Data & Privacy Policy
Last edited: 07 March 2023
Radicle websites (including *.drips.network) are maintained on a voluntary basis by the Radicle Foundation (the “Foundation”). The Foundation is a Swiss foundation whose purpose is to support the development of resilient and humane software infrastructures. The Foundation is committed to supporting projects and people that develop non-extractive peer-to-peer technologies that promote internet freedom, including, among others, the Radicle project. While the Foundation previously assisted in the development and deployment of the Radicle Network, the Foundation does not own, manage, or control or act as an administrator of the Radicle Network. The Radicle Network presently operates in a fully decentralized and autonomous manner and has an opt-in Ethereum protocol integration. The Foundation is neither involved in nor in any way responsible for the ongoing operation, running, or functioning of the Radicle Network and/or any of the interactions, collaborations or contractual relationships between Users on the Radicle Network.
The Foundation voluntarily supports the growth and development of the Radicle project, including
the Radicle Network (further defined in the
This policy applies to all of the Foundation’s data processing activities where it acts as a data controller. In this policy, "Foundation" refers to Radicle Foundation, a foundation incorporated in Switzerland with its registered address at Suurstoffi 37, 6343 Rotkreuz. For more information about the Foundation, see the Imprint or the “Contact” section of this policy.
The Foundation may make changes to this policy every so often. When changed, the Foundation will change the “Last edited” date at the top of the page. You are encouraged to review this policy regularly in order to stay informed about the Foundation’s information practices. If you do not agree to the revised policy, do not use, access, or interact with the Radicle Network, the Radicle Technology Stack, the Radicle websites, and any other Radicle communication outlet (and unsubscribe where applicable).
Data in P2P and Blockchain Infrastructures
While you could use Radicle software to privately edit your own code on your computer, without sharing to the Radicle Network, all code that you publish to the Radicle Network is to be considered public. Because any contribution on the Radicle Network is linked to a public key, all contributions can be verified as coming from a public key. If your public key is linked to personally identifiable information, like your git username or email, this information will also be publicly accessible.
Data is disseminated through the Radicle Network via a process called gossip. That is, participants in the Radicle Network share and spread data they are "interested" in by keeping redundant copies locally and sharing deltas with peers. In the Radicle Network, data is replicated across connected code repositories according to a “social graph” of contributors and maintainers, enabling source code and changesets to be disseminated according to use and value: the more peers who are interested in a certain project, the more available this project is made to the Radicle Network.
It’s important to understand that any information you publish onto the Radicle Network is public by design. Because of the way gossip works, once you contribute to code on or share a repository with the
Radicle Network, any information that is held in git (potentially your name, email, or public key)
will be exposed. It is not possible to remove, revoke or rectify this information from the Radicle
Network. This is because the Radicle Network is a decentralized (public) peer-to-peer network (not
operated by us) which stores data committed to it around the world. Your use of a client and
interaction with Radicle Network will lead you to interact with other Radicle Network
participants; you should note that other participants on the Radicle Network may be able to
determine certain things about you through your use of the Radicle Network. Similarly, your use of
or interaction with the Funding Functions (as defined in the
How Personal Data is Used
When subscribing to the Radicle newsletter:
When you subscribe to the Radicle newsletter, the Foundation collects personal data via its newsletter service provider MailChimp. This data may include:
- your email address
- the date and time of registration
- your IP address
- your browser type
- your language
- the preferred email format
This data is collected and processed for the purpose of subscribing you to and sending you Radicle’s newsletter (via radicle.xyz) with updates on the project’s development as well as ensuring the security and reliability of the newsletter service.
The legal basis for this processing is your consent as provided in the double opt-in confirmation part of the Radicle newsletter sign-up process. This data will be stored as long as the Foundation has your consent to send you a newsletter. If you wish to unsubscribe from the Radicle newsletter, you can do so by clicking on the link at the end of each newsletter or by sending the Foundation an email. You can read more about MailChimp’s data access as well as their legitimate interests in and purposes for collecting this data here.
