Closed Bug 830899 Opened 12 years ago Closed 12 years ago

Complete Privacy-Policy Review for Foxography

Categories

(Privacy Graveyard :: Product Review, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: bwinton, Assigned: me)

Details

Initial Questions: Project/Feature Name: Foxography Tracking ID: Description: I've developed a website to make it easier for UX to create pages like http://areweprettyyet.com/ Additional Information: A demo is running at http://foxography.jit.su/ The list of feedback is at https://firefox-ux.etherpad.mozilla.org/Foxography Urgency: no rush Key Initiative: I'm not really sure. It's a tool to be used by UX and Engineering… Release Date: Project Status: development Mozilla Data: Yes New or Change: New Mozilla Project: none Mozilla Related: Persona and Bugzilla Separate Party: No Privacy Policy: No Privacy Policy Link: User Data: Yes Data Safety ID: not filed (I store the personaID of the person who created each mockup, is that user data?) Legal ID: not filed
Hello! I'm not sure I understand exactly what this tool does, what data sources it connects to, and what data it stores. Could you find 45 minutes for us to talk about the tool so that I can get a handle on exactly what it is and how it works?
Sure! I'm in Toronto, and have a fairly free schedule, so if there are times you prefer that are before 2:00pm PST, they will probably work for me, too. Having said that, here's the overview of the data I store, and what it's used for. People log in to the site with PersonaID (which is basically their email address). I store that address with every mockup they create, and show it in a dropdown beside the name of the mockups they've created. i.e. bwinton@mozilla.com - Mockup One tom@mozilla.com - Mockup Two james@latte.ca - Mockup Three So, my main question is "Does someone's PersonaID, and things they create based on it, count as personal data?" I think bugzilla itself is in a similar situation, since it stores people's email addresses and displays them on top of the comments they post, so hopefully I can just do whatever bugzilla does. If you have any questions, please let me know when you're available, or bug me on irc anytime. :) Thanks, Blake.
Blake and I chatted over IRC. Foxography is a tool to make pages like <areweprettyyet.com>. A user signs in with Persona, uploads a background image, then adds labels all over it, corresponding to Bugzilla bugs. The user's email address and the bug details are all publicly visible. The app itself never emails people. Here are the outcomes that we agreed: 1. Blake is going to talk to Larissa about making sure that there's a compelling notice that the user's email address will be public. 2. If there's ever a plan to add sharing features, analytics, or to email users, we'll do a separate review of those plans. 3. The app itself doesn't keep any logs, although Blake might need to temporarily log some things from time to time to fix things that break. Regular HTTP/S server logs will be kept while it's under development and in production, according to normal log aggregation/deletion practices. 4. The app will start life on a non-production server so that Blake can rapidly make changes. If it hits 100 users or Blake thinks it's ready, it'll move to production, with full security review and privacy technical followup. Among other things, those reviews should include: * Persona integration safety * Server log aggregation/deletion I think that's everything! Please let me know if I've missed something, or we need to talk about something else.
Group: mozilla-corporation-confidential
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.