This is the privacy policy for the Audacity Forum. For the privacy notice of the Audacity audio editor, see Desktop Privacy Notice | Audacity ®

Effective as of March 20, 2023.

As a responsible organisation, we have taken two important steps—we made sure that we have, at the discretion of our users, the information necessary to allow us to improve the Audacity Forum, and that by doing so we are compliant with national and international regulations, namely GDPR and CCPA. Most importantly, we have been, and will continue to be, transparent with our users and our developer community about the data we collect, when we collect it and why. We will also publish any intended changes before they are implemented in the newer versions of the Audacity Forum.

Content:

:notes: Introduction
:notes: Principles of processing
:notes: Data we collect from you
:notes: How we use your Personal Data
:notes: Data storage, retention and deletion
:notes: Your privacy rights
:notes: Linking to other websites
:notes: Updates to this Notice
:notes: How to contact us
:notes: Additional Information for California Consumers
:notes:Cookie Policy


Introduction

  1. This Privacy Notice (“Notice”) explains in detail what information we collect and use when you use the Audacity Forum (available at https://forum.audacityteam.org) and the open source forum software, Discourse (available at discourse.org, hereinafter “Discourse software”).
  2. For the purposes of this Notice, MuseCY SM Ltd., a Cyprus company with registered office at Spyrou Kyprianou, 84, 4004, Limassol, Cyprus (hereinafter “we”, “us”, “our”, “Audacity Forum”) acts as the data controller for the personal information that is collected through the use of the Audacity Forum and the discourse software.
  3. This Notice also sets out the rights that you have in relation to the information that we process about you and how you can exercise them.
  4. The Audacity Forum treats compliance with its privacy obligations seriously. This is why we have developed this Notice, which describes the standards that the Audacity Forum applies to protect your information.
  5. As a data controller, the Audacity Forum is responsible for ensuring that the processing of personal information takes place in compliance with applicable data protection law, and specifically with the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (”CCPA”).
  6. Please take the time to read this Notice carefully. If you have any questions or comments, please contact us via privacy@audacityteam.org.

Principles of processing

We will process Personal Data in accordance with this Notice, as follows:

  1. Fairness: We will process Personal Data fairly. This means that we are transparent about how we process Personal Data and that we will process it in accordance with applicable law.
  2. Lawfulness: We will process Personal Data only on lawful grounds.
  3. Purpose limitation: We will process Personal Data for specified and legitimate purposes (as described above), and do not process it in a manner that is incompatible with those purposes, unless permitted by applicable data protection laws.
  4. Data minimization: We will process Personal Data that is adequate, relevant and limited to what is necessary to achieve the purposes for which the data are processed.
  5. Data accuracy: We take appropriate measures to ensure that the Personal Data we hold about you is accurate.
  6. Data security: We use appropriate technical and organizational measures to protect the Personal Data that we collect and process about you. Specific measures we use include to-date secure network architectures that contain firewalls and intrusion detection devices and backups.

Personal Data we collect from you

  1. We use the information listed in the table under “How we use your Personal Data” to help us run and improve this forum, for maintenance and security purposes, and to run any updates that enable this forum to function better.
  2. Please refer to our Cookie Policy below to get more information about cookies usage.
  3. If you choose to create an account, your account will at a bare minimum contain a uniquely identifiable name (hereinafter “username”), a personal password used for logging into your account (hereinafter “password”) and a personal, valid email address (hereinafter “email”). Any additional information beyond this is optional. In all cases, you have the option of what information in your account is publicly displayed on the Audacity forum. Furthermore, within your account, you have the option to opt-in or opt-out of automatically generated emails from the Discourse software.

You can download a copy of the data we have collected for you via the “Request archive” function in your account preferences.


How we use your Personal Data

We will not collect and use your Personal Data without letting you know. Below we describe the purposes for which we process your Personal Data and our legal bases for doing so:

Data collected Purpose of processing Legal basis Explanation
- Email,
- Username,
- Client ID,
- Technical information
To provide our services :memo: Contract As part of the service we register you on the forum through a user account and give you access to the communication platform to enable you to share content.
- Email,
- Username,
- Request text
To provide you with technical support :memo: Contract We will respond to your comments, questions and requests
- IP address To protect our Audacity Forum against unauthorized access :bar_chart: Legitimate interest We use rate limits by IP to protect forum from fraud and abuse. We also may compare IP addresses to detect hacked accounts.
- Username,
- Post title,
- Post content
To post comments, questions or answers :bar_chart: Legitimate interest When you post, we need to process the data you posted to be able to show it to other users.
- User ID
- Session ID
- Usage metrics (clicks, page views, etc.)
To improve your user experience :bar_chart: Legitimate interest Our forum software grants additional permissions to more seasoned users. Usage metrics are also visible publicly in your profile, which can be turned off in your preferences.
- Email,
- Username,
- Request text
To supervise compliance with laws and regulations :balance_scale: Legal obligation In order for you to exercise your GDPR rights, you may choose to send us an email with a request related to your account. In order to carry out the request, we will momentarily store your email, username and request text until the nature of the request has been carried out.

