COPPA/HIPAA: draft pending submission

sections/legal/dmca.php

@@ -8,7 +8,7 @@ View::show_header('DMCA');
 
 <section class="tldr">
   <p>
-    <em>If</em> you're a copyright owner or agent of one,
+    <em>If</em> you're a copyright owner or an agent of one,
     <em>and</em> you believe that user-generated content (UGC) on the domain
     https://biotorrents.de infringes your copyrights:
     <em>then</em> you may notify our Digital Millennium Copyright Act (DMCA) agent in writing.
@@ -46,18 +46,18 @@ View::show_header('DMCA');
     </li>
 
     <li>
-      Information reasonably sufficient to permit BioTorrents.de to contact you,
+      Information reasonably sufficient to permit us to contact you,
       such as an address, telephone number, and email.
     </li>
   </ul>
 
   <p>
     Because a high percentage of DMCA takedown notices are invalid or abusive,
-    BioTorrents.de reserves the right to ignore requests for unregistered works.
+    Omics Tools LLC reserves the right to ignore requests for unregistered works.
   </p>
 
   <p>
-    BioTorrents.de authenticates all valid requests.
+    We authenticate all valid requests.
     As a stopgap pending investigation,
     access to the targets of valid requests will be expeditiously disabled.
   </p>
@@ -85,7 +85,7 @@ View::show_header('DMCA');
 
     <li>
       Requests signed by other means than Ed25519 or RSA 4096,
-      or encoded in other formats than UTF-8 or ASCII plaintext.
+      or encoded in other formats than UTF-8 or ASCII.
     </li>
 
 

sections/legal/privacy.php

@@ -61,16 +61,16 @@ View::show_header('Privacy'); ?>
 
   <p>
     We only use your data to manage your account and administer the site.
-    We never sell or otherwise provide data to third parties, except under subpoena.
+    We never sell or otherwise provide data to third parties, except by authenticated subpoena.
   </p>
 
   <p>
     All data read, written, or deleted under this policy will only be managed by SQL queries,
-    and any data returned will only be provided as database dumps.
+    and any data returned will only be provided as raw output (database dumps).
   </p>
 
   <p>
-    We securely store your data in our hardened MariaDB instance.
+    We securely store your data on our hardened MariaDB instance.
     Only Unix socket connections are allowed, and certain services like IRC are denied.
     Database tools aren't accessible on the public internet.
   </p>
@@ -85,7 +85,7 @@ View::show_header('Privacy'); ?>
 
   <p>
     We'll keep your data for your account's lifetime.
-    Once this period expires, we'll delete your data by written request.
+    When that time expires, we'll delete your data by written request.
   </p>
 
 
@@ -95,13 +95,18 @@ View::show_header('Privacy'); ?>
 
   <p>
     We'd like to make sure you're fully aware of your data protection rights.
-    Every user is entitled to GDPR protections regardless of their jurisdiction:
+    Each user is entitled to GDPR protection regardless of their jurisdiction.
+  </p>
+
+  <p>
+    Please attach a screenshot of your profile page to prove account ownership for any transaction.
+    It's okay to redact sensitive data like email and passkey.
   </p>
 
   <ul class="p">
     <li>
       <strong>Access.</strong>
-      You have the right to request copies of your personal data.
+      You have the right to request copies of your data.
       We may charge a small fee for this service.
     </li>
 
@@ -113,23 +118,23 @@ View::show_header('Privacy'); ?>
 
     <li>
       <strong>Erasure.</strong>
-      You have the right to request that we erase your personal data, under certain conditions.
+      You have the right to request that we erase your data, under certain conditions.
     </li>
 
     <li>
       <strong>Restrict Processing.</strong>
-      You have the right to request that we restrict processing your personal data,
+      You have the right to request that we restrict processing your data,
       under certain conditions.
     </li>
 
     <li>
       <strong>Object to Processing.</strong>
-      You have the right to object to our processing your personal data, under certain conditions.
+      You have the right to object to our processing your data, under certain conditions.
     </li>
 
     <li>
       <strong>Data Portability.</strong>
-      You have the right to request that we transfer data we've collected to you or others,
+      You have the right to request that we transfer data we've collected to you or to others,
       under certain conditions.
     </li>
   </ul>
@@ -151,12 +156,12 @@ View::show_header('Privacy'); ?>
 
   <p>
     We strongly encourage you to use an updated browser with sandboxed tabs,
-    and to set your browser to deny disk permissions and to wipe transient data on shutdown.
+    and to set your browser to deny disk access and wipe transient data on shutdown.
   </p>
 
   <p>
     We use cookies to keep you signed in.
-    Our secure session cookie parameters include
+    Our secure session cookie parameters include:
   </p>
 
   <ul>
@@ -240,15 +245,9 @@ View::show_header('Privacy'); ?>
     gdpr at biotorrents dot de
   </p>
 
-  <p>
-    Please use
-    <a href="https://pgp.mit.edu/pks/lookup?op=get&search=0x760EBED7CFE266D7" target="_blank">GPG 760EBED7CFE266D7</a>
-    if you wish.
-  </p>
-
 
   <h3>
-    How to contact the appropriate authority
+    How to contact the authorities
   </h3>
 
   <p>
@@ -256,6 +255,52 @@ View::show_header('Privacy'); ?>
     or if you feel that we haven't satisfactorily addressed your concerns,
     contact the Information Commissioner's Office.
   </p>
+
+
+  <h3>
+    COPPA
+  </h3>
+
+  <p>
+    Omics Tools LLC doesn't knowingly collect data from under-thirteens.
+    Our terms require that all users be 18 or older.
+    If you believe a child gave out personal data on BioTorrents.de,
+    please contact us at once.
+  </p>
+
+  <p>
+    <strong>
+      Email
+    </strong>
+    <br />
+    coppa at biotorrents dot de
+  </p>
+
+
+  <h3>
+    HIPAA
+  </h3>
+
+  <p>
+    Omics Tools LLC doesn't knowingly collect data that violates patient privacy.
+    We publish guides on how to anonymize data, and our rules restrict unsanitized data.
+    If you believe that content on BioTorrents.de compromises a patient's identity,
+    please contact us at once.
+  </p>
+
+  <p>
+    <strong>
+      Email
+    </strong>
+    <br />
+    hipaa at biotorrents dot de
+  </p>
+
+  <p>
+    Please use
+    <a href="https://pgp.mit.edu/pks/lookup?op=get&search=0x760EBED7CFE266D7" target="_blank">GPG 760EBED7CFE266D7</a>
+    if you wish.
+  </p>
 </section>
 
 <?php View::show_footer();

sections/rules/rules.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 # Formerly Rules::display_golden_rules()
 $ENV = ENV::go();
@@ -17,7 +18,7 @@ View::show_header('Golden rules');
       <li>
         <strong>
           <a href="https://www.dol.gov/general/ppii" target="_blank">Personal Identifiable Information (PII)</a>
-          is not allowed anywhere on the site without specific staff approval.
+          isn't allowed anywhere on the site without explicit consent.
         </strong>
       </li>