Privacy policy wording
- Thread starter Alvin63
- Start date
ENF
Well-known member
You're meant to change this, you shouldn't be relying on the default privacy policy.
Ideally, you'd have a professional privacy policy written (by yourself or a legal team) to the accordance of your local requirements/laws.
(Edit the
privacy_policy_text phrase for the content of your policy)
ENF
Well-known member
It's a default template with general considerations. You don't really need a legal team to write one if you're not doing anything crazy.
If you're making a reasonable attempt to protect the data entrusted to you, then you can write some generic information about how you collect and use the data.
If you're using a reputable host, then they should have some level of compliance (SOC, ISO, etc.) on how their IT controls are implemented to operate, maintain and monitor their infrastructure. You can partially rely on this in your own privacy policy (for example).
If you were to be sued by someone, how would your privacy rules hold up? or your terms and conditions if you have one?
It really just depends on what level of risk you're operating at and what you're storing or collecting from users/visitors of your site(s).
Edit: Also, please note that some (not all) addons that have privacy considerations, will insert their own text where applicable when you install their addons. (An example is where they will add cookie usage notices in
../help/cookies/, which is linked in the privacy policy page (default).)
Last edited:
ENF
Well-known member
It is not and that's not what that statement means. Typically, even in major production centers a LOT of data is NOT encrypted.
This is because other controls are in place that are operating effectively prevent unauthorized access to that is not encrypted.
The connection between clients and servers should be encrypted, but most software does not store content in an encrypted manner.
Things like passwords are hashed, but in the case of xenForo, all other content (user data, posts, dm's) is not encrypted. And that's the way most software works aside from xenForo.
ENF
Well-known member
Stop relying on AI... hashing passwords, yes, server encryption, no. I cannot speak to their cloud instances, but I don't think those are directly encrypted either. End users can adjust security settings as they see fit, but I have yet to come across a fully encrypted xenForo installation from back to front and vice versa.
I think at least, everyone is at least running HTTPS for client/server connects and I've see some people enable additional settings on ElasticSearch nodes.
You as the end operator, just need to employ reasonable protections when it comes to access to your user data and just remember that the weakest link is usually human-based. (poor passwords/passphrase choices, not implementing 2FA and lack of monitoring) -- As mentioned above, some layers of this should be provided by your host, unless you're using a VPS and then they can only cover the physical host machine where the VPS is hosted on.
Last edited:
That was on the server webpage.Similar threads
