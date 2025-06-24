You are Here
---
v2: rollback the premature removal of compliance with US law

Will defer this until we finish shutting down the US business entity
entirely.

 privacy.md | 70 +++++++++++++++++++++++-------------------------------
 terms.md   | 68 ++++++++++++++++++++++++++++------------------------
 2 files changed, 67 insertions(+), 71 deletions(-)

diff --git a/privacy.md b/privacy.md
index ab96a1f..ed6eb5c 100644
--- a/privacy.md
+++ b/privacy.md
@@ -1,13 +1,5 @@
---
title: Privacy policy
# TODO:
# - Clarify that we don't store any information about logged-out users, except
#   for their IP address.
# - Improve wording of details about short-lived session cookies.
# - Improve presentation of bcrypt process.
# - Mention information stored from email headers.
# - Clarify s/web browser/client/g
# These changes are batched to reduce the noise upon notifying users.
---

(sr.ht-support): mailto:~sircmpwn/sr.ht-support@lists.sr.ht
@@ -24,7 +16,7 @@ without a computationally expensive process. However, given your password, we
can determine that it matches our stored key without expensive processing.  The
purpose of this step is to ensure that should our database become compromised,
your original password will be difficult to recover. Regardless, you are
strongly encouraged to use a unique password for your sr.ht account.
strongly encouraged to use a unique password for your SourceHut account.

You may choose to give us additional information, which is shown publicly on
the site. This includes:
@@ -33,7 +25,10 @@ the site. This includes:
- A URL to any website
- A short biography

You may omit or provide fictitious data for this information.
You may omit or provide fictitious data for this information. The location shown
on your profile is collected separately from your billing address, and may
differ. (*You may set your public location to "The Internet", for example,
despite providing an accurate billing address*).

You may be required to provide the following information in order to
successfully operate some parts of the service, some of which may be used to
@@ -45,18 +40,18 @@ uniquely identify you:

You may delete this information at any time by visiting your (account
details)( If you provide a PGP key, you may choose to have
email communications from sr.ht encrypted before being sent to you.
email communications from SourceHut encrypted before being sent to you.

We also obtain some information from your web browser as you use our services
We also obtain some information from your client as you use our services
and store it for up to 30 days:

- Your IP address
- When you accessed the site
- What you did on the site

This information is available to you as an (audit
Some of this information is available to you as an (audit
log)( You are not able to delete this information.
The purpose of this data collection is to inform both you and sr.ht of any
The purpose of this data collection is to inform both you and SourceHut of any
unknown activity on your account. If we permitted deletion of this information,
someone who obtains unauthorized access to your account would be able to delete
it, too.
@@ -67,54 +62,49 @@ give us, including (but not limited to):
- repositories on git.sr.ht
- tickets on todo.sr.ht
- build logs and secrets on builds.sr.ht

To faciliate automated access to your account for third-party service or your
personal use, we also generate and store API keys which can be used to authorize
use of your account. A portion of these keys are stored in plaintext — not
enough to gain access to your account, but enough for us to quickly look up your
account details given the key. The full key is stored only after processing with
bcrypt, similar to the process used for your password.
- email headers sent to lists.sr.ht

If you choose to use our paid services, we will store a token which is used to
bill your payment method. Information like your credit card number cannot be
recovered from this token.
recovered from this token. We will also retain a copy of your billing records
(e.g. invoices) for up to 7 years, even if you delete your account, in
compliance with European law.

We also use cookies to store long-lived authorization data, to remember that
you're logged into your account between visits without prompting you for your
password again. We also use cookies to store short-lived information, like the
fact that we have to tell you on the next page you load that we completed some
operation successfully for you.
password again, and to store short-lived information, for example when
filling out a form which requires several pages to complete.

## How we share your information with third-parties

Aside from information you choose to make public in the course of your use of
sr.ht and information you explicitly choose to share with specific
SourceHut and information you explicitly choose to share with specific
third parties, none of your information is shared with third parties. We do not
embed third-party content in our website, with one exception: on the billing
page, we embed a script from (Stripe)( This measure is taken
to improve your privacy and allows us to avoid directly handling your credit
card information.
embed third-party content in our website. This measure is taken to improve your
privacy and allows us to avoid directly handling your credit card information.

We permit user-generated content to include images from and links to third-party
sites. On pages displaying this content, information may be sent to these
third-parties. This information includes:

- Your IP address
- Information about your web browser, such as whether you use Firefox or Chrome
- The URL on sr.ht you visited when you saw this content
- Information about your client, such as whether you use Firefox or Chrome
- The URL on SourceHut you visited when you saw this content

We are not responsible for any additional information your web browser may send
to these third parties.
We are not responsible for any additional information your client may send to
these third parties.

