From e660fb278a50b5d45687aaba3e94935749b25c12 Mon Sep 17 00:00:00 2001 From: Mel <97147377+MelissaAutumn@users.noreply.github.com> Date: Wed, 11 Dec 2024 15:05:27 -0800 Subject: [PATCH] Update Privacy Policy + Legal Tweaks (#790) (Fixes #789) * Update the privacy policy and add documentation on how to do so. (Fixes #789) * Add anchor underlining, and ids for headers on both privacy and terms. --- backend/.env.example | 4 +- .../appointment/commands/download_legal.py | 21 ++++-- docs/README.md | 3 + docs/updating-legal.rst | 33 +++++++++ frontend/src/assets/legal/en/privacy.html | 74 ++++++++----------- frontend/src/assets/legal/en/terms.html | 32 ++++---- frontend/src/views/LegalView.vue | 3 + legal/services-privacy-policy.md | 59 +++++++++++++++ 8 files changed, 161 insertions(+), 68 deletions(-) create mode 100644 docs/updating-legal.rst create mode 100644 legal/services-privacy-policy.md diff --git a/backend/.env.example b/backend/.env.example index ea39e848b..17b7adef9 100644 --- a/backend/.env.example +++ b/backend/.env.example @@ -106,8 +106,8 @@ REDIS_USE_CLUSTER # In minutes, the time a cached remote event will expire at. REDIS_EVENT_EXPIRE_TIME=15 -TBA_PRIVACY_POLICY_URL= -TBA_TERMS_OF_USE_URL= +TBA_PRIVACY_POLICY_LOCATION=../legal/services-privacy-policy.md +TBA_TERMS_OF_USE_LOCATION=https://raw.githubusercontent.com/mozilla/legal-docs/main/{locale}/websites_tou.md POSTHOG_HOST=https://us.i.posthog.com POSTHOG_PROJECT_KEY= diff --git a/backend/src/appointment/commands/download_legal.py b/backend/src/appointment/commands/download_legal.py index 74918d13d..c78620ace 100644 --- a/backend/src/appointment/commands/download_legal.py +++ b/backend/src/appointment/commands/download_legal.py @@ -5,25 +5,36 @@ import markdown +def open_or_get(path: str): + if path.startswith('http'): + return requests.get(path).text + + # Otherwise it's a path + with open(path, 'r') as fh: + return fh.read() + + def run(): """Helper function to update privacy and terms. Please check to ensure you're not getting a 404 before committing lol. """ print('Downloading the latest legal documents...') - extensions = ['markdown.extensions.attr_list'] + # Attr_List: In-case remote markdown has attributes + # TOC: For ids on headers + extensions = ['markdown.extensions.attr_list', 'markdown.extensions.toc'] # Only english for now. There's no german TB privacy policy? locales = ['en'] for locale in locales: - privacy_policy = os.getenv('TBA_PRIVACY_POLICY_URL').format(locale=locale) - terms_of_use = os.getenv('TBA_TERMS_OF_USE_URL').format(locale=locale) + privacy_policy = os.getenv('TBA_PRIVACY_POLICY_LOCATION').format(locale=locale) + terms_of_use = os.getenv('TBA_TERMS_OF_USE_LOCATION').format(locale=locale) os.makedirs(f'{os.path.dirname(__file__)}/../tmp/legal/{locale}', exist_ok=True) if privacy_policy: print('Privacy policy url found.') - contents = requests.get(privacy_policy).text + contents = open_or_get(privacy_policy) html = markupsafe.Markup(markdown.markdown(contents, extensions=extensions)) with open(f'{os.path.dirname(__file__)}/../tmp/legal/{locale}/privacy.html', 'w') as fh: @@ -31,7 +42,7 @@ def run(): if terms_of_use: print('Terms of use url found.') - contents = requests.get(terms_of_use).text + contents = open_or_get(terms_of_use) html = markupsafe.Markup(markdown.markdown(contents, extensions=extensions)) with open(f'{os.path.dirname(__file__)}/../tmp/legal/{locale}/terms.html', 'w') as fh: diff --git a/docs/README.md b/docs/README.md index 6b5256c2d..fbb50cce0 100644 --- a/docs/README.md +++ b/docs/README.md @@ -2,6 +2,9 @@ This place holds all additional technical documentation for Thunderbird Appointment. +## Documents +* [Updating Legal](./updating-legal.rst) + ## API endpoints After starting the backend container, you can find the API documentation here: diff --git a/docs/updating-legal.rst b/docs/updating-legal.rst new file mode 100644 index 000000000..f784371f0 --- /dev/null +++ b/docs/updating-legal.rst @@ -0,0 +1,33 @@ +-------------- +Updating Legal +-------------- + +Legal documents are not hand-built but transformed from markdown to html via a backend command. Originally this was to automatically grab the latest privacy policy and terms of service documents from Mozilla's legal repository. + +Requirements +------------ + +* Ensure you have both ``TBA_PRIVACY_POLICY_LOCATION`` and ``TBA_TERMS_OF_USE_LOCATION`` set in your .env or system environment. +* Ensure you have the backend setup as per the backend's readme file. + +Updating Local Legal Markdown +----------------------------- + +If you're tasked with updating a legal document that's not on a remote server you'll need to download the Google Document as a markdown file and place it in `appointment/legal`. If the file is not already hooked up with one of the two env variables above please do so. + + +Downloading And Rendering The Latest Documents +---------------------------------------------- + +Run the following command from the backend folder: + +.. code-block:: shell + + run-command main download-legal + +This will download / render the markdown files to html and place them in ``appointment/backend/tmp/legal/en/*.html``. + +Updating The Frontend Legal Html Files +-------------------------------------- + +Once you've downloaded and rendered the markdown files to html you can copy the files directly to the frontend's legal assest folder located in: `appointment/frontend/src/assets/legal/en`. diff --git a/frontend/src/assets/legal/en/privacy.html b/frontend/src/assets/legal/en/privacy.html index 1638b41eb..3f23644a1 100644 --- a/frontend/src/assets/legal/en/privacy.html +++ b/frontend/src/assets/legal/en/privacy.html @@ -1,48 +1,32 @@ -

