Privacy Policy (2018-05-29)

User privacy is one of the primary goals of DivestOS. Detailed below is everything you need to know about how your data is handled.

A note on the GDPR: For the time being we are sadly not 100% GDPR compliant. We are not lawyers but we are pretty sure the only thing we need to do is not log the last two (or four) octets of IP addresses. There are currently no maintained Apache modules that accomplish this, but we are confident that by release there will be. Once that is in place the overall privacy situation for all users will be dramatically improved and we will also be (hopefully) compliant with the GDPR as well.

What data we (Divested Computing Group) collect

  • Website
    • What is received: Cookies (detailed below), Page Visited, Referring Page, User Agent, and IP Address
    • Cookies
      • PHPSESSID - Set by the server to maintain variables such as CSRF tokens
    • How often: On every page visit
    • Why it is received: Used to serve the web pages to users
    • When it will be deleted: When the web server log files are rotated/deleted
    • What else will it be used for: Nothing else
    • How to anonymize: Visit the site using the Tor Browser
  • ROM
    • The ROM does not contain any analytics and any requests are used only for supporting it
  • ROM: Updater
    • What is received: Device Model, Incremental Build ID, Default User Agent, IP Address
    • How often: On every boot and also once per day
    • Why it is received: Used to serve system updates
    • When it will be deleted: When the web server log files are rotated/deleted
    • What else will it be used for: Will be occasionally used to determine how many users we have and what percent are up-to-date or not
    • How to anonymize: Install Orbot and enable 'Perform requests over Tor'
    • How to disable: Disable 'Auto updates check'
    • Settings can be accessed via Settings > About > DivestOS updates > 3dot > Preferences
  • ROM: DivestOS F-Droid Repos
    • What is received: Repo Index Requests/App APK Requests/App Icon Requests, F-Droid Version, IP Address
    • How often: Once per day
    • Why it is received: Used to serve apps and their updates
    • When it will be deleted: When the web server log files are rotated/deleted
    • What else will it be used for: Nothing else
    • How to anonymize: Install Orbot and enable 'Use Tor' in F-Droid > Settings
    • How to reduce: Decrease the 'Automatic update interval' in F-Droid > Settings
    • How to disable: Disable the 'DivestOS' repos in F-Droid > Settings > Repositories
  • App: Hypatia
    • What is received: Signature Database Requests, IP Address
    • How often: Manually
    • Why it is received: Used to serve signature databases
    • When it will be deleted: When the web server log files are rotated/deleted
    • What else will it be used for: Nothing else
    • How to anonymize: Install Orbot and enable 'Download over Tor'

What data third parties collect

Third parties are used to support specific features and apps

  • ROM: Captive Portal Check
    • Who: Google
    • Description: Used to determine if there is a captive portal
    • What they receive: Static User Agent, IP Address
    • How often: On every Wi-Fi and cell connection
    • How to disable: Settings > Network > Data usage > Disable Captive Portal
    • How to disable: $ adb shell settings put global captive_portal_mode 0;
    • Privacy Policy: Google Privacy Policy
  • ROM: F-Droid Official Repo
    • Who: F-Droid
    • What they receive: Repo Index Requests/App APK Requests/App Icon Requests, F-Droid Version, IP Address
    • How often: Once per day
    • Why they receive: Used to serve apps and their updates
    • How to anonymize: Install Orbot and enable 'Use Tor' in F-Droid > Settings
    • How to reduce: Decrease the 'Automatic update interval' in F-Droid > Settings
    • How to disable: Disable the 'F-Droid' repos in F-Droid > Settings > Repositories
    • Privacy Policy: F-Droid Security Information