Privacy
Summary
Changewatching collects only the data required to provide the Changewatching service.
All user data will normally be completely deleted within 28 days of deleting an account.
The only data held indefinitely is a list of URLs that have been supplied to the website. This is for a separate research project. Absolutely no user data is retained in connection with the URLs, e.g. email addresses.
Detail
User data is retained only as long as necessary and is used only for providing the Changewatching change detection and alert service. There will be no spamming, and user data will not be given or sold to anyone else for any purpose. The only exception would be in the case of a request for data from an official body (e.g. law enforcement agencies) that had to be complied with by law - but it is difficult to imagine that the Changewatching service would ever be of interest in such a case.
Web requests (including your IP address) to the Changewatching web server are logged and stored at the web server (as is usual practice on the internet). The requests are anonymised within about 14 days and deleted within about 28 days.
While there is an active subscription set up against an email address, that email address will continue to be stored (otherwise Changewatching wouldn't know where to send alerts to!).
To ensure complete deletion of all user data, you can make use of the unsubscribe all email command - simply send the phrase unsubscribe all from the email address in question to robot@changewatching.co.uk. This will deactivate all subscriptions linked to that email address and all linked records will be deleted within 28 days. As long as you have at least one active subscription, you can get a list of all subscriptions for an email address by emailing inventory to robot@changewatching.co.uk. If you don't have any active subscriptions, the request will be ignored.
Emails sent to and from the robot@changewatching.co.uk address are deleted within 14 days. Emails sent to and from any other Changewatching email address (i.e. human-to-human communication) are not subject to routine deletion.
If a user requests and confirms that they wish to use the 'blockme' facility, then emails to that address will be strictly barred for 3 months. In order to provide this service, Changewatching must store that email address for three months. To ensure the privacy of the requester, the address is stored in an encrypted form that is not easy to reverse (a salted hash). The data is deleted within 28 days of the end of the 3 month block period, unless renewed.
Where records are deleted, they are completely deleted, including all backups.
Changewatching does not compromise user privacy by carrying adverts or social media buttons that 'phone home' the user's activity.
Changewatching also adjusts crawl times to conceal the number of users subscribed to the same web page, ensuring that the number of subscriptions has little or no effect on crawl frequency.
Cookies
Changewatching does not use or require cookies.
Javascript
Changewatching does not use or require Javascript.
Security
User data transferred between servers in the Changewatching system is secured by SSL. However, note that the website does not use HTTPS. Because of this, if you like to be particularly careful about your online security and privacy you should not access the Changewatching website from a shared internet connection such as a public wireless hotspot.
Inter-system communication that does not carry user data is authenticated using a variable salted hash that references a rolling key based on randomly generated secret data shared by communicating servers.
Inter-process communication is secured against shell and SQL injection. The various functions used to clean and validate data from the web form have been subjected to several million iterations of random data 'fuzzing', to eliminate possible problems.
User-entered data presented in emails is secured against potential cross-site scripting and/or HTML privacy violations (e.g. img links to tracking pixels). No personal data is collected and no password is required therefore user data is stored unencrypted.
The web server and one of the databases is hosted by 1&1, and its network security is handled by 1&1 and is their responsibility. User data is typically stored on the webserver only briefly before being securely transferred to the backend server.
The backend server carries reasonable security measures - physically locked, BIOS-locked, firewalled internally and externally, unneeded network services removed, general network hardening, software regularly updated, anti-virus etc. All systems are written in Python, and therefore benefit from Python's good security record.
However, no matter how careful the operator, there is never a guarantee of security with complex networked systems.
Anti-Spam
Changewatching implements a number of measures to reduce the risk of the service being abused.
All requests made via the web form generate an automatic activation request email, so that the software can confirm that the email address supplied is owned by the requester.
In order to prevent this measure being abused, only a few activation requests can go unanswered before Changewatching locks outgoing emails to that address - until a reply is received to one of the activation requests.
When an email address is entered that Changewatching hasn't seen before*, this limit is set at only one email. The limit is raised later if the newcomer subscribes to the service.
Where possible, multiple activations and change alerts are combined into one email to reduce the number of emails sent out.
Changewatching also offers two anti-spam commands that can be used via the automated email system at robot@changewatching.co.uk. These allow a user more direct control over aspects of the anti-spam system. These commands are blockme and antispam - see the full list of email commands for instructions.
*Remember that Changewatching is 'forgetful' - user details are deleted soon after they are no longer required, so if you delete all your Changewatching subscription and later return, Changewatching will not remember you.
Page last updated: 23/10/2015