Skip to content

Instantly share code, notes, and snippets.

@lzlrd

lzlrd/Privacy Policy.md

Created April 11, 2025 13:14
Show Gist options
  • Save lzlrd/b6f3f1a7cfe1ba2df007e79885c41ecc to your computer and use it in GitHub Desktop.
Save lzlrd/b6f3f1a7cfe1ba2df007e79885c41ecc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Privacy Policy.md

Privacy Policy for Services Provided by Diab Neiroukh (ayoo.by / thezest.dev)

Effective Date: April 11, 2025 Last Updated: April 11, 2025

1. Introduction

Welcome to the services provided by Diab Neiroukh ("we," "us," or "our") via the domains ayoo.by, thezest.dev, and any associated subdomains or platforms (collectively, the "Services").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use the Services.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

2. Data Controller Information

The Data Controller responsible for the processing of personal data via these Services is:

Diab Neiroukh

Email: [email protected]

3. Information We Collect

We may collect information about you in a variety of ways when you use our Services. The information we may collect includes:

  • Personal Data You Provide:

    • Account Information: When you register for an account on any of our Services, we may collect your username, email address, and password (stored in a hashed format). You might optionally provide additional profile information depending on the specific service.
    • User Content: Depending on the Service used, this may include any files, website data, databases, source code, documents, photos, videos, calendar events, contacts, tasks, notes, chat messages, email content, comments, configuration settings, and other data you upload, create, store, process, send, receive, sync, or share using the Services.
    • Communication Data: Information you provide when you contact us for support, provide feedback, or otherwise communicate with us.

  • Data Collected Automatically:

    • Log and Usage Data: Our servers automatically log technical information when you access or use the Services. This may include your IP address, browser type and settings, device information, operating system, access times, pages or resources viewed/accessed, actions taken (like logins, file operations, service configurations), error logs, and potentially referring website addresses. This data is primarily used for security monitoring, troubleshooting, service administration, and ensuring the stability and performance of the Services.
    • Cookies: We use necessary cookies primarily for managing user sessions, authentication, security, and enabling core functionality of the Services you use.

4. How We Use Your Information

We use the information we collect for various purposes essential to providing the Services:

  • To Provide and Maintain the Services: To create and manage your account, host your data (websites, files, emails, etc.), enable specific features, sync data where applicable, and deliver the core functionality you expect from the Services used.
  • To Improve the Services: To monitor and analyze usage patterns, troubleshoot technical issues, and understand how users interact with the Services to maintain and enhance performance, usability, and features.
  • To Ensure Security: To monitor for and prevent fraudulent, unauthorized, or malicious activity, enforce our terms of service (if applicable), and protect the security and integrity of the Services, our infrastructure, and our users' data.
  • To Communicate With You: To respond to your support requests, questions, and feedback; and to send you important technical notices, updates, security alerts, and administrative messages related to the Services you use.
  • To Comply with Legal Obligations: To comply with applicable laws, regulations, legal processes, or governmental requests relevant in the United Kingdom.

5. Legal Basis for Processing (UK GDPR)

Our legal basis for collecting and using the personal information described above under the UK General Data Protection Regulation (UK GDPR) depends on the personal information concerned and the specific context:

  • Performance of a Contract: We process personal data like your account information and the user content you store/process because it is necessary to provide the specific Service(s) you have requested or signed up for.
  • Legitimate Interests: We process data like server logs and usage data for our legitimate interests in operating, securing, managing, and improving the Services, provided these interests are not overridden by your data protection interests or fundamental rights and freedoms.
  • Consent: For any processing activities where we might specifically ask for your consent (e.g., optional communications, certain non-essential cookies if ever introduced), we would rely on that consent. You would have the right to withdraw it at any time.
  • Legal Obligation: We may process data where necessary to comply with a legal obligation to which we are subject in the UK.

