Citrahold Privacy Policy

This is the Citrahold Privacy Policy, originally obtained from the Front End Citrahold Webserver (https://www.citrahold.com/)

This document was first drafted 14 November 2023, and was last updated 16 November 2023.

It should be noted that Citrahold is a hobby project, and this website is run solely by myself, Jamie Adams (regimensocial).

Any updates to this privacy policy will be communicated to you via your email. You will automatically be made obviously aware if there are any updates, and you will have to reconsent to the updated policy. If this occurs, you will be able to reconsent through an email or on the website.

Contact details

Name: Jamie Adams (regimensocial)

Email: jamie@regimen.social

The type of personal information we collect

We currently collect and process the following information:

Email addresses
IP addresses
Hashed passwords (encrypted passwords, explained below)
Network request logs

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

For vital website functionality.

We also receive personal information indirectly, from the following sources in the following scenarios:

We may also log network requests along with IP addresses and identifying cookies.

We use the information that you have given us to keep the website more secure and stable, by blocking out unwanted and malicious traffic.

This information is not shared with anyone. No third parties will ever see it, it is entirely kept private on the server.

You have complete control over your data and can have it removed at any time by deleting your account or sending a deletion request via email.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting Jamie Adams (details on front of document). Additionally, all your data can be automatically deleted if you desire to do so.

How we store your personal information

Your information is securely stored on a Virtual Private Server (hosted by OVH in South London, United Kingdom).

All passwords are hashed, meaning that they have gone through a complex encryption algorithm which allows us to store a hash (encrypted string) instead of your actual password.

This means passwords are not visible raw, and if, in the severely unlikely case, were we to have a data leak, your password would be entirely kept private; we do not store it.

We keep your information for as long as your account is open. We will then dispose your information by simply deleting it from a database, over a secured connection. This happens the moment you confirm the deletion of your account.

Our central server is also kept secure, it can only be accessed with encrypted keys over Secure Shell, a server access protocol.

We keep your most recent IP address for as long as your account is open. We will then dispose your information in the same way that we dispose of your email.

Additionally, the only way of communicating with our server is through HyperText Transfer Protocol Secured (HTTPS), meaning that all data packets (to AND fro) are encrypted. No unauthorised parties will have any opportunity to view your data.

All communication is done through HTTPS, even on the 3DS, we use the most recent versions of libraries to support the latest, most secure protocols.

Please note that all software, and website technology, you use, can be inspected as it is Open Source. All repositories can be found on my GitHub account https://github.com/regimensocial.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you, but you should likely receive a response within 72 hours.

Please contact us at jamie@regimen.social if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at jamie@regimen.social.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113