Privacy Policy

Copyright © Vern.cc 2022, licensed under CC-BY-SA 4.0 or later.

This privacy policy describes how vern ("vern.cc", "we", "us", "~vern") collects personal information and to what degree, it also describes what rights you have regarding your privacy on vern services.

~vern hosts a set of publicly accessible services available for everyone to use, examples include the Invidious front-end, these will be referred to as public services. These are in contrast to private or member-only services which require registration, approval from a vern administrator, or both, to use.

What information do we collect on public services?

Vern by default does not collect any personally-identifiable information on publicly accessible services, IP addresses may or may not appear on automatically-generated log files but these automatically-generated log files are deleted every 48 hours.

Your browser or system may or may not send additional information such as user-agents and these may or may not be present in automatically-generated log files.

The following information is collected in log files, this is not a complete or exhaustive list and additional information might be collected:

  1. IP address
  2. To connect to any website, an IP address is sent by your system to establish a connection, sending your IP address is unavoidable though you can use proxies or virtual private networks to mask your true IP address.

  3. User-agent
  4. Your browser might send this string which contains, among other things, your specific operating system, your specific browser and specific details such as the kernel version or layout engine used.

What information do we collect on private or member-only services?

Vern only collects information that you directly provide. Most services suggest you add information about yourself but this is not required, and you can mostly leave these out.

When you register with vern, the following personal information is recorded:

  1. Username
  2. Your username is used to allow you to login to vern services.

  3. Password
  4. Your password is used to allow you to login to vern services.

  5. Email
  6. Your email is used to contact you about whether or not your account has been approved and it is also used to register you for services that do not use usernames. Your email is not shared with any third-parties and we take security regarding user-data very seriously.

  7. SSH keys
  8. In addition, your SSH public key is also stored to give you access to specific vern services such as the pubnix service and your SSH public key might contain extra information in and of itself.

The following information may or may not be recorded when you access privacy or member-only vern services, this is not an exhaustive list and is not intended to be interpreted as such:

  • Your full name
  • Some services might ask you to provide a full name, this is not shared with third-parties.

  • Email addresses
  • Some services might ask you to provide an email address, this email address might be shown publicly with an option to hide it but it is not shared with any third-parties.

  • Date of birth
  • Some services might ask you to provide your date of birth, this in turn might be used to process whether or not you will be able to access adult content or it might be shown publicly with an option to hide it. Your date of birth is not shared with any third-parties.

  • Basic account info
  • Some services might ask for a display name, biography, avatar, profile picture or profile header. These might be shown publicly with an option to hide some portions, this information is not shared with any third-parties

  • Messages, posts and chats. (Non-federated services)
  • Some services allow you to communicate with other users, your chats are stored but not shared with any third-parties, these chats might also be public, it depends on the service.

  • Messages, posts and chats. (Federated services)
  • Some services allow you to communicate with other users on different servers not controlled by vern, these servers may or may not record your chats and may or may not share them with third-parties. Regarding this, vern cannot guarantee that your messages will be deleted when requested simply because vern does not control the servers which your message will reach. Additionally, some of your messages might be "bridged" to other platforms in which case, it is even harder to get them removed, rectified or erased.

  • IPs and other metadata
  • Your system, browser or application may or may not send information in the form of IP addresses and other forms such as user-agents, this information thus in turn might be recorded on automatically-generated log files, but as mentioned above, these log files are deleted every 48 hours, in addition to being private and not shared to any third-parties.

    What do we use your personal information for?

    Core service functionality

    Some services require personal information or the core functionality will not work, in some cases, you can substitute the personal information for pseudonymous or false information but this is very rarely the case. Most services on vern require some amount of personal information to provide core functionality.

    To aid in moderation, or to detect malicious activity

    Your personal information might be collected and processed to create automatically-generated log files which might then be used to detect malicious activity, or to aid in moderation of other users, or to detect bots that are improperly programmed.

    Automatically-generated log files are deleted every 48 hours, though in some cases, the administrators can choose to keep some log files, such as in the case of an outage or attack on vern infrastructure.

    To be used in aggregated and anonymized statistics

    Some services might provide a set of anonymized statistics to the public in which case your information might be used but anonymized later.

    How do we protect your personal information?

    Vern employs a variety of security measures to protect personal information from being breached by crackers or malicious actors. These measures include hashing or encryption, containerization and other industry-standard measures.

    What is our data retention policy?

    Automatically-generated log files or server logs are deleted every 48 hours but in some cases might be kept for longer to investigate malicious behavior as outlined above.

    Information that you provide to vern might be stored indefinitely or as long as vern survives, unless you personally delete it yourself or request vern to delete it.

    Do we use cookies and other technologies?

    Yes. Some services on vern use cookies to store your preferences or to see if you are logged in, these cookies do not store any personally-identifiable information in most cases.

    Is information shared to other third-parties?

    Some vern services are federated, meaning that any messages, chats, account data and the like are shared with any similar servers, examples include the Matrix chatting service and Mastodon social-networking service, these services can share your messages, chats and other data to third-party servers which vern does not control. However, in most cases, this information is not personal.

    Other vern services do not share your information with third-parties. It's important that we distinguish between personal information and regular information. No vern service will ever share your personal information with any third-parties.

    We care about your privacy!

    What are my rights?

    Your rights under the GDPR

    If your area has enacted the General Data Protection Regulation or similar law or regulation then you have the following rights:

    There are other rights but these cannot be exercised or used on vern services for various reasons including that vern does not discriminate based on personal information or use automated processing.

    To exercise your GDPR rights, send an email to legal@vern.cc

    Your rights under the CCPA

    You have the following rights as a Californian citizen under the California Consumer privacy act:

    There are other rights but these cannot be exercised or used on vern services for various reasons including that vern does not discriminate based on personal information or use automated processing.

    To exercise your CCPA rights, send an email to legal@vern.cc

    Your rights everywhere else

    Vern believes that every individual deserves these three universal rights regarding data protection, we do not believe that certain areas deserve more priority or that certain areas get to have privacy rights and others do not.

    Here are your rights regarding privacy on vern services:

    To exercise these rights, send an email to deletion@vern.cc