Privacy Policy
Last updated July 22, 2024
Introduction
Personally Identifiable Information (PII) is used in privacy law and information security around the world. It refers to information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
Please read this privacy policy carefully to understand how we collect, use, protect, or otherwise handle your Personally Identifiable Information in accordance with our services.
We are committed to being open and transparent about how we collect, hold, use, and protect your PII/data. If you have any concerns arising from this privacy policy, please contact us at hi@yellowball.fm.
1. Where We Collect Data/PII From
Yellowball currently operates a single service: the Yellowball website for podcast hosting. Our primary objective is to collect minimal data, ensuring that any information we do receive is treated with the utmost confidentiality and always with privacy in mind.
2. Personal Identifiable Information & Data We Collect
Although the information collected is basic and may not be classed as PII, we treat all data with the same respect and have listed all the data we collect from the services we provide.
Websites and Other Web Services
- Main site: https://yellowball.fm
- Account Service: https://dash.yellowball.fm
- RSS Feeds: https://feeds.yellowball.fm
The following personal identifiable information (PII) is held for technical reasons and is deleted after 10 days:
- IP Address
- User Agent
Your Account
If you register for and use an account on https://dash.yellowball.fm, we additionally collect this information:
- Username, supplied by you.
- Email address, if you provide it for notifications and password resets.
- Transaction identifiers necessary for processing, supplied to us by third party payment providers (Stripe).
- Password, always stored in an encrypted (hashed and salted) form.
Customer Support
If you create a support ticket via the dash, the ticket and data associated with it are stored until you delete it.
Email support records will be deleted within 60 days of answering any outstanding questions.
3. How We Store and Protect Your PII & Data
Data Storage:
All data, including and not limited to data listed in "2. Personal Identifiable Information & Data We Collect", is stored on a server operated by us and hosted by Hetzner.
Data Linking:
Information/data used for the purpose of linking payments to a specific user to enable services are as follows:
- Username
- Payment identifiers, transaction code sent to us via the payment gateway used (unless you pay with crypto).
Data Retention:
We are required by law to keep payment records for a period of 7 years for taxation purposes. Even in the event that the account is deleted, we are required to keep the transaction data.
Payment records are only linked to your account until it is deleted or expired. They then become orphaned and cannot be linked back to your account.
Data Protection:
In Transit: All traffic between the customer and Yellowball is encrypted using modern Transport Layer Security (TLS). TLS is a cryptographic protocol designed to provide communications security over a computer network and aims primarily to provide confidentiality and data integrity between two communicating computer applications.
At Rest: Hot data (in use) is protected on our server, while cold data (backups) are encrypted.
4. How We Use Your PII & Data
The information collected while subscribing to Yellowball or using the website is basic in nature and only used for the specific purposes of software development and the administration of your account.
- Valid email address: If you provide it, you're able to receive account notifications and reset your password.
- Transaction identifier, sent by payment gateway: Used for the administration of your account.
- The internet browser and operating system you are using: Used to protect the service from malicious actors.
- IP address: Used to protect the service from malicious actors.
5. Third-Party Services
- Hetzner: Hosting provider.
- Bunny.net: Used for ONLY caching public feeds on https://feeds.yellowball.fm. Cache lives in EU-specific regions.
- Cloudflare R2: Uploaded files are stored using their S3-compatible storage in an EU-specific bucket.
- Tuta: Email provider.
- Mailgun: Email provider.
- Stripe: Payment gateway.
6. Third-Party Disclosure
We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential as per their privacy policies and terms of service.
Information we gain through payment gateways for the purpose of linking to your account is limited to transaction identifiers. Please refer to: Article 3. (How We Protect Your PII & Data).
We may release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, privacy, or safety.
7. General Data Protection Regulation (GDPR) Explained
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it is now implemented in many countries worldwide. It imposes obligations on organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018, and grants users certain rights under the GDPR policy. These are set out below and clarified in Article 16. To read more about GDPR, please visit the following link: https://gdpr-info.eu/
In line with the GDPR, we collect and process the data outlined in this Privacy Policy on the following grounds, for the purposes of fulfilling our contractual obligations to users, including:
- Providing users with the services they have requested.
- Managing user subscriptions and processing payments.
- Providing customer support.
For a legitimate interest associated with the operation and development of our services and business, including:
- Enhancing the quality, reliability, and effectiveness of our website and services.
- Communicating with customers to provide information and feedback related to our services and website.
- With the consent of users, which users can withdraw at any time.
You can exercise your rights under the GDPR to access, transfer, correct, delete, or object to the processing of your personal information by contacting us at: hi@yellowball.fm.
8. California Online Privacy Protection Act (CalOPPA) Explained
CalOPPA is the first state law in the United States of America to require commercial websites and online services to post a privacy policy.
The law’s reach stretches well beyond California and requires a person or company in the United States (and conceivably the world) that operates websites/online services collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website that states exactly the information being collected and those individuals with whom it is being shared. If you would like to read more about this policy, please visit: https://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
In conjunction with CalOPPA, we agree to the following:
Users can visit our site anonymously, but will need to subscribe to the service to use said service. Users will be notified of any privacy policy changes as and when they happen and can keep up to date by clicking the link named "Privacy Policy" at the bottom of our home page. To see what data we collect from subscribers, please refer to: Article 2. Personal Identifiable Information & Data We Collect.
9. Fair Information Practices Explained
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the world. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in line with Fair Information Practices, we will take the following responsive actions should a data breach occur:
- We will notify the users via email within 3 business days.
- We will notify the users via on-site notification within 3 business days.
10. Children’s Online Privacy Protection Act (COPPA)
Yellowball is in no way targeted for use by minors/children under the age of 18 years. However, as our service does not require data upon subscription concerning age, real name, or home address, we cannot, and will not, be held responsible for your child’s actions while online. All data collected by us is treated in the same manner, protected behind numerous layers of encryption, used to provide the service to you, and not shared with any third parties.
11. Cookies
Our service uses cookies required to operate, for example, when logging in. Cookies used on our site are for site use only; we do not use third-party cookies or transmit information collected. Information collected by our cookies is used on our service only.
12. Third-Party Behavioral Tracking
Yellowball DOES NOT use third-party tracking in any form. However, sites we may direct you to during subscription, such as the payment gateways we use (Stripe), may use such tracking on their services. For the avoidance of all doubt, it is your responsibility to check any third-party sites you visit and read their privacy policy.
13. Data Request
In compliance with the GDPR, you can request a list of the information we hold on your account. However, it is best to remember that any information held by us is the information freely given by you when you subscribe to our services. In this case, data requests must be made using the information given to us, for example, an email address, if used, in an email, requesting the information to: hi@yellowball.fm.
As the data we collect is solely used to run and administer your account, you can ask at any time for us to stop processing or to erase the data held on your account. However, in these aforementioned cases, this will result in the removal of your account from our services. This course of action does not automatically trigger a refund under the Terms of Service.