Thunderbird Privacy Notice

-

Last updated September 30, 2024

-

The Thunderbird Desktop, Thunderbird for Android, and K-9 Mail applications (together, “Thunderbird”) allow users to privately integrate and manage their online communications. K-9 Mail is a variant of Thunderbird for Android. All references to “Thunderbird” or “Thunderbird for Android” apply equally to K-9 Mail.

-

This Privacy Notice explains what data Thunderbird collects and shares, and why. We also adhere to the Mozilla Privacy Policy for how we receive, handle, and share information.

-

Thunderbird Collects Data To:

-

Improve Performance, Stability, and Functionality For Our Users

-

Thunderbird sends telemetry about your interactions with Thunderbird to us. There are two types of telemetry data: interaction data and technical data.

-

Interaction data: Thunderbird receives measurements about how you use Thunderbird and how well it’s working, such as, whether calendars and filters are being used, and how many email accounts a user has.

-

Technical data: Thunderbird also receives environment data from your device, such as, application version, hardware configuration, device operating system, and language preference. When Thunderbird sends technical data to us, your IP address is temporarily collected as part of our server logs.

-

We use this information to make better decisions on which features should remain included or need to be changed, identify improvements for new features we implement, and find other ways to improve Thunderbird for all our users. Read the telemetry documentation for Thunderbird Desktop or Thunderbird for Android to learn how to opt-out of this data collection. Mozilla’s data dictionary contains information on some of the data points collected.

-

Set-Up, Configure, and Process Your Email

-

Thunderbird collects your email domain and other technical data to set-up and configure your email account. Other information, like your name, your email messages, and your account’s address book are stored and processed locally on your device and never sent to us. Learn more here.

-

Email domain: Thunderbird receives your email address domain. Your full email address is never processed or stored on our servers (unless you choose to share it when you send a crash report).

-

Sending Email: When using Thunderbird to send an email, you can choose recipients from your contacts. You may optionally attach data such as photos, videos, and audio files to your message. This data is exchanged via your email server between you and the recipient of your email and is never shared with us.

-

Technical data: Thunderbird also receives information about the application’s version and device operating system. When Thunderbird sends technical data to us, your IP address is temporarily collected as part of our server logs.

-

Set Up and Configure Your Calendar (Desktop Only)

-

Thunderbird collects the domain for your email/calendar, as well as technical data to set up and configure your calendar. Other information, like your name, your calendar events, and event attendees are stored and processed locally on your computer and never sent to us.

