloaded by other servers in the network: Your public and followers-only posts are delivered to the servers where your followers reside, and direct messages are delivered to the servers of the recipients, in so far as those followers or recipients reside on a different server outside the control of Certified.Social and its policies.

  • We Collect Information When You Communicate With Us Directly: If you e-mail us or send other communications to us directly, we will retain your e-mail or address and correspondence so that we may respond to your request. We retain this information indefinitely so that we have a history of our past communications for business and legal purposes.
  • We Collect Basic Account Information: If you register or log into this server, you may be asked to enter a username, an e-mail address and a password. You may also enter additional profile information such as a display name and biography, and upload a profile picture and header image. The username, display name, biography, profile picture and header image are always listed publicly and are visible to anyone on the Internet.
  • We Collect Posts, Follower and other Public Information: The list of people you follow on Mastodon is listed publicly; the same is true for your followers. When you submit a message, the date and time is stored as well as the application you submitted the message from. Messages may contain media attachments, such as pictures and videos. Public and unlisted posts are available publicly. When you feature a post on your profile, that User Content is also publicly available information. Your posts are delivered to your followers, in some cases it means they are delivered to different servers and copies are stored there. When you delete posts, this is likewise delivered to your followers. The action of reblogging, boosting, or favoriting another post is always public.
  • We Collect Direct and Followers-Only Posts: All posts are stored and processed on the server. Followers-only posts are delivered to your followers and users who are mentioned in them, and direct posts are delivered only to users mentioned in them. In some cases it means they are delivered to different servers and copies are stored there. We make a good faith effort to limit the access to those posts only to authorized persons, but other servers may fail to do so. Therefore it’s important to review servers your followers belong to. You may toggle an option to approve and reject new followers manually in the settings. Please keep in mind that the operators of the server and any receiving server may view such messages, and that recipients may screenshot, copy or otherwise re-share them. Do not share any sensitive information over Mastodon.
  • We Collect IP Addresses, Log Data, and Other Internet Metadata: When you log in, we record the IP address you log in from, as well as the name of your browser application or client software. All the logged in sessions are available for your review and revocation in the settings. We also may retain server logs which include the IP address of every request to our server. Some of this information is recorded even if you do not have a Mastodon Server account, or even when you are logged out of your account. We mostly use this information to diagnose issues with the Site and Server.
  • We Collect Information Using Cookies: Both the Site and Server use “cookies” for their base functionality and analytical purposes. You should support cookie reform efforts if you choose. Cookies are small data files that Web sites store in your hard drive. They create a unique id that is associated with your browser. We use first-party cookies for analytics, which tell us about user activity on our site.

We DO NOT Collect Information when You Use a Partner Service: Certified.Social does and may in the future partner with various third-party services to provide our clients with additional value-added functionality. We will not shared your personal or account information with them without your informed consent. We are not responsible for those services’ privacy policies, which may differ from ours. We encourage you to review their privacy policies should you make use of them.

HOW DO WE USE COOKIES?

We use cookies to understand and save your preferences for future visits. These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.

We use Google Analytics cookies to help us understand how you engage with our site so that we can improve it. Google Analytics reports Web site trends without identifying individual visitors. You may install a Google Analytics Opt-Out Browser Button here. The Google Analytics Privacy Policy can be read here.

Certified.Social does not serve any advertising or sponsored posts to its clients or to visitors to the main Certified.Social site. We do not track your activity on the Site or Server on behalf of any advertising activity, internal or 3rd party.

RSS FUNCTIONALITY

Mastodon includes RSS feed functionality, which the Certified.Social server has enabled. When you or someone else subscribes to an RSS feed, your content may appear on a third-party RSS reader or an RSS syndication service. Certified.Social has no access to the personal information you share with them and does not control their privacy policies.

CONTENT AND CONTENT DISTRIBUTION NETWORKS (CDNs)
Certified.Social stores some static content elements (including but not limited to images, GIFs, videos), including those of User Content, on an Amazon Web Services S3 server. Certified.Social content is also distributed globally via the Cloudflare content distribution network. Please see the privacy policies of both these services if you have any concerns.

