Later this month the GDPR will take effect, and in adhering to its legal provisions, we're taking the opportunity to update our privacy policy. These changes reflect our organizational operations and our ethical perspectives.

Notification of Changes

Rev I. In the event this Policy is updated, changes will be posted on the Site no less than one week in advance so users remain aware of information collected, how it is used, and under what circumstances, if any, it is disclosed.

Rev II. In the event this Policy is updated, changes will be posted on the Site in detail so users remain aware of information collected, how it is used, and under what circumstances, if any, it is disclosed.

The original language focused on the timeliness of informing users of policy changes, while our new language holds us to a higher standard of explaining the changes. We believe it is disingenuous to introduce a new privacy policy, even in advance, without a straightforward explanation.

Protection of Financial Information

We removed this section in its entirety. The Financial Services Modernization Act of 1999 does not apply to our products or services, and we neither collect nor provide financial information.

Information Collection

Rev I. For the purposes of your privacy, this website does not collect any visitor metadata. All server-side logging has been permanently disabled, preventing collection of data such as date and time of access. Personally identifiable information is only ever collected through the encrypted contact form. The Site was solely designed and developed by Ethan Frederick Grant, and does not employ third-party software, javascript, or cookies.

Rev II. To ensure your privacy, this website does not collect any visitor metadata. All server-side logging has been permanently disabled, preventing collection of data such as date and time of access. The Site was carefully developed by hand, and does not use third-party software, analytics, or cookies.

Language regarding the contact form was moved to Protection of Communications which we feel is now more comprehensive (see below). We also call attention to the fact that the site is coded by hand, each line of code written with privacy in mind. Lastly, we replaced the reference to "javascript" with "analytics" because the main menu and contact form both require a few lines of javascript. We believe the new language clarifies our opposition to the collection of analytics, rather than use of javascript generally.

Protection of Children

Rev I. In accordance with the Children’s Online Privacy Protection Act of 1998, NefLabs does not knowingly collect Information from persons under the age of thirteen (13).

Rev II. In accordance with the General Data Protection Regulation of 2018, NefLabs does not knowingly collect Information from persons under the age of sixteen (16).

We find that the GDPR supersedes COPPA globally, and in an effort to maintain policies which reflect international law, we are raising the minimum age of persons from whom we may collect information.

Protection of Communications

Rev I. In accordance with the Electronic Communications Privacy Act of 1986, and in an effort to protect Information from subpoena, all Site-related email messages older than one-hundred eighty (180) days are deleted. All Site-based communications are encrypted for your privacy. The Site has never received an order to disclose the private decryption key to these communications.

Rev II. Messages received through the contact form are anonymous. In accordance with the Electronic Communications Privacy Act of 1986, and in an effort to protect Information from subpoena, messages older than seven (7) days are deleted. For your privacy, all messages received through the contact form are encrypted at rest with a rotating 4096-bit key. The Site has never received an order to disclose the private decryption key to these communications.

This section was updated to more accurately reflect our organizational operations. To clarify, we do not collect "email" on the site; our contact form stores messages as encrypted text. Although the ECPA allows us to hold messages up to 180 days without the potential for subpoena, we typically delete messages immediately after we receive them, and the new 7-day window is an honest reflection of our practices.

We also took the opportunity to clarify how messages received through the contact form are encrypted. Although messages are protected in transit using TLS 1.2, they are also encrypted at rest using a 4096-bit key, which is refreshed at random intervals.

If you have questions regarding our new policy, please reach out to us. We're happy to clarify our statements, address your concerns, and throw shade on corporations with terrible privacy policies.

Published May 04, 2018

We depend on the support of readers like you to fund research initiatives and product development.