-

You can connect your Google, Microsoft, or Apple calendar to Thunderbird and control your calendar right from Thunderbird.

-

We do not store your content from integrating Apple Calendar, Google Calendar, or Microsoft 365 with Thunderbird. That information stays on your computer. Nor do we share your content with any third party other than your calendar provider and anyone you specifically choose to send the appointments to.

-

Set Up and Schedule Calendar Appointments with Thunderbird Appointment

+

Thunderbird Pro Services Privacy Notice

+

Last updated December 3, 2024

+

Thunderbird Services (the “Services”) are a collection of online services that integrate with Thunderbird and other applications to enable users to manage their communications, appointments, and files.

+

The Services are operated by MZLA Technologies, Inc., a wholly-owned subsidiary of the Mozilla Foundation. These Mozilla entities are referred to in this Privacy Notice as “Thunderbird.”

+

This Privacy Notice explains what data Thunderbird collects and shares, and why. It is an addendum to the Mozilla Privacy Policy which, together with this Privacy Notice, governs how we receive, handle, and share information.

+

Thunderbird Collects Data To:

+

Authenticate you to the Services

+

To use the Services, you must register for a Mozilla account. When you log in to the Services using your Mozilla account, we store an authentication token associated with your login session. We retain this token until you log out, or your session expires.

+

Your Mozilla account information is stored separately, and that information is governed by the Mozilla Accounts Privacy Notice.

+

Manage Calendar Appointments and Schedule Meetings

With Thunderbird Appointment, you can allow others to schedule appointments on your calendar.

You can connect your Google, Microsoft, or Apple calendar to Thunderbird Appointment to assist with scheduling.

-

If you choose to connect your Apple Calendar, Microsoft 365, or Google Calendar to Thunderbird Appointment, we will receive basic information about your calendar invites such as the title, date, stated location, the name and emails of the attendees, and any text in the appointment to display them within Thunderbird Appointment and allow you to invite others to schedule time in your calendar. We will receive technical and interaction data about your interactions with this feature such as how many events you create, whether you have connected to a Google, Microsoft, or Apple account.

-

We will only use your data to provide and improve the Thunderbird Appointment service.

-

Review Crash Reports

-

Thunderbird Desktop

-

If Thunderbird crashes, we will ask you to share a report with more detailed information about the crash, but you always have the choice to decline. Thunderbird uses the information in the crash report to diagnose and correct the problem that caused the crash.

-

Sensitive data: Crash reports include a “dump file” of Thunderbird’s memory contents at the time of the crash, which may contain data that identifies you or is otherwise sensitive to you.

-

Webpage data: Crash reports include any active URLs at time of crash.

-

Add-on data: Crash reports include a list of all add-ons that you were using at the time of the crash, and the time since: the start-up of the program, the last crash, and the last install.

-

Technical data: Crash reports include data on why Thunderbird crashed and the state of device memory and execution during the crash. When Thunderbird sends technical data to us, your IP address is temporarily collected as part of our server logs.

-

Email address: If you choose, crash reports include your email address.

-

Read the full documentation here.

-

Thunderbird for Android

-

Google collects crash reports for all Android apps installed via the Play Store. These reports are accessible to us, together with other analytics automatically collected by Google.

-

Improve Security for Our Users Everywhere

-

Technical data for updates: To ensure you have the most up-to-date version of the product, Thunderbird Desktop checks for updates by periodically connecting to Thunderbird’s servers. Your application version, language, and device operating system are used to apply the correct updates. Learn more.

-

Technical data for add-ons blocklist: To help to protect you from any malicious add-ons, Thunderbird Desktop periodically checks for blocklisted add-ons. Your Thunderbird version and language, device operating system, and list of installed add-ons are needed to apply and update the add-ons blocklist. Learn more.

-

Install and Update Add-Ons (Desktop Only)

-

You can install add-ons for Thunderbird Desktop from addons.thunderbird.net or from the Thunderbird Add-ons Manager, which is accessible by clicking on Tools > Add-ons. To keep your installed add-ons up to date—like add-on descriptions, download counts, and ratings—the Thunderbird application periodically connects to our servers to install any updates.

-

Search queries: If you enter keywords into the search field for the Add-ons Manager, those keywords will be sent to Thunderbird to perform the search.

-

Interaction data: We receive aggregate data about visits to the Thunderbird website and the Add-ons Manager in Thunderbird, as well as interactions with content on those pages. Read about data practices on Mozilla websites.