BROWSER AND OTHER SOFTWARE APPLICATIONS.

When you authorize an application to use your account, depending on the scope of permissions you approve, it may access your public profile information, your following list, your followers, your lists, all your posts, and your favorites. Certified.Social does not control how your information is used or stored on these applications. Please review their policies carefully.

HOW DO WE PROTECT YOUR INFORMATION?

Certified.Social implements a variety of commercially reasonable internal and 3rd-party security measures (technical, physical, and administrative) to maintain the safety and confidentiality of your personal information when you enter, submit, or access your personal information. Among other things, your browser session, as well as the traffic between your applications and the API, are secured with SSL, and your password is hashed using a strong one-way algorithm. You may enable two-factor authentication to further secure access to your account. Certified.Social stores data according to industry best security practices. Our data is backed up on a regular schedule of at least once per day. However, the Internet is not a perfectly secure vault and data can be lost.

WHAT IS OUR DATA RETENTION POLICY?

We will make a good-faith effort to retain server logs containing the IP address of all requests to this server, in so far as such logs are kept, no more than 90 days. We retain most of this data for 90 days maximum, except for latest IP address used to log into the account which is stored for up to 365 days.

WHO DO WE SHARE YOUR INFORMATION WITH?

It is generally our policy not to share or sell or otherwise transfer your personally identifiable information with any third parties outside Certified.Social. We may, however, share information under the following circumstances:

  1. If we receive your informed consent;
  2. If it is necessary for a third party provider who assists us in operating our site or conducting our business to perform tasks on our behalf (as described in this policy) so long as those parties agree to keep this information confidential;
  3. If we believe doing so is reasonably necessary to comply with a law, regulation, or valid legal process. If we are going to release your information, we will do our best to provide you with notice in advance, if we have a means to contact you, unless we are prohibited by court order from doing so; or
  4. If we are acquired by or merged with another company. This Privacy Policy would continue to apply to any data collected while it was in place.
  5. If it is needed to enforce our site policies, or protect ours or others rights’, property, or safety.

CAN CLIENTS DOWNLOAD THEIR DATA?

Yes. You can request and download an archive of your content, including your posts, media attachments, profile picture, and header image.

LINKS TO OTHER SITES

This Web site and Mastodon server contains links to other sites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of other sites, unless we have specified them in this document.

INTERNATIONAL VISITORS

The Parent Corporation of Certified.Social is a Delaware corporation whose servers are housed in Canada. All personal information we collect from our international users is processed according to US law. We comply with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. We adhere to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, please visit Export.gov.

We comply with the European Union’s GDPR regulation as well as California’s CCPA regarding cookies and other tracking mechanisms.

AGE RATING AND USAGE BY CHILDREN

The United States government has put limits on our ability to accept users under a certain age through the Children’s Online Privacy Protection Act of 1998. The EU and EEA require that our products and services are all directed to people who are at least 16 years old. Therefore, Certified.Social is not intended for users under the age of 16. Nobody under age 16 may maintain an account or use any part of the Site of Server that requires the submission of personally identifiable information, like e-mail or name. Any account that is created by a person under age 16 will be terminated and any content created will be removed from the Site and/or Server.

ANTI-SPAM POLICY/OPT-OUT CHOICE

We are committed to providing Users and Clients of Certified.Social with the choice to receive or not receive e-mails and/or other communications from us. We only send e-mails/newsletter to users who have requested or consented to receive them by signing up as a Client of the site. Receiving some of these e-mails, such as service notifications, is required to use the site. We do not send unsolicited commercial e-mails, buy or sell e-mail lists, or use purchased or harvested e-mail lists. We offer e-mail recipients the opportunity to opt-out of further communications in every e-mail.

CHANGES TO THIS POLICY
This Privacy Policy may be revised. If we make material changes to this policy, we will make them available, in advance, on the Certified.Social.net home page.

CONTACT US
If you have any questions or suggestions regarding our Privacy Policy or your information, please contact us at certifiedsocial@protonmail.com .

“Mastodon” is a trademark of Mastodon gGmbH.