Lolibrary Privacy Policy

Version: v1.1.0

Last Updated: 2018-06-02

1. Data We Require

We (Lolibrary Inc) only collect the absolute minimum information required for Lolibrary to operate.

You are not required to sign up to use the majority of the website. Sign-up is required to access personalised sections of the website, e.g.:

• Your favourite/saved items (“closet” and “wishlist” functions)
• Your saved searches
• Your profile

Our legal basis for collecting Personal Data is that it is necessary for providing our Services (namely, the services above, on websites/apps).

1.1. Data We Collect

The data we collect (if you submit it to us) is limited to the following:

• Your email address, to create an account and allow password resetting, account recovery, and other functions tied to your email that you can explicitly request.
• A username; an identifier of your choosing to identify your contributions to other users of the website or app.
• A password, used to securely log you in. This is protected using the industry-standard bcrypt hashing algorithm (and may change in future to keep up with standards, e.g. to PBKDF2 or Argon2).
• A name, which the website or app will use to refer to you.

1.2. Data Sharing

All data given to us here is used exclusively for the operation of the website and is not passed onto third parties for marketing purposes. If we allow ads on Lolibrary in future, we will not pass this information onto third-party ad partners.

1.3. Data Processed Without Logins

We process data across Lolibrary, such as search queries submitted, and general stats to see how Lolibrary is performing. No personal data is collected in this process, and search queries are stored completely anonymised and not tracable to any specific person or persons.

2. Data Sub-processors

We use the following subprocessors at Lolibrary:

• Sentry - https://sentry.io/
  • Used in the event of an error when using the website, or an app.
  • Cannot opt out, though all details sent to Sentry are anonymized.
  • Privacy Policy
• Google Cloud Platform - https://cloud.google.com
  • Used to provide our hosting platform and most services.
  • Cannot opt-out; essential to providing our services.
  • Privacy Policy
• Cloudflare - https://cloudflare.com
  • Used to provide network connectivity to our Google Cloud Platform services.
  • Cannot opt out; access to the website depends on this entirely.
  • Privacy Policy
• Postmark (by Wildbit, LLC) - https://postmarkapp.com
  • Used to provide transactional email services
  • You can opt out by not creating an account; when you create an account we will pass your data to Postmark in order to verify you own the email address given.
  • Privacy Policy

2.1. Analytics and Tracking

We do not currently use any third-party tracking or analytics providers.

3. Data Security

All of the personal information you submit to Lolibrary is held within a managed database in Google Cloud Platform, using Google Cloud SQL.

You can learn more about Google Cloud’s security here, and Google Cloud Platform have regular audits for the security of their infrastructure.

Access to data is only possible from within our main application cluster, which requires cryptographic controls (SSH keys, as well as authorization) to access, and all access to data is logged.

3. Cookies set by Lolibrary

If you browse from a website, a session cookie is set, even if not logged in. This is used to prevent cross-site request forgery (e.g. another website forcing your browser to do an action such as registering for the site without your consent).

You can block cookies in your browser to prevent these from being saved on your computer, but you will no longer be able to submit the registration form on the website, or log in.

No personal information is transmitted in cookies, either through identifiers or contents, and cookies generated by Lolibrary are asymmetrically encrypted.

3.1. Cookies set by third-parties

Cloudflare (Cookie Policy) sets cookies according to its cookie policy.

Certain cookies set by Cloudflare cannot be blocked or opted out of, as they provide essential functions of our website (such as malware blocking, or DDoS prevention), and you may be unable to access Lolibrary as a result.

Google reCAPTCHA (Privacy Policy) sets cookies on pages with certain forms around the site in order to help prevent automated signups and spam. You will need to accept these cookies in order to use registration forms. A consent notice will be provided on forms which use reCAPTCHA.

4. Data Controller

Lolibrary processes data as both a Processor and a Data Controller as defined in the GDPR.

You can contact us at support@lolibrary.org.

5. Access To Information

You have the right to access any information we hold on you. You can do this by contacting us at support@lolibrary.org.

We may ask you for additional information in order to verify your identity when sending a request.

We will fulfil your request electronically (via email). If you’d like us to encrypt the copy of your data we send you, please request this or provide us with a public key.

6. Right to Erasure

You have the right to have all of your personal data removed from our systems on your request.

If you’d like to do this, please delete your account from your profile page while logged in.

If you’d like to make a formal request under the GDPR for us to remove all data on you, we’ll delete your account for you, provided you’ve verified your identity. Deleting your account is permanent, and will delete all resources associated with your user account.

6.1. Existing Entries

Some users of the site are able to upload and submit items (searchable items of apparel) to Lolibrary; these submitted items do not consititute Personal Data and will not be removed when an account is deleted or when we receive a right to erasure notice.

Under our terms of service, these submitted items are public domain or an archive of third-party information in the public interest.

Any such items will no longer display your username next to them after your account is deleted. Instead they will show “Anonymous” (or similar) as their author.

7. Right to Correct

You can edit/correct all of your personal data from within your profile page while logged into the site.

To change your email address, we’ll require you to verify that you control the new email address once changed, by sending it a verification link to click.

8. Data Processing Outside of the EU

Lolibrary’s servers are located outside of the EU (in the USA).

We ensure that all of our infrastructure providers and data subprocessors comply with the US-EU Privacy Shield Framework to allow safe transfer and storage of Personal Data.

9. Communication

We will use your email address to send you emails relating to your account that you’ve explicitly requested (Transactional Email).

Examples of Transactional Email are:

• Password Reset Emails
• Donation Receipt Emails
• Account Verification Emails (to add/modify your email, so we can verify it’s yours)

We only pass your data to our email service providers in order to send you email.

9.1 Marketing

We will only use your email (if provided) for marketing purposes with your explicit consent; we’ll provide privacy notices where you can give consent to this, and not opting in will have no impact on your ability to use our website/apps.

We will not share your email address with people outside of our data processors list, nor sell it to third-parties.

10. Notices of Updates

You can find previous versions of this policy, and all of our other policies, at https://github.com/lolibrary/legal