-

Technical data for updates: Thunderbird periodically connects to our server to install updates to add-ons. Your installed add-ons, application version, language, and device operating system are used to apply the correct updates. When Thunderbird sends technical data to us, your IP address is temporarily collected as part of our server logs.

-

Thunderbird May Disclose Information To:

+

Calendars

+

To use Appointment, you must connect one or more calendars:

+ +

If you connect a calendar to Appointment, we will receive basic information about your calendar invites such as the title, date, stated location, the name and emails of the attendees, and any text in the appointment. We use your calendar data to display your scheduled appointments to you, and to display your “free/busy” times (without any appointment details) to others to allow them to book appointments with you.

+

Meetings

+

You can connect your Zoom or Google Meet account to Appointments, to schedule meetings. To do this, you must login to your Zoom or Google account to authorize Appointment to access your account. We then store an OAuth authentication token that we use to retrieve data from your calendars.

+

Integration with these services enables Appointments to create meetings on your behalf and add them to your calendar. However, we do not collect any personal data from your account on Zoom or Google Meet.

+

Improve Performance, Stability, and Functionality For Our Users

+

We use third-party metrics and analytics services to enable us to make better decisions on which features should remain included or need to be changed, identify improvements for new features we implement, and find other ways to improve the Services for all our users. These service providers collect the following kinds of data on our behalf when you use our Services:

+

Interaction data: Measurements about how you use the Services and how well they’re working.

+

Technical data: Environment data from your device, such as browser version, hardware configuration, device operating system, and language preference. Our service providers receive your IP address, but we have configured these services not to store them.

+

Use of OAuth Information

+

OAuth is a secure authorization protocol that allows third-party applications to access resources without sharing login credentials. Thunderbird uses OAuth to connect with certain email or calendar providers that mandate or prefer its use, such as Google, Yahoo, and Microsoft.

+

When using OAuth to authorize access to your email or calendars, all data is strictly exchanged over an encrypted connection between your browser and the OAuth service. Thunderbird does not collect, access, or store any sensitive information exchanged during this process. When authentication is complete, we receive an OAuth token, which we store in an encrypted database so that we can access the account on your behalf.

+

Thunderbird May Disclose Information To:

+

In addition to the reasons stated in the Mozilla Privacy Policy, we may share your personal information with the following:

Mozilla Affiliates: Thunderbird is a project of MZLA Technologies Corporation, a subsidiary of Mozilla Foundation and an affiliate of Mozilla Corporation, and as such, shares some of the same infrastructure. This means that, from time to time, your data (e.g., crash reports, and technical and interaction data) may be disclosed to Mozilla Corporation and Mozilla Foundation. If so, it will be maintained in accordance with the commitments we make in this Privacy Notice.

-

DNS servers, Standard Autoconfiguration URIs, and Mozilla's Configuration Database: To simplify the email set-up process, Thunderbird tries to determine the correct settings for your account by contacting Mozilla’s configuration database as well as external servers. These include DNS servers and standard autoconfiguration URIs. During this process, your email domain may be sent to Mozilla's configuration database, and your email address may be disclosed to your network administrators.

-

Amazon Web Services: Thunderbird uses Amazon Web Services (AWS) to host its servers and as a content delivery network. Your device’s IP address is collected as part of AWS’s server logs.

-

Email address providers (Desktop Only Legacy): Prior to version 128, Thunderbird partnered with Gandi.net and Mailfence to allow you to create a new email address through Thunderbird. If you choose to use this feature, your email address search terms are sent to Gandi.net and Mailfence to return available addresses. In addition, your country location is also shared to provide the correct prices. You can learn more about Gandi.net’s and Mailfence’s data practices by reading their privacy notices.

\ No newline at end of file diff --git a/frontend/src/assets/legal/en/terms.html b/frontend/src/assets/legal/en/terms.html index 09306a63f..64d393338 100644 --- a/frontend/src/assets/legal/en/terms.html +++ b/frontend/src/assets/legal/en/terms.html @@ -1,14 +1,14 @@ -

Websites & Communications Terms of Use

+

Websites & Communications Terms of Use

June 23, 2016

-

Terms of Use

-

1. Introduction

+

Terms of Use

+

1. Introduction

Please read the terms of this entire document  (“Terms”) carefully because it explains your rights and responsibilities when you visit any of Mozilla’s websites (“Websites”), or related feeds, social media, newsletters, source code repositories, and emails (together with Websites, these are collectively referred to as “Communications”). By accessing or signing up to receive Communications, you agree to be bound by these Terms.

