BLUF • policy • security • technical
Submitted by Nigel, aka SubDirectory (3), 25 March 2018
One of the key things for us at BLUF is that privacy is paramount. Most of the people who help as part of the BLUF admin team do not have access to private information, such as email addresses or real names, that you may have given to us. We've designed our systems, for example, so that event organisers can contact people who want to hear about events, but they can't see email addresses, or even which individual members will receive their message.
In general, when a member volunteer is given access to any of the administrative tools on BLUF, we grant them the most restrictive permissions possible that will allow them to do what they need to, for example allowing them only to update the calendar for a particular city or send emails about events in a single country.
Our login and password recovery systems are designed so that you can't use them to determine if a particular email address has an account on BLUF.com - you can't enter your boyfriend's email address to see if he's still on BLUF, for example.
The sole exception is two affiliate links, to Mr S Leather and to E-Stim Systems, whose sites may record that you have reached them from BLUF.com and as a consequence grant us some commission if you subsequently buy something from them.
Many sites use analytics tools, to help discover which pages of their site are most popular, how people navigate through the site, and similar information. Often, they use Google Analytics, which allows data to be analysed via a Google dashboard.
We do not use any analytics scripts on BLUF at present. In the past, we have used analytics, but in order to protect privacy, rather than use Google or any other third party service, we used a system called OWA which is installed on the BLUF server, and so completely under our control, with no data sent to anyone else. Should we decide in future to use any analytics, we will again use a system - either OWA or an equivalent - that is entirely hosted on our own server.
As well as analytics, many sites also load thing such as fonts or common tools such as JQuery from public sites, including Google's servers and those of other organisations. This allows sites to benefit from fast loading of such scripts, and to keep up to date easily.
However, on BLUF we have again chosen, for privacy reasons, not to take this approach, because in requesting such data from a third party server, that third party may be notified that the request is as a result of your visit to BLUF.com. To avoid that happening, we aim to provide all the necessary files from the BLUF server. This may mean, for example, that your browser will load a font from BLUF.com when it has already loaded it from Google, for a different site, but we feel the trade-off is worth it in terms of protecting our users.
Although we take great care to try and maintain your privacy, there are some areas where it's not possible to work without using third parties.
If you use our apps for mobile devices, we have to use services from Apple and/or Google to deliver instant notifications when new messages are sent to you, and that necessarily indicates to those companies that your device is associated with BLUF.com.
If you make a payment on BLUF.com your payment details are handled by one of our two providers, Stripe or PayPal, and in order to allocate donations to your account, your BLUF member number is sent to them as part of the transaction. This data is not shared with anyone else, and we do not receive, store or process any card details from our payment providers..
If you delete your BLUF account, your personal data and photos will be removed from the server, though some data may persist in older back-ups of the server. These backups are kept in a secure location and not publicly available via the internet.
Data regarding donations and other payments to BLUF is not deleted, because it may be needed for accounting or tax purposes, or to resolve any disputed payments at a later date.
We'll post an additional blog post when our full statement about what data we store and use has been finished, but for now, I hope this explains why we do things the way we do, and reassures members that we take your privacy, and your data, very seriously indeed.