It’d be nice to (eventually!) see a link laying out a privacy policy for the instance, something like: https://newsie.social/privacy-policy
I’d especially be interested to know how long you associate the IP addresses we visit from with our accounts, who can see that info (and our emails), what other PII you store, and how long deleted posts/accounts are stored for.
(Totally get and very much appreciate that smorks &co have a lot on their plates just getting this place off the ground, not trying to demand additional work, just a suggestion. Seems like it’d take some thinking to balance with eg. a good backup regimen.)
Thanks @smorks; you’re doing an awesome job! One thing not covered yet is your backup policy; it’s possible that items would get backed up before they were deleted.
Personally for my server box I have two local backups and one offsite rotating backup that rotates quarterly. Such a setup can definitely capture information that later changes such as deleted posts and IP addresses that are logged before they’re rewritten. Something to consider, especially as backups are important for disaster recovery, especially in the case of handling other people’s data.
thank you for the reminder. i’m currently doing weekly backups offsite, which includes the database and all pictrs data (image data). the off-site backups are all encrypted (i’m currently using restic for this), so again, i’m currently the only one with access to it.