If you use any of our paid services, we will transmit your payment information
to a third-party payment processor. You will be notified of this before the
information is transmitted, and given an opportunity to prevent its
to a third-party payment processor, (Stripe). You will be notified of this
before the information is transmitted, and given an opportunity to prevent its
transmission. We will be unable to provide you with paid services if you decline
to transmit this information.

We may also be required to remit your data upon receiving an order from a court
of the United States. If permitted by the order, you will be notified if this
happens.
(Stripe): 

We may also be required to remit your data upon receiving a lawful order from an
applicable court with jurisdiction over SourceHut. If permitted by the order,
you will be notified if this happens.

## How to access and control the information we've collected

@@ -123,7 +113,7 @@ archive of the information we've collected about you, or to request that we
remove any information we've collected about you. 

You may also reach out to our data protection officer directly: Drew DeVault
<sir@cmpwn.com>.
<drew@ddevault.org>.

## Changes to this document

diff --git a/terms.md b/terms.md
index f781d94..0704ab0 100644
--- a/terms.md
+++ b/terms.md
@@ -1,33 +1,9 @@
---
title: Terms of Service
---
<!--

Pending changes:

# Automated use of our services

You may use automated tools to access SourceHut data in bulk (i.e. crawlers,
robots, spiders, etc) provided that:

1. You obey the rules set forth in robots.txt
2. Your software uses a User-Agent header which clearly identifies your
   software and its operators, including your contact information
3. You request data from SourceHut at a rate which does not adversely affect
   the performance of the services for normal users

You may *only* collect this data for one or more of the following purposes:

- Search engine indexing
- Open-access research
- Data archival

You may not use automated tools to collect SourceHut data for solicitation,
profit, or the training of a machine learning model.

--->

These are the terms of service for sr.ht; please read them before using sr.ht.
These are the terms of service for SourceHut; please read them before using our
services.

If you have any questions, please reach out to (sr.ht-support) via email.

@@ -48,9 +24,9 @@ This is for quick reference only, binding terms follow.
## Definitions

The "services" are any software, application, product, or service provided by
sr.ht. Collectively they are also referred to as the "network".
SourceHut. Collectively they are also referred to as the "network".

"sr.ht", "we", and "us" refers to sr.ht and its authorized agents.
"SourceHut", "we", and "us" refers to SourceHut and its authorized agents.

The "user", "you", and "your" refers to any individual or organization which
accesses our services.
@@ -80,9 +56,10 @@ this address. If we are unable to reach you, your account may be terminated.

## Permissible use

You must obey all local, US, and Dutch laws in the course of using the service.
You will not utilize the service to transmit or store content which is unlawful.
The following additional types of content are explicitly prohibited:
You must obey all local, US, European, and Dutch laws and regulations in the
course of using the service. You will not utilize the service to transmit or
store content which is unlawful. The following additional types of content are
explicitly prohibited:

- explicit sexual content
- malware in executable form; or in source form without obvious disclaimers
@@ -105,6 +82,26 @@ You may use automated tools to obtain public information from the services for
the purposes of archival or open-access research. You may not use this data for
recruiting, solicitation, or profit.

# Automated use of our services

You may use automated tools to access SourceHut data in bulk (i.e. crawlers,
robots, spiders, etc) provided that:

1. You obey the rules set forth in robots.txt
2. Your software uses a User-Agent header which clearly identifies your
   software and its operators, including your contact information
3. You request data from SourceHut at a rate which does not adversely affect
   the performance of the services for normal users

You may *only* collect this data for one or more of the following purposes:

- Search engine indexing
- Open-access research
- Data archival

You may not use automated tools to collect SourceHut data for solicitation,
profit, or the training of a machine learning model.

## Content rights

When uploading content to SourceHut, you must have the right to do so. You grant
@@ -165,3 +162,12 @@ reduced price at the start of the next billing term.

We may make changes to these terms with no less than 2 weeks notice. Notice of
changes to these terms will be sent to the email on file for your account.

---

SourceHut
Postbus 3068
1620GB Hoorn
Netherlands
KVK nummer: 84165251
BTW nummer: NL003921490B16
-- 
2.50.0

The business details at the bottom of terms.md will be appear on a
single line when converted to HTML per the CommonMark spec.

(See this demo)(0).

(0):

Source link

