32

The privacy policy at the bottom of the page states:

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of Our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

TL;DR according to this, if the Ovarit site can log it, it probably is logging it.

The only information in the privacy policy about how long this data is kept says (emphasis mine):

Ovarit will retain Your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your personal information to the extent necessary to comply with Our legal obligations (for example, if We are required to retain Your data to comply with applicable laws), resolve disputes, and enforce Our legal agreements and policies.

Ovarit will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

So here's question one: how long is "as is necessary"? A few days? Weeks? Months? Forever?

Additionally, if a user wants to delete their (😱) account, the privacy policy states:

Subject to certain exceptions set out below, on receipt of a verifiable request from you, We will:

  • Delete Your personal information from Our records

but from what I've seen, when a user deletes their account, their posts and comments still remain intact.

So question two: if a user wants to completely delete their data from the service, and doesn't have the protection of California or the GDPR, how would they go about doing that without manually clicking "delete" on every post and comment? Seems kinda disingenuous for the button to say "Delete my account" but nothing actually gets deleted server-side except for login credentials.

The privacy policy at the bottom of the page states: > Usage Data is collected automatically when using the Service. > Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of Our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. > When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. TL;DR according to this, if the Ovarit site *can* log it, it probably *is* logging it. The only information in the privacy policy about how long this data is kept says (emphasis mine): > Ovarit will retain Your personal information **only for as long as is necessary for the purposes set out in this Privacy Policy.** We will retain and use Your personal information to the extent necessary to comply with Our legal obligations (for example, if We are required to retain Your data to comply with applicable laws), resolve disputes, and enforce Our legal agreements and policies. > Ovarit will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods. So here's question one: **how long is "as is necessary"?** A few days? Weeks? Months? Forever? Additionally, if a user wants to delete their (😱) account, the privacy policy states: > Subject to certain exceptions set out below, on receipt of a verifiable request from you, We will: > - Delete Your personal information from Our records but from what I've seen, when a user deletes their account, their posts and comments still remain intact. So question two: **if a user wants to completely delete their data from the service, and doesn't have the protection of California or the GDPR, how would they go about doing that without manually clicking "delete" on every post and comment?** Seems kinda disingenuous for the button to say "Delete my account" but nothing actually gets deleted server-side except for login credentials.

4 comments

When a user deletes their post or comment then deletes their account, previously deleted content is deleted from the database. Note that you need to delete the post or comment before deleting your account. There is not currently an option to easily delete all your submissions without going through your history.

IP addresses are logged and those logs are deleted after a month. We could change that someday or not depending on the ban evasion we deal with. We don’t log anything else.