diff --git a/PRIVACY.md b/PRIVACY.md index 330bc8d..30233cd 100644 --- a/PRIVACY.md +++ b/PRIVACY.md @@ -8,7 +8,7 @@ Thank you for using CrowdTLS! This Privacy Policy explains how I collect, use, a The addon collects collect the following information: -### SSL/TLS Certificate Data +### SSL/TLS Certificate Data for Domains I collect SSL/TLS certificate data associated with the fully qualified domain names (FQDNs) of the websites you visit. This data includes information exposed by security information APIs, such as `webRequest.getSecurityInfo()` for Mozilla Firefox. Please note that these APIs are managed by the browser developer (e.g., Mozilla, Microsoft, Apple, Opera) and are subject to their security and privacy practices. This explicitly does not include data associated with requests you've made to these services such as URL paths, query parameters, authentication information, cookies, or anything unrelated to the certificate data the server sends you to verify they own the domain you are visiting. If you are browsing sites which use internal, self-signed certificates, any information included in those certificates will be sent to CrowdTLS. The content of the certificates will not be accessible by CrowdTLS end users. @@ -16,7 +16,7 @@ If you are browsing sites which use internal, self-signed certificates, any info **TL;DR: I collect ONLY certificate data sent to you by the web domains you visit.** ### Metadata -I log metadata associated with the traffic necessary to share the SSL/TLS certificate data with our crowd service. This minimally includes the external IP address of your internet connection (or VPN) and potentially other uncontrollable HTTP headers or web socket connection information. I do not enrich this data with the addon, but simply write normal connection metadata to a log file for review. +I log metadata associated with the traffic necessary to share the domain names and SSL/TLS certificate data with our crowd service. This minimally includes the external IP address of your internet connection (or VPN) and potentially other uncontrollable HTTP headers or web socket connection information. I do not enrich this data with the addon, but simply write normal connection metadata to a log file for review. **TL;DR: I technically collect metadata, such as your browser's external IP address and other standard internet connection metadata, which enables the sharing of SSL/TLS certificate data.**