Privacy Policy
Modification Date: M03/D23/Y24 (March 23, 2024)
This privacy policy will explain what information is collected when you access and make use of this website. This privacy policy will explain the following: the uses of the information, the way we secure and protect such information, who has access to this information, the location where this information is stored, and when the information is collected. This policy applies only to self-hosted services: the main website (thenewoil.org), Lemmy, Matrix, Mastodon, and PeerTube. It does not include external platforms such as (but not limited to) YouTube, Proton, Tuta, Bluesky, and others. Please see those services for their privacy policy. Please note that our blog and shop are not self-hosted. The blog is hosted on Write.As and the shop uses BigCartel & Printful.
What data is collected, when, and why
Data auomatically collected
From thenewoil.org
- The geographical location of the user/visitor (based on IP address).
- The visit duration of how long the user/visitor has stayed on the website.
- Which pages were visited
- The OS (operating system) of the user/visitor.
- The browser (Chrome, Firefox, Safari) of the user/visitor.
- The referrer URL (the website the user came from) of the user/visitor.
From mastodon.thenewoil.org, peertube.thenewoil.org, and nextcloud.thenewoil.org:
- We do not collect any analytics by default from visitors who are not signed in except for view count on PeerTube videos.
- If you sign up for an account, we are able to see all content you post (including DMs with other users) and your email address.
- In the case of Mastodon only, we can also see your IP address. This is retained for 12 months. We would like to shorten this in the future.
Other data collected
- If you contact us directly - such as emailing us or interacting with our Mastodon or PeerTube instances - we will see some limited information about you such as the content of the message and your email address/Fediverse handle, etc. Please see the privacy policy of the platform you’ve chosen to contact us on for more information on how they handle your data.
How we use this data
- To understand how visitors access the site to better optimize the website and services of the hosting provider. (For example, do we have a lot of mobile visitors? What browser engine are people using?)
- To understand how the site is performing (if we are seeing more or less visitors on average, which pages are the most popular, etc).
- To diagnose and debug technical problems and errors.
- To defend & protect the website and services from abuse.
Who has access to your data
We use 1984 Hosting (1984 ehf) for our hosting service. Therefore both 1984 Hosting and The New Oil Media have access to user data.
The New Oil Media LLC operates on the “Principle of Least Privelege.” Moderators on a specific service may have limited access to some of your data depending on what the service allows, but will not have access to other services they don’t need access to (such as server logs).
When is your data shared
The New Oil Media LLC and its members & volunteers will never share any of the data listed above except in the following conditions:
- The total unique number of visitors on the main website (thenewoil.org) each year is shared in January as part of The New Oil Media, LLC’s annual transparency report.
- Umami Analytics are shared in realtime for the main website (thenewoil.org) here.
- The New Oil Media LLC is US based corporation and will comply with any legally binding orders from US law enforcement or government agencies for user data.
Where is your data stored and how do we protect it
Where is your data stored
Your data is stored with 1984 Hosting (1984 ehf) which is based in Iceland. We do not control those data centres and therefore do not have control over the physical security of your data.
How do we protect your data
The New Oil Media LLC attemps to protect the information of its users and visitors as best as possible. We require all volunteers (such as moderators) and employees to use the most modern and up-to-date available security features (e.g. strong, unique passwords and two-step verification/authentication). All servers are hardened in accordance with recommendations from trusted technical advisors and relevant/trusted authorities including government bodies and policymakers. Servers are not encrypted.
GDPR (The General Data Protection Regulation) Compliance
European’s rights under the GDPR
- The Right to Access. (Article 15 of the GDPR, link)
- The Right to Rectification. (Article 16 of the GDPR, link)
- The Right to Erasure. (Article 17 of the GDPR. link)
- The Right to Restrict Processing. (Article 18 of the GDPR, link)
- The Right to Data Portability. (Article 20 of the GDPR, link)
- The Right to Object. (Article 21 of the GDPR, link)
- The Right to Lodge a Complaint with a Supervisory Authority. (Article 77 of the GDPR, link)
While the rights above are only legally guaranteed for European citizens, we attempt to be as respectful of your data as possible. Unless otherwise prohibited by law, we will gladly comply with requests for data correction, erasure, etc where possible.
