Data & Privacy Policy
Last edited: November 15th, 2023
Drips websites (including drips.network, docs.drips.network, v1.drips.network, docs.v1.drips.network, app.drips.network - hereinafter referred to as “Drips Websites”) are maintained on a voluntary basis by the Public Goods Association (the “Association”). The Association is a Swiss Association whose purpose is to build digital coordination infrastructure that enables the development of public goods, including the Drips project. While the Switzerland-based Better Internet Foundation (the “Foundation”) previously assisted in the development and deployment of the Drips Network, the Better Internet Foundation and the Public Goods Association do not own, manage, or control or act as an administrator or operator of the Drips Network. The Drips Network presently operates in a fully decentralized and autonomous manner and is fully integrated with the Ethereum protocol. Neither the Association nor the Foundation is involved in nor in any way responsible for the ongoing operation, running, or functioning of the Drips Network and/or any of the interactions, collaborations or contractual relationships between Users on the Drips Network.
The Association voluntarily supports the growth and development of the Drips project, including the Drips Network (further defined in the Disclaimer) as well as the Drips Websites and other communication channels for the Drips community (as described below). The Association has posted this Data & Privacy Policy for the benefit of the community of supporters of the Drips project.
In this Data & Privacy Policy, "Association" refers to Public Goods Association, an Association incorporated in Switzerland with its address at c/o MJP Partners AG, Bahnhofstrasse 20, 6300 Zug. For more information about the Association, see the Imprint or the “Contact” section of this Data & Privacy Policy. The term “data” is used herein interchangeably with “personal data”. More:
«Personal data» means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; «sensitive personal data» is a subset of personal data and revealing e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health data or data concerning a natural person's sex life or sexual orientation.
«Processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The Association may make changes to this Data & Privacy Policy every so often. When changed, the Association will change the “Last edited” date at the top of the page. You (hereinafter referred to as "You” or “User”) are encouraged to review this Data & Privacy Policy regularly in order to stay informed. If You do not agree to the revised Data & Privacy Policy, do not use, access, or interact with the Drips Network, the Drips Technology Stack, the Drips Websites, and any other Drips communication outlet (and unsubscribe where applicable).
Data in P2P and Blockchain Infrastructures
When You decide to send or receive funds, share, or stream ERC-20 tokens, all such information and/or contribution is or may become public. Because any sending or receipt of funds, sharing or streaming of ERC-20 tokens by You on the Drips Network is linked to a public key, all contributions can be verified as coming from a public key, which could be considered as personal data. If Your public key is linked to additional personal data, like Your git username or email, this information will also be publicly accessible.
Data is disseminated through the Drips Network via a collection of public, open smart contracts deployed on Ethereum-Virtual-Machine-based (“EVM”) blockchains, equally accessible to every User and application. Therefore, data and transactions pushed via the Drips Network are part of Ethereum’s public, immutable state machine.
Furthermore, metadata (and any personal data embedded therein) provided by Users when setting up token transfers in the Drips App [app.drips.network], is sent to and stored in the InterPlanetary File System (IPFS). IPFS is a distributed system for storing and accessing files, websites, applications, and data. Each piece of data stored in the IPFS network gets its own unique content identifier (CID). IPFS uses transport-encryption, which means Your metadata (and any personal data embedded therein) is secure when being sent from one IPFS node to another. So by design, anyone is able to download and view that data (and any personal data embedded therein) if they have the CID.
It’s important to understand that any information or personal data You publish onto, via or within the Drips Network (e.g., by streaming, sharing, or transferring of tokens) is public by design. It is not possible to remove, revoke or rectify this information and data from the Drips Network. This is because the Drips Network is a decentralized (public) peer-to-peer network (not operated by the Association nor the Foundation) which stores data committed to it around the world. Your use of a client and interaction with Drips Network will lead You to interact with other Drips Network participants; You should note that other participants on the Drips Network and/or third parties may be able to determine certain things about You through Your use of the Drips Network. Similarly, Your use of or interaction with the funding, sharing or streaming functions (as outlined and defined in the Disclaimer) in the Drips Network could lead other Drips Network participants to determine certain things about You through Your use of those functions. Neither Public Goods Association nor Better Internet Foundation collect this data from You nor process it in any way.