Our Websites include multiple domains such as mozilla.org, mozillians.org, firefox.com, mozillafestival.org, openstandard.com, openbadges.org and webmaker.org. You may also recognize our Websites by nicknames such as Bugzilla@Mozilla, BMO, MozWiki, MoPad, MozReps, MDN, Marketplace, One and Done, SUMO, and AMO. Some of our Websites connect you with links, apps or add-ons that are provided by other parties and are subject to separate Terms.

-

2. Account Registration

+

2. Account Registration

Some Websites require you to register for an account in order to access additional features of a Website or another Mozilla service. If applicable, additional terms will be presented to you. You are responsible for all activities under your account.

Some Websites allow you to create a username during registration. Your use of a username must comply with our Acceptable Use Policy.

-

3. Content Licensing

+

3. Content Licensing

Our Communications include content such as articles, images, photographs, comments, software code, audio and video clips, and other materials (collectively, “Content”).  Content is authored by Mozilla, contributors to Mozilla projects, and other sources.

Content authored by Mozilla is generally made available for public sharing and reuse through open licenses such as Creative Commons (for expressive material) or the Mozilla Public License (for software code).  In most cases we ask Mozilla contributors to release Content under open licenses.

Some Content in our Communications is acquired from sources that prohibit further use of their Content without advance permission.  Where possible, the Content or Website footer will display a notice with the applicable license. You agree to abide by such notices.  Note the following specifics:

@@ -17,7 +17,7 @@

3. Content Licensing

  • Some Content contains trademarks, trade dress, logos and brand assets of Mozilla and other parties (“Trademarks”).  Except for a few limited circumstances, Trademarks cannot be used without advance written permission of the owner of the Trademark.  Learn more on Mozilla trademarks.
  • Software used by our Websites is licensed under the MPL or similarly permissive open source licenses. For more information on the specific license, please see the applicable source code or GitHub repository.
    • -

    4. Content Submissions

    +

    4. Content Submissions

    You may contribute Content when interacting with our Communications, including but not limited to commenting on an article, blogging, contributing code, or contributing graphics or written material (each a “Submission”). Unless your Submission is made under a separate agreement with Mozilla, in which case that agreement will govern, then

    For Submissions to Mozilla's open source projects:

    -

    5. Privacy Policy & Cookies

    +

    5. Privacy Policy & Cookies

    The Mozilla Websites, Communications & Cookies Privacy Notice describes how we handle information that we receive from you in connection with our Communications. The Privacy Notice explains, for example, that we place certain cookies on our Websites and how you can opt-out.

    -

    6. Communications and Events

    +

    6. Communications and Events

    If you subscribe to receive our newsletters or register for an account in connection with any of our Websites, you may receive transactional emails from us in connection with your account (for example, legal, privacy, and security updates).

    Some of our Websites have online tools that allow you to send emails to others. For example, you can invite your contacts to events on Mozillians.  You agree not to misuse others’ email addresses (for example, by spamming them).

    Other Websites, like MozReps, provide tools that enable users to arrange physical events for anyone to attend. Please exercise caution and good judgment when attending events.

    -

    7. Notice of Claimed Infringement

    +

    7. Notice of Claimed Infringement

    For more information on how to report claims of copyright or trademark infringement, please see: https://www.mozilla.org/about/legal/report-infringement/.

    -

    8. Term; Termination

    +

    8. Term; Termination

    These Terms will continue to apply until ended by either you or Mozilla. You can choose to end them at any time for any reason by discontinuing your use of our Communications and, if applicable, deleting your account.

    We may suspend or terminate your access to our Communications at any time for any reason, including, but not limited to, if we reasonably believe: (i) you have violated these Terms, our Acceptable Use Policy, or other relevant policy; (ii) you create risk or possible legal exposure for us; or (iii) our provision of the Communications to you is no longer commercially viable.

    In all such cases, these Terms shall terminate, except that the following sections shall continue to apply: Indemnification, Disclaimer; Limitation of Liability, Miscellaneous.

