User submitted information
Rockstor uses the information provided by users to support its products and services by directly communicating with users. We do not share user information with any third party service provider other than Shopify, who host our subscription store front.
Our Shopify hosted Store Front
- “Limit data collection for EU buyers is Activated.”
- “Limit data collection for California buyers is Activated.”
See Shopifies help page entitled Cookies and customer tracking for related information and for an explanation of our above shop settings.
Regardless we also have the recommended California Consumer Privacy Act (CCPA) opt-out page. Assumed redundant given our configuration.
We then only use/store, on our own servers (located in the EU), the following non-personal information: order id & name (eg 1234567890 & #2034), date of purchase, subscription length, discount code if used, appliance id, arbitrary computer name (if later entered in Appman), and renewal reminder sent status. However, to fulfill the function of sending the required activation code and later subscription renewal reminder, associated with our subscription service, we also store and use the email associated with each Shopify managed order as login id at our Appliance ID manager site. Our Appliance ID manager home page has additional information on expected email frequency and purpose.
Requests for erasure of information entered in our store front, as per GDPR’s “Right to Erasure” are as per our forum instructions below in the paragraph beginning “Requests for erasure”.
Appliance ID Manager (Appman)
Our Appliance ID manager service, subdomain “appman”, sets a non-personal persistent cookie (csrftoken) on every form/input page. This is solely to enhance security. Two additional non-personal session-only cookies (messages, sessionid) are set upon login for their namesake purpose. All 3 are: non-tracking, first-party (set by this site), and required for this site’s intended functions: and thus considered ‘strictly necessary’: ICO link. As such, via ICO guidelines, we are assuming PECR and GDPR (see below) compliance. Please note that these 3 cookies will be stored in your browser’s cache.
Default web server logs are enabled. As such the potentially personally identifiable information of visiting client IP addresses, when combined with other information, as per the GDPR, is recorded in these logs. These logs are rotated periodically as per default OS settings and so this information is not kept indefinitely.
Requests for erasure of information entered in Appman, as per GDPR’s “Right to Erasure” are as per our forum instructions below in the paragraph beginning “Requests for erasure”.
The lawful basis assumed, under GDPR, for the collection of visitors IP addresses on our Appman subdomain site, via default web server logs, is that of legitimate interest of protecting our users access to this site’s content and resources, as well as protecting our hosting infrastructure from attacks.
Our “forum” subdomain uses the Discourse open source software and requires no cookies to operate if not logged in. Post login, there are only session cookies and non-personal persistent cookies that are non-tracking, first-party (set by the forum site itself) and required for the forum’s core functions. The current list of default cookies, maintained by a Discourse co-founder, is detailed in the following meta discourse forum thread. Our instance of Discourse, in common with all our other sites, does not have Google Analytics (GA) enabled and runs no additional personalized content or ads; and so has no additional associated cookies or information sharing. All cookies are thus considered ‘strictly necessary’ for our forums core functions. We also do not use forum emails for any non forum-related activity. Also note that our “log anonymizer details” option is unset so as not to keep a user’s details in the log after they are anonymized; as our part in our members’ GDPR “Right to Erasure”.
Requests for erasure should be directed, via forum private message (PM), to a moderator or above forum members. We are required, via the GDPR, to keep these PM erasure requests by way of documenting this erasure process. Background reference: Your Discourse forum and the GDPR.
The lawful basis assumed, under GDPR, for our use of forum members email is to fulfill the implied contract of a forum sign-up: that of a shared community ‘hub’ where discussion content can be optionally emailed to members.
The lawful basis assumed, under GDPR, for the collection of visitors IP addresses is that of legitimate interest of protecting our members content and our hosting infrastructure from spam and attacks.
Main Web Site
Our ‘Main site’, rockstor.com (no subdomain), hosts our documentation, rock-ons, and our main web page. No user-submitted information is requested or stored and no cookies are used. Default web server logs are enabled as per our Appliance ID Manager site detailed above.
The lawful basis assumed, under GDPR, for the collection of visitors IP addresses on our main site, via default web server logs, is that of legitimate interest of protecting our users access to this site’s content and resources and protecting our hosting infrastructure from attacks.
In the past we used Google Analytics (GA) on: this site (rockstor.com), our documentation, our forum, and our shop. We no longer use Google Analytics on any of our sites. However, GA-related cookies are persistent in browser cache and will require intervention specific to your browser to permanently remove their association with this domain prior to their intended expiration date.