By using Drips Network and/or Drips App you acknowledge that Your personal data, including Your wallet address (and/or any third-party recipient’s wallet address), is/are stored on public searchable blockchains and neither Public Goods Association nor Better Internet Foundation, nor any third party, has any power to delete such data published by You or by its users to the blockchain. Any details of any transfer initiated and made by You are public information and are stored on the blockchain. You hereby release and indemnify Public Goods Association and/or Better Internet Foundation of any data privacy liabilities associated with personal data that You (and/or third parties) publish to the blockchain by using Drips Network and/ or Drips App. Neither Public Goods Association nor Better Internet Foundation is acting as a data controller in this regard within the meaning of the data protection legislation.
The Association, the Drips Websites, Drips App and/or any third-party provider as outlined below and Your personal data can become victims of cyber-attacks, cybercrime, brute force, hacker attacks and further fraudulent and malicious activity including but not limited to viruses, forgeries, malfunctions and interruptions which is out of the Association and/or the Radicle Foundation’s control and responsibility.
How Personal Data is Used
When browsing the Drips Websites:
If You go to the Drips Websites, the Association does not collect any of Your information and data as You browse. However, the Drips Websites are hosted by Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104 (“Netlify”), which does collect Your data (e.g., IP address, user agent, referrer, full URL with query string) and which uses cookies and log files to track user information. They use cookies to track which page variant a visitor/User has seen, to track if a visitor/User has clicked on a page variant, to monitor traffic patterns and to gauge popularity of service options. This information is used to deliver relevant content and services to You and other users. Generally, this data is stored by Netlify for 30 days. Furthermore, the Association has enabled Netlify Analytics, to better understand the Drips User community based on the User information Netlify collects about Websites visitors. This data is collected and processed by Netlify and is accessible for the last 30 days in an anonymized (dashboard of anonymized data) form only. For more information about the information collected, visit Netlify’s privacy policies here and here.
When downloading Drips:
When You download Drips source code, GitHub servers may collect and save information/data regarding the pages You view, the referring site, Your IP address and information/data about Your device, session information, the date and time of each request, and telemetry data (i.e., information about how a specific feature or service is performing) regarding Your use of other features, Your interaction with GitHub and functionality of GitHub's service. They use this information/data to provide, administer, analyze, manage, and operate their service. The Association does not collect, store, or process the information and/or data collected by GitHub. For more information about the information/data GitHub collects and how it uses this information/data, please visit GitHub’s privacy policies by GitHub Inc. 88 Colin P Kelly Jr St, San Francisco, CA 94107 United States and/or by GitHub B.V., Vijzelstraat 68-72, 1017 HL Amsterdam, The Netherlands. Regarding Your use of Drips Technology Stack, the Association does not process any of Your personal data (see above: Data in P2P and Blockchain Infrastructures).
When using the Drips Protocol and Drips App:
When You/a User sets up a token stream or transfer via the Drips Protocol (which can be done - but is not required - via the Drips App, app.drips.network), You/they will need to connect the token sender’s Ethereum address (likely Your/their own Ethereum address, i.e. Your/their public key). You/They will also need to indicate the Ethereum address that should be able to access and receive the sent tokens. This use of Ethereum addresses (public keys) is critical to ensure tokens streamed, shared, or transferred are accessed by the correct recipient. The use of Your Ethereum address - including via your interaction with the Drips Protocol - publishes data about your interaction to the Ethereum Network.
When using the Drips App, there are many ways for You to generate public data, including but not limited to: topping up funds; collecting funds; creating streams (transfers); editing or deleting streams; creating a Drip List; editing or transferring a Drip List; claiming a Project; and editing a Project. For example, when using the Drips App to create a token stream, the metadata a User gives the token stream or transfer - including the Ethereum addresses of the sender and recipient(s) You indicate, the name You give to the stream or transfer, the amount of tokens You transfer, and the time and frequency parameters You set for the token transfer - are published to and stored in the InterPlanetary File System (IPFS). Each piece of data stored in the IPFS network gets its own unique content identifier (CID), a hash of the metadata sent to IPFS, which is created by IPFS. The Drips App retrieves the CID of the published IPFS document (i.e. the User’s metadata), and then writes this CID on-chain (via the Drips Protocol) in association with the User’s Drips account. By design, details of any activity initiated and made by You via the Drips App are public information and are stored on the blockchain and anyone is able to download, access and view Your metadata (and any personal data embedded therein) stored in the IPFS if they have the CID.