    -

    9. Indemnification

    +

    9. Indemnification

    You agree to defend, indemnify and hold harmless Mozilla, its contractors, contributors, licensors, and partners; and the respective directors, officers, employees and agents of the foregoing ("Indemnified Parties") from and against any and all third party claims and expenses, including attorneys' fees, arising out of or related to your use of our Communications (including, but not limited to, from your Submissions or from your violation of any these Terms).

    -

    10. Disclaimer; Limitation of Liability

    +

    10. Disclaimer; Limitation of Liability

    THE COMMUNICATIONS ARE PROVIDED "AS IS" WITH ALL FAULTS. TO THE EXTENT PERMITTED BY LAW, MOZILLA AND THE INDEMNIFIED PARTIES HEREBY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES THAT THE COMMUNICATIONS ARE FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE, AND NON-INFRINGING. YOU BEAR THE ENTIRE RISK AS TO USING THE COMMUNICATIONS FOR YOUR PURPOSES AND AS TO THE QUALITY AND PERFORMANCE OF THE COMMUNICATIONS, INCLUDING WITHOUT LIMITATION THE RISK THAT YOUR HARDWARE, SOFTWARE, OR CONTENT IS DELETED OR CORRUPTED, THAT SOMEONE ELSE GAINS UNAUTHORIZED ACCESS TO YOUR INFORMATION, OR THAT ANOTHER USER MISUSES OR MISAPPROPRIATES YOUR SUBMISSION. THIS LIMITATION WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES, SO THIS DISCLAIMER MAY NOT APPLY TO YOU.

    EXCEPT AS REQUIRED BY LAW, MOZILLA AND THE INDEMNIFIED PARTIES WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN ANY WAY RELATING TO THESE TERMS OR THE USE OF OR INABILITY TO USE THE COMMUNICATIONS, INCLUDING WITHOUT LIMITATION DIRECT AND INDIRECT DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOST PROFITS, LOSS OF DATA, AND COMPUTER FAILURE OR MALFUNCTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF THE THEORY (CONTRACT, TORT, OR OTHERWISE) UPON WHICH SUCH CLAIM IS BASED. THE COLLECTIVE LIABILITY OF MOZILLA AND THE INDEMNIFIED PARTIES UNDER THIS AGREEMENT WILL NOT EXCEED $500 (FIVE HUNDRED DOLLARS). SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL, CONSEQUENTIAL, OR SPECIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.

    -

    11. Modifications to these Terms

    +

    11. Modifications to these Terms

    We may update these Terms from time to time to address a new feature of the Communications or to clarify a provision. The updated Terms will be posted online. If the changes are substantive, we will announce the update through our usual channels for such announcements such as blog posts, banners, emails, or forums. Your continued use of our Communications after the effective date of such changes constitutes your acceptance of such changes. To make your review more convenient, we will post an effective date at the top of this page.

    -

    12. Miscellaneous

    +

    12. Miscellaneous

    These Terms constitute the entire agreement between you and Mozilla concerning our Communications and supersede any prior versions of these Terms. The Communications and these Terms are governed by the laws of the state of California, U.S.A., excluding its conflict of law provisions. All claims and disputes arising out of the Communications or these Terms shall be brought exclusively in the courts of Santa Clara County, California, and you consent to personal jurisdiction in those courts. If any portion of these Terms is held to be invalid or unenforceable, the remaining portions will remain in full force and effect. In the event of a conflict between a translated version of these Terms and the English language version, the English language version shall control. In the event of a conflict between these Terms and relevant additional terms, the additional terms shall control.

    -

    13. Contact Us

    +

    13. Contact Us

    Mozilla
    Attn: Mozilla – Legal Notices
    149 New Montgomery St.
    @@ -62,4 +62,4 @@

    13. Contact Us

    USA
    Telephone: 650-903-0800
    Fax: 650-903-0875
    -Legal-notices at mozilla.com

