About:Privacy: Difference between revisions
From Pharmacopedia
More actions
| [unchecked revision] | [unchecked revision] |
MDElliottMD (talk | contribs) |
MDElliottMD (talk | contribs) About:Privacy parity additions: 'What Pharmacopedia does not do' commitments block, CCPA/CPRA + GDPR sub-sections, Children section tightened to COPPA-aware language. Mirrors Oyami PRIVACY.md v0.2 structure (interface-claude diff review). |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Pharmacopedia is a medicine-reference wiki. It is operated as a small project, not a company. This page describes what Pharmacopedia collects from you, why, how long it keeps it, and what you can ask us to do with it. Plain language; if anything is unclear, ask. | Pharmacopedia is a medicine-reference wiki. It is operated as a small project, not a company. This page describes what Pharmacopedia collects from you, why, how long it keeps it, and what you can ask us to do with it. Plain language; if anything is unclear, ask. | ||
== Who runs Pharmacopedia == | |||
Pharmacopedia (PCP) is operated by Mark Elliott, MD, who is the data controller for everything you do on the wiki: your account, your edits, your profile, your assessments, your observations, and any other content you store against your account. There is no company or entity behind the site; Mark is responsible for it personally. | |||
PCP.wiki also acts as an identity provider: other apps or sites can let you sign in using your PCP account through OAuth (the same pattern as "Sign in with Google"). When you authorize one of those consumer apps, it can read the parts of your PCP data that you grant it. Each consumer app is an independent data controller for its own platform data and for what it does with the PCP data it pulls. The currently public consumer is PCPapp, the official Pharmacopedia mobile app. You can review and revoke consumer authorizations at [[Special:OAuthManageMyGrants]]. | |||
For PCP-side access, correction, or deletion requests, contact the address at the bottom of this page. | |||
== What Pharmacopedia does not do == | |||
These are commitments, not aspirations: | |||
* No analytics SDK, advertising tracker, or third-party telemetry runs on Pharmacopedia. | |||
* Your data is not sold. | |||
* No ads are shown. There are no advertisers. | |||
* No AI participant reads your edits, your profile, your assessments, or your observations to feed any external model. The site has no LLM-in-the-loop on your account. | |||
* No public rating, no leaderboard, no reputation signal is exposed about you to other users. Your edit history is public the way every wiki's edit history is public; nothing about your assessments or your private content is. | |||
== What an account collects == | == What an account collects == | ||
| Line 45: | Line 63: | ||
* Server access logs and error logs: rotated daily, kept for 14 days, then deleted. | * Server access logs and error logs: rotated daily, kept for 14 days, then deleted. | ||
* Database backups: kept | * Database backups: kept up to 7 days on the host, then up to 14 days in active off-site storage. The off-site provider retains deleted copies in a recovery layer for up to 180 additional days before permanent deletion; all copies are GPG-AES256 encrypted and the provider cannot read them. | ||
* Account data and the content you have stored against your account: kept until you ask us to delete it (see below). | * Account data and the content you have stored against your account: kept until you ask us to delete it (see below). | ||
* Page revision history is permanent, the same as every wiki; this is how attribution works. | * Page revision history is permanent, the same as every wiki; this is how attribution works. | ||
| Line 54: | Line 72: | ||
* '''Change it.''' Every field you have filled in can be edited or emptied through the page where you entered it. | * '''Change it.''' Every field you have filled in can be edited or emptied through the page where you entered it. | ||
* '''Export it.''' Email us and we will return your account data in a machine-readable form. | * '''Export it.''' Email us and we will return your account data in a machine-readable form. | ||
* '''Delete it.''' Email us and we will delete the data you have stored against your account: profile, life story, assessments, observations, medicines, diagnoses, app-sync rows, comments, feature-request entries, and similar. Your edits to wiki pages remain, with your username on them, unless you ask for a username rename as well; this is how page-revision attribution works. Encrypted backups | * '''Delete it.''' Email us and we will delete the data you have stored against your account: profile, life story, assessments, observations, medicines, diagnoses, app-sync rows, comments, feature-request entries, and similar. Your edits to wiki pages remain, with your username on them, unless you ask for a username rename as well; this is how page-revision attribution works. Encrypted off-site backups are removed from active storage after 14 days. The off-site provider keeps deleted files in a recovery layer for up to 180 additional days, during which the encrypted bundle may remain recoverable by the account operator; after that window the bundle is permanently deleted. The backup is GPG-AES256 encrypted at all times; the off-site provider cannot read it. | ||
For any of the above, email '''info@pharmacopedia.wiki'''. | For any of the above, email '''info@pharmacopedia.wiki'''. | ||
=== If you are in California (CCPA / CPRA) === | |||
You additionally have the right to know the categories of personal information collected, the right to opt out of sale or sharing (Pharmacopedia does not sell or share personal information for cross-context behavioral advertising; there is no sale to opt out of), the right to limit use of sensitive personal information, and the right to non-discrimination for exercising these rights. Assessment data, particularly clinical-scope assessments, is sensitive personal information under CPRA. The categories collected are listed in "What an account collects"; retention periods are in "How long things are kept." | |||
=== If you are in the EU, UK, or another GDPR-aligned jurisdiction === | |||
The same baseline rights apply, framed as your GDPR rights of access, rectification, erasure, restriction, portability, and objection. The legal basis for processing is your consent (for the account itself and for any assessment storage) and Pharmacopedia's legitimate interest in running the medicine-reference wiki you signed up for. There is no automated decision-making with legal effects. International data transfers from the EU/UK to the United States, where Pharmacopedia's servers live, are made under appropriate safeguards (standard contractual clauses or successor mechanisms). | |||
== Children == | == Children == | ||
Pharmacopedia is for mature audiences and limited to adults (18+) in this version. Personal information is not knowingly collected from anyone under 13. A separate posture for users between 13 and 17 is being developed; until that is published, no one under 18 should use Pharmacopedia. If a child under 13 has provided personal information, contact info@pharmacopedia.wiki and it will be deleted. | |||
== Details == | == Details == | ||