GDPR Contact
European Data Protection Board
- Website: https://edpb.europa.eu/edpb_en
- Email: edpb@edpb.europa.eu
- Wiki: https://en.wikipedia.org/wiki/European_Data_Protection_Board
European Data Protection Supervisor
- Website: https://edps.europa.eu/_en
- Email: edpb@edpb.europa.eu
- wiki: https://en.wikipedia.org/wiki/European_Data_Protection_Supervisor
Finding a supervisory authority
Please use the following link to find your country’s supervisory authority https://edpb.europa.eu/about-edpb/board/members_en
CCPA (California Consumer Privacy Act) Compliance
California Consumers’s rights under the CCPA
- The Right to Know. (selection C, paragraph 1-6, link)
- The Right to Delete. (selection E, paragraph 1-8, link)
- The Right to Opt-Out. (selection B, paragraph 1-8, link)
- The Right to Non-Discrimination. (selection F, paragraph 1-1, link)
While the rights above are only legally guaranteed for California citizens, we attempt to be as respectful of your data as possible. Unless otherwise prohibited by law, we will gladly comply with requests for data, correction, erasure, etc where possible.
CCPA Contact
Attorney General
- Website: https://www.oag.ca.gov/privacy/ccpa
- Form: https://www.oag.ca.gov/contact/general-comment-question-or-complaint-form
- wiki: https://en.wikipedia.org/wiki/Attorney_General_of_California
File a CCPA Complaint
Please use the following link to file a CCPA (California Consumer Privacy Act) complaint with the attorney general’s office in California: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company
Communications with The New Oil Media LLC
Your communications with The New Oil Media LLC such as support requests, bug reports, feature requests, personal question, etc will be covered here.
Processing of Contact Information
Processing of this information is in our legitimate interest. We process and keep a record of your communications with The New Oil Media LLC to better protect ourselves legally, to troubleshoot and improve security, to improve the site based on user questions, support, & feedback and to better manage and coordinate with members & volunteers from The New Oil Media LLC.
Retention of The Communications
All communications with The New Oil Media LLC in an official capacity are retained indefinitely unless otherwise noted. All communications in official capacity with The New Oil Media LLC may be set to expire by the sender of said message. The sender of said message may also request to have their official communications with The New Oil Media, LLC’s be deleted (by sending an email to one of the email addreses below) except where required to be retained by law.
Confidentiality of The Communications
Communications with The New Oil Media LLC and its members & volunteers are kept with the utmost confidentiality and shall not be shared with anyone else besides The New Oil Media LLC and its members & volunteers except under two conditions. The first is with express, written consent of the message sender. The second is if The New Oil Media, LLC’s message holder(s) are legally obliged to do so by a valid court order of their respective jurisdictions. Consulting communications will not be shared with any internal members of The New Oil LLC without a valid legal order or the consent of the client, as outlined in the consulting contract. All official communications with The New Oil Media LLC via email are stored with zero access (zero knowledge) email provider(s) to better help protect our communications.
Security of The Communications
All of The New Oil Media, LLC’s members & volunteers use all available security measures. All communications by default should not be considered End-to-End Encrypted, but we provide different options to users (e.g. pgp, different email providers to use native encryption with, etc) to better help keep all communications between you and The New Oil Media LLC as private & secure as possible and to also comply with your preferences and threat models. Please refer to the privacy policies of these providers for additional information.
Modifications to the Privacy Policy
The New Oil Media LLC reserves the right to change this Policy at any time. We will never knowingly reduce your rights under this Policy, and if we are made aware of any addition to data collection or reduction of rights imposed by Namecheap, Inc. then we will do our best to advise and announce any changes to our privacy policy on any of our social platforms. Please note: we cannot notify individuals about every change made to this policy, because we do not collect contact information about our website visitors/users without them willingly providing it to us. We do however reserve the right to not publicly announce any minor changes to this policy, so for that reason we recommend you check this policy from time to time to see if any changes were made.
Questions & Contact
For any legal request(s), question(s), or concern(s) in regards to this policy or your data, please email us at legal(at)thenewoil.org for assistance in regards to said request(s) or concern(s) about this policy or your data.