1. What information do we collect about you?
When you visit our Website(s)
We do not collect information about you, your device or your internet connection such as IP address when you visit our Websites and we also do not use any cookies or other tracking technologies. We only collect aggregate information about the subpages of our Websites that are being visited in general from which country, at what time and which links lead you to our page. All this information is separated and not linked in one dataset to make it difficult to single out individual users.
The reason why we collect this information is to optimize our internet presence as well as for internal statistical purposes. It is within our legitimate interest to process such information to offer you well-functioning Websites.
To collect the information mentioned above, we use Fathom Analytics. Fathom Analytics is a website analytics software that tracks and reports aggregate Website traffic without compromising on your privacy. Fathom only reports on aggregates, so no information specific to the Website visitor is ever tracked or recorded. You can opt-out of tracking by the Fathom software by enabling “Do Not Track” in your browser settings. For more information, see their data collection policy: https://usefathom.com/data/
Unfortunately, today’s web is ill-suited at protecting your connection metadata and therefore some personal metadata such as your IP address, from where you access our Websites, when and using what devices and software does leak to a range of third parties. At HOPR, we are using state of the art web technologies and services that get access to such information which is completely normal for a modern web technology stack. Specifically, the following third parties get access to some personal connection metadata:
- Before you see our Websites, you enter the domain name such as hoprnet.org in your browser. This domain name is resolved into an IP address using the Domain Name System (DNS). Your browser will contact a DNS cache server that is managed by your internet service provider or a third party such as Cloudflare or Google. These DNS cache servers might log your request and learn your IP address and what domain you are about to access. The logging policies of these third parties are out of our control and we must therefore warn you that you are likely to be logged somewhere, potentially also from the USA.
- After resolving our domain name into an IP address, your browser is requesting our website from the webserver at the indicated IP address. That means, your internet service provider (ISP) and related intermediaries are able to see and potentially store logs about the fact that your IP address accessed our website at the given time. They also know what other web services you and everyone else connected to the same router were accessing before and after that.
- To improve the performance and availability of our Websites we are using the popular Content Distribution Network Cloudflare. Cloudflare is storing a cached version of our Websites and delivers it to you. Just like DNS cache servers and your ISP, the IP logging policy of Cloudflare is out of our control and you should assume that Cloudflare knows when you accessed our website and from where.
- Before our content gets cached by Cloudflare, it is hosted by Vercel. Thus, when accessing our Websites, your content might also get served by Vercel and Vercel is able to see and potentially store logs about the fact that your IP address accessed our website at the given time.
- Some parts of our Websites’ content are directly loaded from your browser. That means that the parties behind the webservers from which that content is loaded might also see and log your IP address and learn that you are loading content from them that is related to HOPR. Specifically, our Websites load content from the following sources:
A. Google is serving some fonts that are used on our Websites and for performance reasons we are loading them directly from Google servers so Google gets to know when and from where you are loading these fonts.
B. Substack is our email newsletter service and when you sign up for the newsletter, Substack sees not only your personal email address but also the IP address from where you are sending the request.
C. Medium is our blog service provider and as the blog is automatically integrated in our website, Medium learns about your IP address when that HOPR-specific content is loaded by your browser.
D. YouTube (by Google) serves HOPR videos and by integrating these videos in our website, they learn about your IP address when that HOPR-specific videos are loaded by your browser.
When you register for our newsletter
When you register for our newsletter, we collect your email address.
We use “double-opt-in” in order to ensure you are the owner of the email address entered. We only use this data for the delivery of our newsletter if you have agreed to receive it. You can unsubscribe from our newsletter at any time via a link in each respective e-mail. You can also send us a message to firstname.lastname@example.org so that we can delete you from our mailing list. We will send you our newsletter based on your consent.
We use MailJet for our newsletter that is provided by MailGun Technologies, Inc. Further information and the applicable data protection provisions can be retrieved from https://www.mailjet.com/privacy-policy/.
