Legal / Compliance

Data Privacy Protocol

Last Updated: October 15, 2023. This document outlines the strict parameters of data collection, retention, and user rights within the Validly ecosystem.

Contact Data Officer

Abstract visualization of encrypted data streams and privacy shields

1. Data Collection: Minimalist Protocol

Validly operates on a principle of data minimalism. We collect only the information strictly necessary to facilitate membership, deliver content, and maintain the integrity of our archive.

When you access The Index or our digital archive, we automatically collect standard server logs including IP addresses, browser type, and operating system to prevent DDoS attacks and ensure server stability. If you register for an account, we collect your name, email address, and a hashed password. We do not collect sensitive biometric data, political affiliations, or financial information beyond what is required for payment processing via secure third-party gateways.

01 / FUNCTIONALITY

Membership Access

Email addresses are used solely for account verification, password recovery, and the delivery of the "Weekly Integrity Report" to subscribers.

02 / ANALYTICS

System Optimization

We utilize anonymized aggregate data to track page load speeds and archive retrieval times, ensuring the platform remains fast and reliable for researchers.

03 / SECURITY

Integrity Monitoring

Data is analyzed in real-time to detect automated scraping or coordinated bot activity that could compromise the availability of our open-source tools.

2. Third-Party Infrastructure

We rely on a curated list of essential service providers to maintain Validly. We do not share your personal data with advertising networks or data brokers.

Hosting & CDN AWS CloudFront

Payments Stripe

Newsletter Mailgun

Analytics Plausible

3. Your Rights (GDPR & CCPA)

Validly respects the sovereignty of your digital footprint. Whether you are located in the European Union or California, you retain full control over your data.

RIGHT TO ACCESS

Data Portability

You may request a downloadable JSON or CSV file of all personal data we hold on record at any time.

RIGHT TO ERASURE

The "Right to be Forgotten"

Submit a deletion request to permanently remove your account and associated metadata from our active servers.

OPT-OUT

Marketing Communications

Unsubscribe from non-essential communications via the link provided at the bottom of every email.

Data Governance

Questions regarding this policy or requests for data removal should be directed to our Data Protection Officer.

Email DPO