Privacy policy

1. Introduction

At Activist.org, we are dedicated to providing a secure and anonymous platform for activists worldwide. Our mission is to empower individuals and organizations to exercise their rights to free speech and assembly without fear of surveillance or reprisal. Privacy is not just a feature for us; it is the cornerstone of our platform.

Activist.org is currently operated by CC&P, registered temporarily at the address of Impact Hub Berlin. We are in the process of establishing a formal association in Switzerland, a country renowned for its strong constitutional protections of privacy and free speech.

We exclusively partner with organizations that have a proven track record of defending free speech and anonymity. We believe that safeguarding your privacy is paramount in protecting you from adversaries, whether they are oppressive governments, private sector actors, or other groups seeking to infringe upon your rights.

2. Data Controller

The legal entity responsible for data processing at Activist.org is CC&P (full legal name pending upon formal registration in Switzerland). For any inquiries related to data protection, please contact:

• Email: security@activist.org

Our dedicated data protection team handles all queries related to your personal data. We encourage users to reach out with any concerns or questions they may have.

3. Personal Data Collected

We are committed to collecting the minimal amount of personal data necessary:

• Account Creation: You can create an account without providing any personal information, such as an email address.

• User Advice: We strongly advise users to utilize VPN services to enhance their privacy and security while using our platform.

• User Content: We caution users against sharing personal data like names, addresses, or any identifying information within the platform.

Data Collected Through Forms:

• Formbricks (Self-Hosted): When you participate in user testing or request access to the platform, we may collect information through forms powered by Formbricks, which we host ourselves. The data collected may include contact information (e.g., email address) and any additional information you choose to provide. This data is used solely for the purposes specified at the time of collection and is stored securely on our servers.

Interaction via Third-Party Platforms:

• Social Media (Instagram and GitHub): We maintain a presence on social media platforms like Instagram and GitHub. If you interact with us through these platforms—such as following our accounts, commenting on posts, or contributing to our GitHub repositories—your interactions are subject to the privacy policies of the respective platforms. We do not collect or store personal data from these interactions unless explicitly provided by you.

Communication Platforms:

• Element on Matrix.org: Currently, we use Element on the Matrix.org instance to facilitate communication. While we do not control Matrix.org's servers, we are committed to ensuring the privacy of our communications. We aim to migrate to a self-hosted version of Element, hosted in Switzerland, to enhance security and privacy. Please be aware that any data transmitted through Matrix.org is subject to their privacy policies until we complete this migration.

Automatic Data Collection:

• We use Plausible Analytics for website traffic analysis. Plausible is a privacy-focused tool that does not use cookies or collect personal data. It provides us with aggregated insights without compromising individual user privacy.

We do not collect any sensitive personal data unless explicitly provided by you, and we ensure all data collection complies with legal standards.

4. Purpose of Data Processing

Our purposes for processing personal data are limited to:

• Providing Services: To operate and maintain the platform efficiently, including facilitating user testing, processing access requests, and engaging with our community on social media and collaboration platforms.

• Security: To enhance the security of our platform and protect against malicious activities.

• Communication: To respond to inquiries, feedback, or contributions made via Formbricks forms, social media platforms, or GitHub.

We process data based on legitimate interests and user consent where applicable. We do not engage in automated decision-making or profiling. Marketing communications are not conducted unless explicitly requested by the user.

5. Data Sharing and Disclosure

• Third Parties:

  • Hosting Providers: All data, including that collected via Formbricks, is securely hosted on our servers with FlokiNET in Iceland.

    About FlokiNET:

    FlokiNET is a hosting provider committed to freedom of speech, privacy, and anonymity. They offer secure and reliable hosting services in jurisdictions with strong legal protections for data privacy. By partnering with FlokiNET, we ensure that your data is stored in a location that respects and upholds your rights to privacy and free expression.

  • Social Media and Third-Party Platforms: Interactions on Instagram, GitHub, and Matrix.org are subject to the privacy policies of those platforms. We do not extract or store personal data from these platforms unless you provide it directly to us.