6. Data Sharing and Disclosure

We respect your privacy and do not sell your personal information. We will not share your personal data except in the following limited circumstances:

  • With Other Users (As Directed By You): If you use features within a Service designed for sharing or collaboration (e.g., shared folders in Nextcloud, shared hosting permissions, shared code repositories), the relevant data will be accessible to those individuals you authorize.
  • Service Administration: As the primary administrator, Diab Neiroukh may require access to user accounts and data for essential maintenance, troubleshooting, security investigations, backups, and administrative purposes related to the Services. Access is strictly controlled.
  • Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, subpoena, or court order applicable in the UK; (ii) protect and defend our rights or property; (iii) prevent or investigate possible wrongdoing in connection with the Services; (iv) protect the personal safety of users of the Services or the public; or (v) protect against legal liability.
  • Third-Party Service Providers: While services are primarily managed in-house, we might engage third-party vendors for essential infrastructure or functions (e.g., domain registrars, network providers, potential future backup solutions). If necessary, these providers would only be given access to information required to perform their specific task and would be obligated to maintain confidentiality and security. We will exercise diligence in selecting any such providers.

7. Data Storage and Security

  • Storage Location: Your data, including files, configurations, and account information, is stored on servers managed by Diab Neiroukh located in London, United Kingdom.
  • Security Measures: We implement reasonable technical and organizational security measures designed to protect your personal information. These include encryption in transit (e.g., HTTPS/TLS) where supported by the specific service, and encryption at rest for stored user data. We also utilize firewalls, access controls, regular software updates, and security monitoring. However, please remember that no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

8. Data Retention

We retain your personal information for as long as your account is active, the relevant Service is being provided to you, or as needed to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Data is not automatically deleted upon account inactivity. To request the deletion of your account and associated personal data, please contact us directly at [email address removed]. Upon receiving and verifying a deletion request, we will process it in a timely manner. Please note that deleted data may remain in system backups for 12 months before being permanently erased, and we may be legally required to retain certain information for specific periods.

We retain server logs required for security analysis and for diagnosing and resolving technical issues. These logs are kept for extended periods for these essential security and analytical purposes, without a predefined automatic deletion date. Access to these logs is restricted.

9. Your Data Protection Rights (UK GDPR)

As we operate under UK jurisdiction, you have rights under the UK GDPR regarding your personal data:

  • Right of Access: You can request access to the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data. Often, you can update profile information directly via the relevant Service interface.
  • Right to Erasure ('Right to be Forgotten'): You can request the deletion of your personal data by contacting us, subject to certain conditions (e.g., it's no longer necessary for the purpose collected, subject to backup cycles and legal holds).
  • Right to Restrict Processing: You can request that we restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability: You can request a copy of the personal data you have provided to us (your User Content) in a structured, commonly used, and machine-readable format where technically feasible (e.g., downloading files, database exports).
  • Right to Object: You can object to the processing of your personal data based on our legitimate interests.
  • Right to Withdraw Consent: If we ever rely on your consent for specific processing, you have the right to withdraw it at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO), if you believe our processing of your personal data infringes data protection laws. You can find their contact details at www.ico.org.uk.

To exercise any of these rights (except lodging a complaint with the ICO), please contact us at [email protected]. We may need to verify your identity before processing your request.

10. Cookies

We use essential cookies necessary for the operation of the Services, such as managing your session, authentication, and ensuring security. These cookies do not typically store personally identifiable information beyond what's needed for the technical function.

11. Children's Privacy

The Services are not intended for use by individuals under the age of 13 (in line with the UK GDPR age of consent). We do not knowingly collect personal data from children under 13. If you are under 13, please do not use the Services or provide any personal information without verifiable parental consent. If we become aware that we have collected personal data from a child under 13 without such consent, we will take steps to remove that information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date and will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

13. Contact Us

If you have questions or comments about this Privacy Policy or your data, please contact us:

Diab Neiroukh

Email: [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment