A friends of the Secret Bear Library BookWyrm instance. If you know an existing member feel free to reach out for an invite.
Secret Bear Library
Social Reading and Reviewing
The data you post here lives on a server that is run by Christof Dorner. He promises that he won't look at your private data. You are just going to have to trust him on this. The server is located in Frankfurt, Germany on infrastructure provided by Hetzner. Additionally, traffic is routed through CloudFlare and image data is stored on CloudFlare's R2 storage system. Regular database backups are encrypted and stored on R2 as well.
This is, however, an ActivityPub federated server. This means that other people on other federated servers can find you, send you messages, etc. This also means that any information you put in posts, whether they are public or private, might end up "federated" - basically, a copy of your post gets put on any server that reads your post.
What information do we collect?
- Basic account information: If you register on this server, you may be asked to enter a username, an e-mail address and a password. You may also enter additional profile information such as a display name and biography, and upload a profile picture and header image. The username, display name, biography, profile picture and header image are always listed publicly.
- Posts, following and other public information: The list of people you follow is listed publicly, the same is true for your followers. When you submit a message, the date and time is stored as well as the application you submitted the message from. Messages may contain media attachments, such as pictures and videos. Public and unlisted posts are available publicly. Your posts are delivered to your followers, in some cases it means they are delivered to different servers and copies are stored there. When you delete posts, this is likewise delivered to your followers. The action of boosting or favouriting another post is always public.
- Direct and followers-only posts: All posts are stored and processed on the server. Followers-only posts are delivered to your followers and users who are mentioned in them, and direct posts are delivered only to users mentioned in them. In some cases it means they are delivered to different servers and copies are stored there. We make a good faith effort to limit the access to those posts only to authorized persons, but other servers may fail to do so. Therefore it's important to review servers your followers belong to. You may toggle an option to approve and reject new followers manually in the settings. Please keep in mind that the operators of the server and any receiving server may view such messages and that recipients may screenshot, copy or otherwise re-share them. Do not share any dangerous information over Secret Bear Library.
What do we use your information for?
Any of the information we collect from you may be used in the following ways:
- To provide the core functionality of Secret Bear Library. You can only interact with other people's content and post your own content when you are logged in. For example, you may follow other people to view their combined posts in your own personalized home timeline.
- To aid moderation of the community, for example comparing your IP address with other known ones to determine ban evasion or other violations.
- The email address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, and to respond to inquiries, and/or other requests or questions.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. Among other things, your browser session, as well as the traffic between your applications and the API, are secured with SSL, and your password is hashed using a strong one-way algorithm.
What is our data retention policy?
We will make a good faith effort to:
- Retain server logs containing the IP address of all requests to this server, in so far as such logs are kept, no more than 90 days.
- Retain the IP addresses associated with registered users no more than 12 months.
Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
Your public content may be downloaded by other servers in the network. Your public and followers-only posts are delivered to the servers where your followers reside, and direct messages are delivered to the servers of the recipients, in so far as those followers or recipients reside on a different server than this.
This document is CC-BY-SA. It was last updated December 12 2022.4>