summaryrefslogtreecommitdiff
path: root/app/views
diff options
context:
space:
mode:
Diffstat (limited to 'app/views')
-rw-r--r--app/views/layouts/_footer.html.haml11
-rw-r--r--app/views/pages/pricing.html.haml21
-rw-r--r--app/views/pages/privacy-policy.en.md55
-rw-r--r--app/views/pages/terms-of-service.en.md49
4 files changed, 136 insertions, 0 deletions
diff --git a/app/views/layouts/_footer.html.haml b/app/views/layouts/_footer.html.haml
index e69de29..ab925e8 100644
--- a/app/views/layouts/_footer.html.haml
+++ b/app/views/layouts/_footer.html.haml
@@ -0,0 +1,11 @@
+.container
+ .row
+ = link_to t(:home), home_path
+ = link_to t(:privacy_policy), privacy_policy_path
+ = link_to t(:terms_of_service), terms_of_service_path
+ - if lookup_context.exists?('pages/about')
+ = link_to t(:about), about_path
+ - if lookup_context.exists?('pages/contact')
+ = link_to t(:contact), contact_path
+ - if APP_CONFIG[:service_levels]
+ = link_to t(:pricing), pricing_path \ No newline at end of file
diff --git a/app/views/pages/pricing.html.haml b/app/views/pages/pricing.html.haml
new file mode 100644
index 0000000..77699d8
--- /dev/null
+++ b/app/views/pages/pricing.html.haml
@@ -0,0 +1,21 @@
+%h1= t(:pricing)
+%p= link_to(icon('user') + t(:signup), signup_path, :class => 'btn')
+
+- levels = APP_CONFIG[:service_levels]
+- if levels
+ %table.table.table-striped.table-bordered
+ %tr
+ %th= t :plan
+ %th= t :description
+ %th= t :monthly_cost
+ - levels.each do |id, level|
+ %tr
+ %td= level[:name]
+ %td= level[:description]
+ %td
+ - if level[:cost].nil? || level[:cost] == 0
+ = t(:free)
+ - else
+ = level[:cost].map{|currency,cost| "#{cost} #{currency}"}.join(', ')
+- else
+ No service levels are configured. \ No newline at end of file
diff --git a/app/views/pages/privacy-policy.en.md b/app/views/pages/privacy-policy.en.md
new file mode 100644
index 0000000..857bcd6
--- /dev/null
+++ b/app/views/pages/privacy-policy.en.md
@@ -0,0 +1,55 @@
+# Privacy Policy
+
+This document is our Privacy Policy, which describes what information we collect and what it's used for. It applies to all interactions with **<%=APP_CONFIG[:domain]%>**. Your use of **<%=APP_CONFIG[:domain]%>** services will constitute your agreement to this Privacy Policy. Please also review our [Terms of Service](terms-of-service).
+
+<p class="alert alert-info">
+ <b>Summary:</b> We collect very little personal information, and none of the information we do collect is ever shared or disclosed to anyone.
+</p>
+
+## Information we collect and retain
+
+**Registration information:** When you create an account, we retain the date and time you registered, along with your username and email aliases or forwarding addresses.
+
+**Customer code:** If you sign up for recurring payments, we retain a unique customer code. Although it may appear that you enter your billing information at <%=APP_CONFIG[:domain]%>, this information is sent directly to a separate payment processing company and is not seen or retained by us. However, the customer code that we do retain for recurring payments can be used to lookup billing information held by the payment processor.
+
+**Public key:** In order for secure communication to work, your device generates a private key and public key. The public key is pushed to our services and published publicly.
+
+**Help tickets:** The content of any help ticket you create or comment on while authenticated will be associated with your user account. You can choose to fill out a help ticket anonymously by creating a ticket while not logged in. We periodically delete old help tickets that are closed.
+
+**Session identifiers:** While currently logged in, either via the client application or the web application, we keep a temporary session identifier on your computer that your software uses to proves your authentication state. In the web browser, this consists of a session "cookie". In the client, this consists of a similar session token. In both cases, these are erased immediately after the user logs out or the session expires. We do not use any third party cookies or tracking of any kind.
+
+**Email transit logs:** In order to detect when our servers are under attack from a "spam bomb" or when a spammer is using our system, we keep a log of the "from" or "to" information for every message relayed. These logs are quickly purged on a daily basis.
+
+**Month of last log in**: We keep a record of the current calendar month and year of your last successful authentication (in order to be able to disable dormant accounts). We do not record the time or day of the last log in.
+
+## Information we choose to not retain
+
+**IP addresses**: No IP addresses of any user for any service are retained. The IP addresses are removed from all log files and replaced with all zeros before the logs are written to disk. This is important, because a user's IP address can disclose both their real identity and physical location.
+
+**Browser fingerprint**: Your web browser communicates uniquely identifying information to all web servers it visits by allowing the site to know details about your operating system, browser information, plugins installed, fonts installed, screen resolution, and much more. We do not retain any of this information.
+
+**Credentials for encrypted internet service**: If you use the encrypted internet service, your client presents our servers with a certificate to confirm you are a valid user before a connection is established. These certificates regularly expire, and the user must log in every month or two in order to obtain a new certificate. However, we do not keep a record of which user account is associated with which authentication certificate.
+
+**Message metadata**: Even when using end-to-end OpenPGP encryption for email messages, the email "subject" and routing information regarding the message "from" and "to" are seen by our servers in the clear when the message initially arrives. Immediately upon reception, we encrypt the entire message, including the metadata, and store it so that only you can read anything about the message (other than the size of the encrypted blob).