When you run a node and interact a HOPR Association managed node address
When you are running a node on the HOPR testnets and interact with any node run by the HOPR Association, we automatically receive your IP address, and all messages you send to the node, including low level error messages your interaction with the node generates and the technical output of your node, that we will store on our server to debug the HOPR software protocol, identify errors and make improvements to the project as a whole. It is within our legitimate interest to process such information to improve the HOPR software protocol and enable you to run a node on a well-functioning network.
When you run a node
By starting a node of the HOPR network (including the HOPR testnets), you will be connected to our bootstrap ping node that collects your IP address and connects you to other nodes of the HOPR network. The collection of such information is required so that we can connect you with other HOPR nodes. The lawfulness of the data processing for this purpose lies in the fulfilment of our commitment to you to enable and connect you to the HOPR network.
When you provide feedback or engage in bounties via online forms
We sometimes ask HOPR users to voluntarily provide feedback or engage in bounties for which you then provide feedback via online forms. These online forms might contain personal information from log files that include folder names which might include your username on your computer which might reveal your personal name and your IP address. We sometimes also ask you to provide your Twitter username. The collection of such information is required to improve the HOPR network.
2. Are we sharing information with third parties?
We use your information only described in this privacy statement. We do not share your information with third parties except when it’s necessary to complete the functions of our Website(s), to offer you our newsletter, enable you to interact with other HOPR nodes operated by the HOPR Association and to connect you with other nodes of the HOPR network though the bootstrapping node.
We will only disclose your information if we are compelled to do so by mandatory applicable law and only to the minimum extent possible.
3. Do we transfer information abroad?
We are entitled to transfer your information to third parties (contracted service providers) abroad for the purpose of the data processing described in this privacy statement. These are bound to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we will contractually ensure that the protection of your information corresponds to that in Switzerland or Europe at all times.
4. Data surveillance by US authorities is a risk that we try to limit
For the sake of completeness, if you are residing or domiciled in Switzerland, we would like to point out that in the USA there are surveillance measures by US authorities which generally allow them to get access to all information that has been transferred from Switzerland to the USA. This is done without differentiation, limitation or exemption based on the objective pursued and without any objective criterion that would allow limiting the access to the information and subsequent use thereof by US authorities to very specific, strictly limited purposes that could justify the interference associated both with access to and use of information. In addition, we would like to point out that in the USA there are no legal remedies available for the persons concerned from Switzerland that would allow them to gain access to the information concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw your attention to this legal and factual situation in order to enable an informed decision to consent to the use of your information.
We would like to point out to users residing in an EU member state that, from the point of view of the European Union, the USA does not have an adequate level of data protection, partly due to the issues mentioned in this section. In so far as we have explained in this privacy statement that recipients of data (such as Google) are based in the USA, we will ensure that your information is protected at an appropriate level by our service providers, either through contractual arrangements with these companies or any other permitted instrument.
5. What are your rights on your information?
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects.
You can view, edit, or delete your information for the newsletter online. For any other data, please get in touch with us. If you wish to confirm that we are processing information about you, or to have access to information that we may have about you, please contact us at email@example.com. Reasonable access to your information will be provided at no cost to you by us. If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.
You may also request information about: the purpose of the processing; the categories of information concerned; who else outside us might have received the data from us; what the source of the information was (if you did not provide it directly to us); and how long it will be stored. You have a right to correct (rectify) the record of information about you maintained by us if it is inaccurate. You may request that we erase that data, cease or restrict processing it, subject to certain exceptions. In case of automated decision making, including profiling, you may request human intervention or challenge a decision.
In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your information. When technically feasible, we will—at your request-provide your information to you or transmit it directly to another controller.
6. How do we keep your information safe?
We have put in place systems to safeguard the information you provide to us. We will never provide access to our databases to any third party, except to the extent necessary as described in section 2 (are we sharing information with third parties?).
7. How long do we keep your information?
We process and store the information about you only for the period necessary to achieve the purpose of storage, or as far as this is granted by laws or regulations to which we are subject to. The criteria used to determine the period of storage of your information is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the information is routinely blocked or erased in accordance with legal requirements.
8. Who is responsible?
The controller of the processing of your information is:
c/o Froriep Legal AG
Bellerivestrasse 201, 8008 Zürich, Switzerland