For more information about the lifecycle of data and information in IPFS, please visit this site.
To use Drips App, You must use a third-party wallet (e.g., MetaMask, WalletConnect) which allows You to engage in transactions on the Ethereum Network. Your activities and interactions with any third-party wallet provider are within Your responsibility and are governed by the applicable terms of use and data privacy policy of that third party.
When a User generates public data via the Drips App, the User first sends the metadata of their Drips App interaction to the IPFS network (via Pinata) and their transaction data to the Ethereum Network, as described above, before the Drips App uses a custom server to read the transaction data from IPFS and Ethereum (via Pinata). The custom server is set up so that when there is a new transaction on the Ethereum Network - specifically, when there is an interaction with the Drips Protocol - the custom server is notified and creates a cache of this public transaction data on Ethereum and, if applicable, the metadata (stored on IPFS) associated with the CID listed as part of the Ethereum transaction. This transaction data on the custom server is then used by the Drips App to present the user with public data about the token streams, Drip Lists, Projects and other entities in the Drips Network. The custom server is similar to Etherscan’s indexing and presenting of Ethereum on-chain, public activity; the custom server enables the Drips App to bring together multiple public datasets to serve users with all Drips Network data in a quicker and more efficient way. This custom server is hosted on Railway Corporation (“Railway”). This means that the publicly published data created and provided by Drips Protocol users will be made accessible in another location, on a custom server hosted on Railway. The custom server’s code is open source: the code for the server’s Event Processor can be found here and the code for the GraphQL API can be found here.
By using Drips Network and/or Drips App You acknowledge that Your personal data, including Your wallet address (and/or any third-party recipient’s wallet address), is/are stored on the Ethereum Network and neither Public Goods Association nor Better Internet Foundation, nor any third party, has any power to delete such data published by You or other/its users to the blockchain. Any details of any transfer initiated and made by You are public information and are stored on the blockchain. You hereby release and indemnify Public Goods Association and/or Better Internet Foundation of any data privacy liabilities associated with personal data that You (and/or third parties) publish to the Ethereum Network by using Drips Network and/ or Drips App. Neither Public Goods Association nor Better Internet Foundation is acting as a data controller in this regard within the meaning of the data protection legislation.
How Third Party Applications are Used
The Drips Website and/or Drips App may contain third-party websites and/or third-party applications. If You use Drips Website and/or Drips App, personal data that You provide may be processed by third parties. Public Goods Association or Better Internet Foundation have no control over, do not review and cannot be responsible for these third-party websites, applications, or their content. It is encouraged that You read the privacy policies of every website and/or application You visit. Any links to third-party websites, applications or locations are for Your convenience and do not signify our endorsement of such third parties or their products, content, applications, or websites.
Netlify:
The Drips Websites are hosted by Netlify, which does collect personal data as You browse (e.g., IP address, user agent, referrer, full URL with query string) and which uses cookies and log files to track user information. They use cookies to track which page variant a visitor/User has seen, to track if a visitor/User has clicked on a page variant, to monitor traffic patterns and to gauge popularity of service options. This information is used to deliver relevant content and services to You/users. Generally, this data is stored by Netlify for 30 days. Furthermore, the Association has enabled Netlify Analytics (see above). For further information and the applicable data protection provisions of Netlify, visit their privacy policies here and here.
GitHub:
GitHub servers are used to store Drips source code (see above). For further information and the applicable data protection provisions of GitHub, visit this site.
InterPlanetary File System (IPFS):
IPFS is a third-party, decentralized, peer-to-peer, distributed file storage protocol. When You setup any sort of token “stream” or transfer using the Drips App [app.drips.network], the metadata (and any personal data embedded therein) You create for the token transfer - including the name You give to the stream or transfer, the Ethereum addresses of the sender and recipient(s) You indicate, the amount of tokens You transfer, and the time and frequency parameters You set for the token transfer - are published to and stored in the InterPlanetary File System (IPFS) by design. Once data is added and stored in the IPFS, it cannot be changed anymore (immutable). For further information and the applicable data privacy provisions of IPFS, visit this site.