When receiving the Radicle newsletter:
If you have subscribed to the Radicle newsletter, each time you receive and open a newsletter, a third-party service provider MailChimp collects data, including:
- your email address
- the date and time you opened the email
- your location, as indicated by your IP address
This data is collected and processed by the Foundation for the purpose of ensuring the security and reliability of the newsletter service as well as the Foundation’s legitimate interest in the effectiveness of and general user interest in the Radicle newsletter. Because the Radicle newsletter service is hosted by MailChimp, you can view more information about the data they collect and their legitimate interests in and purposes for collecting this data here.
When browsing the radicle.xyz website:
If you go to the radicle.xyz website, the Foundation does not collect any of your information as you browse. However, the Radicle website is hosted by Netlify, which collects access logs (including the IP addresses) radicle.xyz visitors. This is stored for less than 30 days. For more information about the information collected, visit Netlify’s privacy policies here and here.
When browsing the drips.network and app.drips.network websites:
If you go to the drips.network and app.drips.network websites, the Foundation does not collect any of your information as you browse. However, these websites are hosted by Netlify, which collects access logs (including the IP addresses) drips.network and app.drips.network visitors. This is stored for less than 30 days. These websites have also enabled Netlify Analytics to collect page hits. For more information about the information collected, visit Netlify’s privacy policies here and here.
When downloading Radicle:
When you download Radicle binary files, Github servers may collect and save information regarding the pages you view, the referring site, your IP address and information about your device, session information, the date and time of each request, and telemetry data (i.e., information about how a specific feature or service is performing) regarding your use of other features and functionality of Github's service. They use this information to provide, administer, analyze, manage, and operate their service. The Foundation does not collect, store, or process the information collected by Github. For more information about the information Github collects and how it uses this information, please visit Github’s privacy policies. Regarding your use of Radicle Technology Stack, the Foundation does not process any of your personal data (see above: Data in P2P and Blockchain Infrastructures).
When you join the Radicle Matrix server:
If you want to join Radicle’s Matrix server to chat with the Radicle community, you will need to join it via a client. You have the option of creating a Matrix account on Radicle's server, hosted by Ungleich; if you do, the Foundation, via Ungleich, collects your user name, display name, email address (if you provided one to the client), and your IP address each time you access the Radicle Matrix server. When you join a chat room on the Radicle Matrix server, whether you have an account on Radicle’s server or not, the Foundation will collect your user name and display name. This information is collected in order to deliver the chat service and enable its features, as well as ensure the security and reliability of the service.
When you contribute to the Radicle Matrix server:
Once you’ve joined Radicle’s Matrix server, you can participate in the public chat room by contributing messages and files. When you contribute to Radicle’s Matrix server, everyone who has joined the room will collect: your username, display name, message content, message files, and message date/time. When you communicate directly with another user via a private room, the user will collect: your username, display name, message content, message files, and message date/time. This information, collected in public chat rooms or in private rooms, is stored on Radicle’s Matrix homeserver, which is hosted by Ungleich.
This data is collected and processed by Ungleich for the purpose of delivering the chat service and features, as well as ensuring the security and reliability of the chat service. You can view more information about how they handle this data here. If you wish to leave the Radicle Matrix server and delete all the data that was contributed by you, you can do so by sending the Foundation an email (ops@radicle.foundation).
How Third Party Applications are Used
MailChimp:
The Foundation uses MailChimp (based in the United States) to collect subscriber emails and to send out the Radicle newsletter to subscribers. The Foundation hereby informs you and you hereby acknowledge that the United States, in the view of the European Commission, does not ensure an adequate level of protection of personal data and that the personal data can be transferred to the recipients in the United States without any further safeguards; furthermore, during the newsletter signup process, the user consents to this transfer of personal data and confirms their understanding of the possible risks of such a transfer via the double opt-in confirmation part of the newsletter signup process. MailChimp’s privacy policy can be found here.