• Legal Obligations: In the event of a legal requirement, we will scrutinize all requests and only comply if mandated under the applicable laws of Switzerland or Iceland.

• Law Enforcement Requests: We handle all data requests from law enforcement with utmost care, ensuring compliance with legal procedures while prioritizing user privacy.

Upon our registration as a Swiss association, we will operate under Switzerland's robust constitutional protections for privacy and free speech. Iceland also offers strong legal safeguards for data protection. None of our representatives reside or work in Switzerland or Iceland, further enhancing the security of your data.

6. International Data Transfers

• We do not transfer user data outside the jurisdictions of Switzerland or Iceland.

• All data is stored on servers hosted by FlokiNET in Iceland, a country recognized for its stringent data protection laws.

• FlokiNET's commitment to privacy aligns with our mission to protect user data from unauthorized access and surveillance.

Should any data transfer outside these countries become necessary, we will implement EU-approved mechanisms such as Standard Contractual Clauses to ensure adequate protection.

Our data transfer practices are regularly reviewed to maintain compliance with international privacy standards.

7. Data Security

We have implemented comprehensive measures to protect your data:

• Technical Measures:

  • Secure Hosting with FlokiNET: Our partnership with FlokiNET ensures that our servers benefit from their robust security infrastructure, including protection against Distributed Denial of Service (DDoS) attacks and unauthorized access.

  • Encryption: We employ state-of-the-art encryption protocols to safeguard your data during transmission and storage.

  • Regular Security Assessments: We conduct frequent security audits to identify and mitigate potential vulnerabilities.

• Organizational Measures:

  • Access Controls: Strict policies limit access to personal data to authorized personnel only.

  • Employee Training: Team members undergo regular training on data protection and privacy best practices.

  • Incident Response Protocols: We have established procedures to respond promptly and effectively to any security incidents.

• Data Breaches: In the unlikely event of a data breach, we will promptly notify affected users and relevant authorities as required by law.

• Audits: Security measures are audited regularly with the assistance of trusted volunteer partners specializing in cybersecurity.

8. Data Retention

• Retention Criteria: We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy.

• User Notification: Retention periods are communicated to users through this privacy policy.

• Data Deletion: Procedures are in place to securely delete or anonymize data that is no longer needed.

• Compliance: We ensure data is not retained longer than necessary in accordance with legal and regulatory requirements.

9. User Rights

Under the GDPR and other applicable laws, you have the right to:

• Access Your Data: Request a copy of the personal data we hold about you.

• Correct Your Data: Request corrections to any inaccurate or incomplete data.

• Delete Your Data: Request the deletion of your personal data.

• Restrict Processing: Object to or request the restriction of processing your data.

• Data Portability: Request a copy of your data in a commonly used format.

We have systems in place to facilitate these requests promptly and efficiently.

10. Cookies and Tracking Technologies

• Cookies Used: We only use Plausible Analytics, which does not rely on cookies.

• Purpose: Plausible provides us with aggregate website traffic data without tracking individual users.

• User Control: Since we do not use cookies or invasive tracking technologies, no action is required from users to manage or opt-out.

11. How to Exercise Rights

• Procedure: To exercise your rights, please contact us at security@activist.org.

• Response Time: We aim to process all requests within 30 days.

• Fees: There are no fees associated with exercising your rights.

• Identity Verification: We may request additional information to verify your identity before processing your request.

12. Updates to the Privacy Policy

• Review Frequency: This privacy policy is reviewed annually or when significant changes occur.

• User Notification: Changes will be communicated via prominent notices on our website or direct communication.

• Advance Notice: For significant changes, we will notify users at least 30 days in advance.

• Policy Archives: Previous versions of the privacy policy are archived and available upon request.

• Data Handling: User data collected under previous policies will continue to be handled in accordance with the terms under which it was collected unless explicit consent is obtained for new terms.

13. Contact Information

For any questions or concerns regarding your privacy:

• Email: security@activist.org

Our data protection team is dedicated to addressing your inquiries promptly, typically within 7 business days. We are working towards offering support in multiple languages to better serve our global user base.