As of August 27th, we’ve switched to OpenCage Geocoder, which uses data from the immensely cool OpenStreetMap project. There are many benefits to OpenCage Geocoder, from far more permissive policies, to the right for us to save requests so that we don’t have to perform the same request twice, thus speeding up user interactions and saving money (FindALostPet depends on donations from an Indiegogo campaign).
This switch means far better privacy for you, the end-user. In fact, you can see that just in the difference of the paragraphs. From Version One, part of the third paragraph under Location Data:
When we make a request to Google Maps, we never send any other data than the address or coordinates required. Google has no idea who actually originated the request and we’ll never tell them, or anyone else.
And again, this time in Version Two:
When we make a request to OpenCageData, we never send any other data than the address or coordinates required. OpenCageData has no idea who actually originated the request and we’ll never tell them, or anyone else. We also request that OpenCageData does not log queries.
The one other change we have made in this update is to fix a typo in the first paragraph under What Happens if We’re Hacked? Here:
If that ever happens to us, we promise to inform you as quickly as possible, most likely be email.
If that ever happens to us, we promise to inform you as quickly as possible, most likely by email.
It’s a small thing and there are likely other similar problems elsewhere in the policy. We’ll wait until the next larger update to fix those.
So, read on and enjoy!
We’ve added two extra sections to this. The Important Stuff is stuff we legally need to tell you. What We Do With Everything is what we want to tell you, but don’t have to. You can read the second one at your leasure whenever (it would be awesome if you did sometime).
The Important Stuff
What If This Changes?
What We Do With Everything
It’s best that you know all the information we collect, and what is done with it. Feel free to peruse this at your leasure.
Your Email Address
There are a few ways we may get your email address: If you sign up with it, if someone else invites you to the service, or if you send us an email, usually to email@example.com.
When someone invites you: Because we want as many people on FindALostPet as possible, so as to help the most pets, we provide a service to some people so that they can invite people they know the email addresses of to FindALostPet. When they enter an email address of someone they wish to invite, we save that email address so as to make sure that if it’s ever entered again, by anyone, we don’t send another invite (we don’t want to spam people, especially not people who haven’t signed up). We don’t give this list to anyone nor do we send emails to an address after it’s in the list.
If you email us: When you send an email to any of our team members, or us in general, we of course save your email and your email address and will respond to it whenever. We don’t spam the people who send us emails and we don’t sell the emails or email addresses to anyone else. If your query requires giving an individual email to another person or organisation (say if you mix us up with another lost pet database and we want to be helpful by forwarding your email to them) we will of course send them the relevant part of your email, and, depending on the query, your email address as well.
If you have any concerns about this policy but don’t want to email us about it (we know there’s that problem there), we’re afraid that you will have to get a friend to email us for you. There is no other way to contact us right now, other than messaging us on Twitter, Facebook or Google+, which may not be the best for privacy.
When you sign up for the service or reset or change your password, you give us a password for us to recognise you by (we assume that anyone who can give us both the email address and the password associated with your account is, in fact, you). We never ask you to give us the password for another account and we expect that you will use a password that you have never used before (though it is entirely up to you).
All passwords used for FindALostPet accounts are stored in a hashed form. Hashes are the result of a computer taking a piece of text (lets say “password”) and running a series of mathematical functions on it, to produce another piece of text (so “password” might become “5f4dcc3b5aa765d61d8327deb882cf99”). The cool thing about hashes is that they always produce the same result if given the same original text (so “password” always hashes to “5f4dcc3b5aa765d61d8327deb882cf99,” when using the MD5 hashing algorithm; there are lots of different algorithms producing lots of different hashes and we don’t use MD5).
The other cool thing about hashes is that they’re pretty much impossible to reverse (so, taking “5f4dcc3b5aa765d61d8327deb882cf99,” you cannot algorithmically determine that it is a hash of “password”). This means that even if someone hacks into the website, or one of our team goes snooping (both extremely unlikely events), they still can’t view or use your passwords.
Our servers retain several types of files, logging the activity of users. These logs typically contain the URL of the the page accessed (such as “https://findalostpet.org/?p=signin”), the time of the request, the IP address that made the request and some of the headers associated (such as the browser version and operating system). This information is kept private and is never shared with anyone. On occasion, we may look up the IP address making a request to determine whether or not it is spam.
Unlike most other websites, we do not use third party analytics or trackers. If you’re worried about other websites doing that, check out Ghostery, a free browser addon that blocks trackers as you browse the web.
The third way you might tell us your location is by typing your address. This is of course, again, only something that you do willingly and is assumed as a form of permission to use the data.
We currently share your location data with one organisation, but never in association with you: We check all locations entered using OpenCage Geocoder (OpenCageData), so as to transfer human readable addresses into coordinate pairs and back again. When we make a request to OpenCageData, we never send any other data than the address or coordinates required. OpenCageData has no idea who actually originated the request and we’ll never tell them, or anyone else. We also request that OpenCageData does not log queries.
Maps on the website use map tiles (little images that, when put together, form a larger map of the world) generated by Stamen Design, a San Francisco LLC. In theory the map tiles that are requested, which are requested from your browser directly to them, could identify where you are to Stamen. They’re pretty awesome people (one of their employees actually donated to the launch of FindALostPet) and we trust them enough to do this. You can find out more about Stamen Map tiles (and use them yourself!) here.
We do not save passing location data associated with accounts or IP addresses. Instead, we allow users to save Location-Based Alerts, which are particular locations for which we will alert the user if a pet goes missing near there. We also save location when associated with a pet posting or sighting, but only after the user is given a chance to configure the data, in the form of an address.
Postings, Sightings and Basically All Public Data
All public user-posted data on FindALostPet is covered by our Distribution Policy. Long story short, you maintain exclusive rights to your info and you can delete it at anytime and we’ll make sure it’s off the site and app. However, the info will be public, so we can’t stop people from copying it and redistributing it elsewhere (though we don’t want them to; no one does).
We just don’t do this. And we’ll never do it because 1) it’s evil, 2) we wouldn’t want our data to be sold, 3) it’s your data anyway, we don’t think we have the right to sell it and 4) we don’t need the money; we funded the original launch of FindALostPet on Indiegogo (thanks again to our generous donours!) and we intend to do the same again when the money runs out.
If we ever do sell your data (which will never happen, as explained above), feel free to drag our name through the mud. We’ll have deserved it.
Where Data is Stored
Right now all of your data is stored in three different places: our servers, some of our computers in the form of backups and on your own devices. The first two, we have control over and protect them with our brains and near-on our lives.
The servers, at the moment, are operated by 4GoodHosting, a Canadian hosting company based in Vancouver. They’re pretty awesome people, we’ve had nothing but good service with them and they’re always happy to help us out. We trust them to treat your data with the same, or even more security and professionalism as we do. Their servers are physically located in Toronto and Vancouver.
What Happens if We’re Hacked
All websites really want you to believe that a hack is impossible or extroardinarily unlikely. Unfortunately no system is completely secure. Everyone does their best and everyone does their part to make the Web more secure, but sometimes something really bad happens. If that ever happens to us, we promise to inform you as quickly as possible, most likely by email. Depending on how awful the situation is, we may decide to delete all your data or wipe our entire server. We’ll do our best to alleviate any inconvenience.
If our severs are compromised, we consider it entire within your rights to sue us (after all, that’s what the civil suit system if for), but we would really appreciate it if you didn’t. If we’ve just been hacked, we’re definitely going through a really awful day.
On the bright side, we try our very best to keep the system secure and a hack is pretty unlikely.