Pinata Technologies, Inc. (Pinata):
When You setup any sort of token “stream” or transfer using the Drips App [app.drips.network], the metadata (and any personal data embedded therein) You create for the token transfer is published to IPFS via an IPFS node provided by Pinata Technologies, Inc., 3555 Farnam St. #905, Omaha, NE 68131 (“Pinata”). The Drips App accesses IPFS both for reading and writing metadata through an IPFS node provided by Pinata. They can use data for their own purposes. The Association has no control what happens with data and does not process this data. For further information and the applicable data privacy provisions of Pinata, visit this site.
Railway Corporation (Railway):
When You interact with the Drips Network to publish information, the data (and any personal data embedded therein) You create is published to Pinata, IPFS, Ethereum, and further indexed by a custom server hosted by Railway Corporation, 80 Rossi Avenue, San Francisco, CA 94118 (“Railway”). The Drips App accesses the custom server for reading Your public data from an IPFS node provided by Pinata and Your public data from the Ethereum Network. Railway can use this public data for their own purposes. The Association has no control over what happens with Your data and does not process this data. For further information and the applicable data privacy provisions of Railway, visit this site.
Links to Social Media:
The Drips Websites may link to social media profiles and may contain icons of social media providers (e.g., Twitter). Those services might collect personal data. If You are logged in with Your social media platform account, such data collected may even be assigned to Your account or profile. For further information on the purpose and scope of data collection and processing by the social media platform/provider, please review the privacy notices of these social media platforms/providers, where You will also receive further information about Your rights and about setting options for protecting your privacy. Please refer to their privacy policies for more information.
Storing Your Personal Data
The Association does not process or retain the metadata (and any personal data embedded therein) that the User creates when the User sets up a token transfer or stream in the Drips App; this metadata (and any personal data embedded therein) is sent to IPFS [see “How Third Party Applications are Used” under “IPFS” above] where it becomes an immutable stored object and then replicated on an Railway server.
By using Drips Network and/or Drips App You acknowledge that your personal data, including Your wallet address (and/or any third-party recipient’s wallet address), is/are stored on public searchable blockchains and neither Public Goods Association nor Better Internet Foundation, nor any third party, has any power to delete such data published by You or other/its users to the blockchain.
Transferring Data Outside the EU
Any metadata and personal data associated with interactions with or contributions made while using Drips Websites and/or Drips App (including Your Ethereum address and, potentially, any information that’s associated with Your Ethereum address) may be replicated by anybody, transferred to third parties and stored around the world as it is public by design (see “How Personal Data is Used”).
Furthermore, and as it is explained under “How Personal Data is Used” and “How Third Party Applications are Used”, when You choose to use Drips Websites and/or Drips App and/or any third party provider as outlined above, Your data may be processed by them in the European Economic Area (EEA), in countries outside the EEA and around the world, which includes countries that do not provide the same level of data protection as Switzerland or the EEA and are not recognized as providing an adequate level of data protection.
User Rights Under GDPR
The Public Goods Association takes user rights and privacy seriously - and this philosophy is built into each one of the projects it supports.
You have the right to assert Your claims in court or to file a complaint with the responsible data protection authority. Switzerland's competent data protection authority is the Federal Data Protection and Information Commissioner.
However, because the Drips Network is based on the Ethereum Protocol, a decentralized infrastructure, any tokens You send, receive, stream, or share using the Drips Network and any personal data made available to the public in this regard (see above: Data in P2P and Blockchain Infrastructures) cannot be (fully) enforced and such data published by You and/or its Users cannot be rectified nor deleted by anybody. This is because Ethereum Network is a decentralized network and it stores data committed to it around the world. You are solely responsible for any data that You share, publish or which You make accessible on or via Drips Network.
Contact
The Drips Websites are maintained on a voluntary basis by the Public Goods Association. The Association is based in Switzerland at c/o MJP Partners AG, Bahnhofstrasse 20, 6300 Zug. If You have any queries concerning the Drips Websites, other Drips communication channels, or Your rights under this Data & Privacy Policy, please contact ops@drips.network.