Privacy policy

The purpose of this privacy policy is to inform you of which data we process and store when you visit our website or use our service. This includes details on our use of cookies.

Read the following sections to learn about:

Last revised on April 5, 2016. The latest version of this privacy policy can be obtained at https://www.activityinfo.org/about/privacy-policy.html.

Definitions

This privacy policy uses the following terms:

Which data we store and why

When you visit the website without signing into the platform, we store data in your browser and on our servers. This section details which data we store and why we store this data.

We use cookies to track your usage of the website and the platform, see the "Cookies" section below for more details on which cookies we use.

When you sign into the platform, we store data which you provide to us. This includes the following information:

  1. your email address which we use for the following purposes:
    • to send you an activation email message to confirm that you have entered an existing email address to which you have access,
    • to identify your account and to check if you have provided the correct password to log in,
    • to send you a password reset email message in case you have forgotten your password or if you have elected to change your password,
    • to send you daily and weekly digest email messages in case you have elected to receive these,
    • to access your account in case you have requested us to support you,
    • to identify your account in our server logs which we use to monitor latency and errors in the platform.
  2. your name which is displayed to other users next to the databases you own and reports you share. Your name also appears in the digest email messages which are sent to the owner(s) of the database(s) in which you have entered or edited data.
  3. the data which you create on the platform which includes, but is not limited to, forms with indicators and attributes, quantitative and narrative data entered into the forms and locations.

Where we store your data

The platform runs on infrastructure provided as part of the Google Cloud Platform. This infrastructure, which includes servers, databases and file storage, is supported by data center locations around the world. We have opted to process and store your data exclusively on Google’s data centers located within the European Union. See https://www.google.com/about/datacenters/inside/locations/ for a full list of data center locations.

Some data is stored in the browser which you use to access the service. This includes cookies (see the section on Cookies below) and application data. The latter includes our use of the “application cache” and the “Web SQL Database” in your browser. The use of this storage allows you to use the application in areas with poor or no internet connectivity.

How we protect your data

In general we observe and test against the guidelines provided by the Open Web Application Security Project (OWASP). A full list of guidelines for a variety of topics related to security can be found at https://www.owasp.org/index.php/Cheat_Sheets.

The following sections provide more detail on specific topics such as data security, privacy and authentication.

Data processing and storage

We have chosen the Google Cloud Platform because it is extremely secure and fault-tolerant. We are confident that this infrastructure provides you with the best possible security for your data. Full details on the Google Cloud Platform security and its certifications can be found at https://cloud.google.com/security/.

Traffic between client and server

When you are logged into the platform, all data sent between the client (your browser) and our servers is encrypted using the TLS 1.2 protocol with the SHA-256 hashing function.

User authentication

Users are authenticated using their email address and a password. Passwords are chosen by users and must be at least six characters. Passwords are stored salted and hashed using the BCrypt algorithm. No passwords are stored in plain text and we require that all authenticated traffic use HTTPS. Users may reset their password by providing their email address, through which they will receive an email with a token allowing them to choose a new password within 24 hours.

Cookies

When you visit the website you consent to us placing cookies in your browser. We keep the number of cookies which we store to an absolute minimum and we do not store third-party cookies.

Google Analytics

We use Google Analytics to track the number of visitors to the website and the platform. We use this information to understand how the website and the platform are used with the goal to improve its usability and performance.

Google Analytics stores two cookies in your browser to identify you as a unique visitor to the website. This information is non-personal and we have opted to anonymize your IP address before it is stored by Google. The data which is obtained from your visits to our website and platform are not used by Google for any other purpose other than generating visitor reports for us. We also do not use any of the advertising features of Google Analytics therefore no data is shared with any third party.

ActivityInfo session cookies

When you log into the platform, we store three cookies in your browser to record details about your session in the browser. We do this so you do not have to log in again whenever you navigate to another page in the platform or open a page in a new tab within the same browser session. These cookies are therefore essential for the functioning of the platform.