+
+**Cleartext messages**: Some messages that you send or receive will not be end-to-end encrypted (for example, when the other party does not support email encryption). In these cases, both when the message is received and sent, we do not retain anything about these messages other than what has been specified above.
+
+## Information we cannot retain
+
+**Your password**: Unlike most services, your user password never travels to our servers. We have no access to your password at any time. An attacker might still guess your password or discover it by trying millions of combinations, but we have no special access in this regard. Note: this guarantee is only strong if you use the client application for authentication, but is less strong if you login directly through the website (mostly because browser security is weak and an attacker could modify the computer code in the web page that handles this secure authentication).
+
+**Your communication**: Once stored, we cannot read the content or metadata of your communication. It is entirely encrypted and decrypted on your device. We also cannot recover it if you lose your password.
+
+**Your secret keys**: For encryption to work, the client application manages numerous secret keys on your behalf. These keys are also backed up and stored on our servers, but they are saved anonymously, and encrypted so that someone needs to know both the username and password to be have to query and decrypt these keys.
+
+## How we use or disclose collected information
+
+**We do not disclose user information**: We retain only the bare minimum of information about each user that is required to make the service work. We do not disclose, sell, or share any of it.
+
+**Academic research**: Anonymous, aggregated information that cannot be linked back to an individual user may be made available to third parties for the sole purpose of researching better systems for anonymous and privacy communication. For example, we may aggregate information on how many messages a typical user sends and receives, and with what frequency.
+
+**Account deletion**: You may choose to delete your <%=APP_CONFIG[:domain]%> account at any time. Doing so will destroy all the data we retain that is associated with your account. The one exception is that your public key may still be available, although we will revoke our endorsement of this key. The usernames associated with deleted accounts remain unavailable for others to use for at least two years, possibly longer.
+
+## Changes to this policy
+
+We reserve the right to change this policy. If we make major changes, we will notify our users in a clear and prominent manner. Minor changes may only be highlighted in the footer of our website. \ No newline at end of file
diff --git a/app/views/pages/terms-of-service.en.md b/app/views/pages/terms-of-service.en.md
new file mode 100644
index 0000000..7b57027
--- /dev/null
+++ b/app/views/pages/terms-of-service.en.md
@@ -0,0 +1,49 @@
+# Terms of Service
+
+This document is our Terms of Service, which describes what activities are allowed, under what conditions we may terminate your account, and asserts our limited liability. It applies to all interactions with **<%=APP_CONFIG[:domain]%>**. Your use of **<%=APP_CONFIG[:domain]%>** services will constitute your agreement to these Terms of Service.
+
+<p class="alert alert-info">
+ <b>Summary:</b><br/>
+ (1) If you do anything truly evil, we will terminate your account.<br/>
+ (2) We are not liable for any damages related to the use of this service.
+</p>
+
+## Privacy policy
+
+We ask that you review the terms of our [Privacy Policy](privacy-policy), so that you are aware of how we collect and use your information.
+
+## Refraining from certain activities
+
+You may not engage in the following activities through the services provided by **<%= APP_CONFIG[:domain] %>**:
+
+* **Harassing and abusing others** by engaging in threats, stalking, or sending Spam.
+* **Misuse of services** by distributing viruses or malware, engaging in a denial of service attack, or attempting to gain unauthorized access to any computer system, including this one.
+* **Contributing to the abuse of others** by distributing material where the production process created violence or sexual assault against persons.
+
+## Account Termination
+
+**<%= APP_CONFIG[:domain] %>** may terminate your service at any time for any reason. Typically, however, accounts are destroyed because of one of the following conditions:
+
+* The account has been found to be sending Spam (excessive amounts of unsolicited email).
+* The account is not paid up and the grace period has expired.
+* The account has engaged one or more of the banned activities listed above.
+
+<% if APP_CONFIG[:jurisdiction] %>
+
+## Disputes and Jurisdiction
+
+If you seek to file a legal claim against us, you agree to file and resolve it exclusively in <%= APP_CONFIG[:jurisdiction] %>.
+
+You also agree that the laws of <%= APP_CONFIG[:jurisdiction] %> will govern these Terms of Service, as well as any legal claim that might arise between you and us (without reference to conflict of laws principles). You agree to submit to the personal jurisdiction of, and agree that venue is proper in, the courts located in <%= APP_CONFIG[:jurisdiction] %>, in any legal action or proceeding relating to us or these Terms of Service.
+
+To ensure that disputes are dealt with soon after they arise, you agree that regardless of any statute or law to the contrary, any claim or cause of action you might have arising out of or related to use of our services or these Terms of Service must be filed within the applicable statute of limitations or, if earlier, one (1) year after the pertinent facts underlying such claim or cause of action could have been discovered with reasonable diligence (or be forever barred).
+
+<% end %>
+
+## Limitation on Liability
+
+**<%= APP_CONFIG[:domain] %>** will not be liable to you or to any other party for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data, or other intangible losses, regardless of whether we were advised of the possibility of such damage. In the case that applicable law may not allow the limitation or exclusion of liability or incidental or consequential damages, the above limitation or exclusion may not apply to you, although our liability will be limited to the fullest extent permitted by applicable law.
+
+## Changes to this policy
+
+We reserve the right to change this policy. If we make major changes, we will notify our users in a clear and prominent manner. Minor changes may only be highlighted in the footer of our website.