Netlify:
The Radicle websites are hosted by Netlify. User personal information from visitors to the Radicle websites, including logs of visitor IP addresses, may be collected by Netlify to comply with legal obligations, and to maintain the security and integrity of the Website and the Service. For further information and the applicable data protection provisions of Netlify, visit their privacy policies here and here.
Github:
The Foundation uses Github servers to store Radicle binary files. For further information and the applicable data protection provisions of Github, visit this site.
Matrix:
The Foundation has set up an instance of Matrix, a chat protocol, which enables users to securely publish and subscribe to data. The Matrix Network is a decentralised and openly federated communication network. This means that a user's messages are stored on both the homeserver where they have their account and the Radicle Matrix homeserver, which hosts the Radicle community chat room where the user makes their contributions. For more information about how Matrix works, you can read their privacy policy here.
Ungleich:
The Foundation uses Ungleich to host an instance of Matrix and Radicle’s Matrix homeserver. A username and display name is collected to give a user access to the chat room on Radicle’s Matrix homeserver, then all contributions by the user to the Radicle chat room are stored on Radicle’s homeserver. Optionally, a user can create a Matrix account on Radicle’s homeserver, in which case Ungleich may store an email for the purpose of recovering their password as well as the user’s IP address. Radicl’s Matrix homeserver is hosted in Ungleich’s own datacenter in Switzerland. For further information about how Ungleich handles security and privacy concerns, visit this site.
Links to Social Media:
On the Radicle websites, there are links to social media profiles. Those services might also collect personal data. Please refer to their privacy policies for more information.
Storing Your Personal Data
The Foundation retains your information only for as long as is necessary for the purposes for which it processes the information as set out in this policy. However, the Foundation may retain your personal data for a longer period of time where such retention is necessary for compliance with a legal obligation to which the Foundation is subject, or in order to protect your vital interests or the vital interests of another natural person.
Transferring Data Outside the EU
The Radicle newsletter subscription function is realized with the help of MailChimp, which is based in the United States (see above).
Furthermore, any metadata associated with contributions made while using Radicle (including your git username and, potentially, your email address if it’s associated with your git username) may be replicated and stored around the world.
User Rights Under GDPR
The Radicle Foundation takes user rights and privacy seriously - and this philosophy is built into each one of the projects it supports. The Foundation has limited the data collected to the absolute minimum it needs to enable the projects to work for the user.
MailChimp makes the assurance that they take the appropriate security measures to prevent access to the Radicle newsletter subscriber list for any purpose other than the purpose of using it to inform supporters of Radicle’s progress. Furthermore, as a Radicle newsletter subscriber and a contributor to the Radicle Community Matrix, you have the right to information, correction, limitation of data processing, deletion of personal data, objection, revocation of the declaration of consent under data protection law for the future and data transferability within the framework of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR). Please note that while the Foundation can delete your data from the Radicle Matrix homeserver, this does not apply to the data on Matrix servers run by others, including, potentially, the homeserver where you have your Matrix account.
In addition, you have the right to assert your claims in court or to file a complaint with the responsible data protection authority. Switzerland's competent data protection authority is the Federal Data Protection and Information Commissioner.
However, because of the Radicle Network’s peer-to-peer, gossip-based code collaboration infrastructure, the deletion or editing of any contributions you make to your or other repositories on the Radicle Network and any personal data made available to the public in this regard (see above: Data in P2P and Blockchain Infrastructures) cannot be (fully) enforced. This is because Radicle Network is a decentralized network and it stores data committed to it around the world. The Foundation can only ensure your rights regarding data for which the Foundation qualifies as a controller (data processed by the Radicle Foundation – see above: How Personal Data is Used).
Contact
The Radicle websites are maintained on a voluntary basis by the Radicle Foundation. The Foundation is registered in the canton of Zug, Switzerland, under the commercial register number CHE405.696.942 [CHE-405.696.942 MWST]. The Foundation’s registered office is located at:
Suurstoffi 37
6343 Rotkreuz
Switzerland
If you have any queries concerning the Radicle websites, other Radicle communication channels, or your rights under this Privacy Policy, please contact ops@radicle.foundation.