    \ No newline at end of file +Legal-notices at mozilla.com

    diff --git a/frontend/src/views/LegalView.vue b/frontend/src/views/LegalView.vue index 412b54f94..f3eec8543 100644 --- a/frontend/src/views/LegalView.vue +++ b/frontend/src/views/LegalView.vue @@ -45,5 +45,8 @@ onMounted(async () => { p:first-of-type { @apply font-semibold; } + a { + @apply underline; + } } diff --git a/legal/services-privacy-policy.md b/legal/services-privacy-policy.md new file mode 100644 index 000000000..00f475989 --- /dev/null +++ b/legal/services-privacy-policy.md @@ -0,0 +1,59 @@ +# **Thunderbird Pro Services Privacy Notice** + +Last updated December 3, 2024 + +Thunderbird Services (the “Services”) are a collection of online services that integrate with Thunderbird and other applications to enable users to manage their communications, appointments, and files. + +The Services are operated by MZLA Technologies, Inc., a wholly-owned subsidiary of the Mozilla Foundation. These Mozilla entities are referred to in this Privacy Notice as “Thunderbird.” + +This Privacy Notice explains what data Thunderbird collects and shares, and why. It is an addendum to the [Mozilla Privacy Policy](https://www.mozilla.org/privacy/) which, together with this Privacy Notice, governs how we receive, handle, and share information. + +## **Thunderbird Collects Data To:** + +### **Authenticate you to the Services** + +To use the Services, you must register for a [Mozilla account](https://www.mozilla.org/en-US/account/). When you log in to the Services using your Mozilla account, we store an authentication token associated with your login session. We retain this token until you log out, or your session expires. + +Your Mozilla account information is stored separately, and that information is governed by the [Mozilla Accounts Privacy Notice](https://accounts.firefox.com/legal/privacy). + +### **Manage Calendar Appointments and Schedule Meetings** + +With Thunderbird Appointment, you can allow others to schedule appointments on your calendar. + +You can connect your Google, Microsoft, or Apple calendar to Thunderbird Appointment to assist with scheduling. + +#### Calendars + +To use Appointment, you must connect one or more calendars: + +* To connect a Google Calendar, you must login to Google to authorize Appointment to access your calendar data. We then store an OAuth authentication token that we use to retrieve data from your calendars. +* To connect a calendar on a CalDAV server, you must provide the server URL and your username and password for that server. We store these credentials in an encrypted database and use them to retrieve calendar data on your behalf. + +If you connect a calendar to Appointment, we will receive basic information about your calendar invites such as the title, date, stated location, the name and emails of the attendees, and any text in the appointment. We use your calendar data to display your scheduled appointments to you, and to display your “free/busy” times (without any appointment details) to others to allow them to book appointments with you. + +#### Meetings + +You can connect your Zoom or Google Meet account to Appointments, to schedule meetings. To do this, you must login to your Zoom or Google account to authorize Appointment to access your account. We then store an OAuth authentication token that we use to retrieve data from your calendars. + +Integration with these services enables Appointments to create meetings on your behalf and add them to your calendar. However, we do not collect any personal data from your account on Zoom or Google Meet. + +### **Improve Performance, Stability, and Functionality For Our Users** + +We use third-party metrics and analytics services to enable us to make better decisions on which features should remain included or need to be changed, identify improvements for new features we implement, and find other ways to improve the Services for all our users. These service providers collect the following kinds of data on our behalf when you use our Services: + +**Interaction data**: Measurements about how you use the Services and how well they’re working. + +**Technical data**: Environment data from your device, such as browser version, hardware configuration, device operating system, and language preference. Our service providers receive your IP address, but we have configured these services not to store them. + +## **Use of OAuth Information** + +OAuth is a secure authorization protocol that allows third-party applications to access resources without sharing login credentials. Thunderbird uses OAuth to connect with certain email or calendar providers that mandate or prefer its use, such as Google, Yahoo, and Microsoft. + +When using OAuth to authorize access to your email or calendars, all data is strictly exchanged over an encrypted connection between your browser and the OAuth service. Thunderbird does not collect, access, or store any sensitive information exchanged during this process. When authentication is complete, we receive an OAuth token, which we store in an encrypted database so that we can access the account on your behalf. + +## **Thunderbird May Disclose Information To:** + +In addition to the reasons stated in the [Mozilla Privacy Policy](https://www.mozilla.org/privacy/), we may share your personal information with the following: + +**Mozilla Affiliates**: Thunderbird is a project of MZLA Technologies Corporation, a subsidiary of Mozilla Foundation and an affiliate of Mozilla Corporation, and as such, shares some of the same infrastructure. This means that, from time to time, your data (e.g., crash reports, and technical and interaction data) may be disclosed to Mozilla Corporation and Mozilla Foundation. If so, it will be maintained in accordance with the commitments we make in this Privacy Notice. +