Children’s privacy

The Audacity Forum is not intended for individuals below the age of 13 (or under 16 in certain jurisdictions in the European Union). If you are under 13 years old, please do not use the Audacity Forum. You may only use Audacity Forum if you are over the age at which you can provide consent to data processing under the laws of your country or if verifiable parental consent for your use of Audacity Forum has been provided to us.

If you are a parent or legal guardian of a child under the age of 13 who uses our services, please contact us at privacy@audacityteam.org if you have any questions or comments. On your request, we will delete your child’s personal information if we are able to identify your child.


Data storage, retention and deletion

Except as set forth below, we will retain your Personal Data as long as needed to provide you with the Services or otherwise fulfill the purposes for which it was collected. Server logs are typically deleted after one week, but under some circumstances may be kept for up to 90 days.

Forum posts (ie comments, questions and answers) are retained indefinitely and visible to other users. You can request your account to be anonymized at privacy@audacityteam.org.


Third parties processing your Personal Data

Audacity endeavors to apply suitable safeguards to protect the privacy and security of your personal data during the transfer and to use it only consistent with your relationship with us and the practices described in this Privacy Notice.

We may disclose your Personal Data to the following categories of recipients:

  • to our companies inside of Muse Group for purposes consistent with this Notice. We take precautions to allow access to Personal Data only to those staff members who have a legitimate business need for access and with a contractual prohibition of using the Personal Data for any other purpose.
  • to our third party vendors, services providers and partners who provide data processing services to us, or who otherwise process Personal Data for purposes that are described in this Notice or notified to you when we collect your Personal Data. The services these vendors provide to us are email, hosting and supporting services.

We do not use third party analytics services, advertising services, or data brokers.

All your personal data is stored on our servers in the European Economic Area (EEA), hosted by Digital Ocean. However, we use third party service providers and business partners who may be operating from outside the EEA and therefore, your data may be transferred to, or accessed from those countries.

  • Our affiliates - sub-processors - MuseScore, WSM Group, which support our business activities.
  • Akismet Anti-Spam

This service is provided by Automattic, Inc. Relevant privacy policy of Automattic. When posting messages and updating your profile, your message, along with username, email address, IP address, user agent and referrer are sent to Automattic for spam detection purposes. This may be skipped for more regular users, in which case no data will be sent to Automattic. Unfortunately, the country of data recipient does not ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to Akismet to ensure that they are properly protected.

  • CloudFlare

The service is provided by Cloudflare, Inc. Address: 101 Townsend St. San Francisco, CA 94107. Relevant privacy policy of Cloudflare. Unfortunately, the country of data recipient does not ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to Cloudflare to ensure that they are properly protected.

We have put in place appropriate safeguards (which includes the European Commission’s Standard Contractual Clauses) to ensure that whenever your Personal Data is transferred outside the EEA to countries that are not deemed adequate by the European Commission, your Personal Data receives an adequate level of protection in accordance with the GDPR.


Your privacy rights

Under the GDPR, individuals have certain data protection rights, which you can exercise by emailing privacy@audacityteam.org:

  • obtain access to the personal data held about you

Under Article 15 of the GDPR, individuals have a right of access that gives them the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to understand how and why companies are using their data, and check the lawfulness of the processing.

You can download a copy of the data we have collected for you via the “Request archive” function in your account preferences.

  • ask for incorrect, inaccurate or incomplete personal data to be corrected

Under Article 16 of the GDPR, individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing.

  • request that personal data be erased when they are no longer needed or if processing is unlawful

Under Article 17 of the GDPR, individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

  • request the restriction of the processing of your personal data in specific cases

Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data.

  • receive your personal data in a machine-readable format and send them to another controller (‘data portability’)

Under Article 20 of the GDPR, individuals have the right to data portability that gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits those data directly to another controller.

  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation

Article 21 of the GDPR gives individuals the right to object to the processing of their personal data at any time. This effectively allows individuals to stop or prevent you from processing their personal data.

  • lodge a complaint with a supervisory authority

In accordance with Article 77 of the GDPR, you, as a data subject, have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place.

If you have any questions about the protection of your personal data, you can contact us: privacy@audacityteam.org.


Linking to other websites

  1. The Audacity Forum may contain hyperlinks and embeds to websites owned and operated by third parties. These websites have their own privacy policies and we urge you to review them. They will govern the use of personal information you submit whilst visiting these websites.
  2. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.

Updates to this Notice

  1. We may update this Notice from time to time in response to changing legal, technical, or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.
  2. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.

How to contact us

If you have any questions or comments, or if you wish to exercise your data protection rights, please contact us via privacy@audacityteam.org.


Additional Information for California Consumers

  1. The California Consumer Privacy Act (“CCPA”) provides California residents, referred to in the law as “consumers,” with rights to receive certain disclosures regarding the collection, use, and sharing of personal information, as well as rights to access and control personal information. Certain information that we collect may be exempt from the CCPA because it is considered public information (because it is made available by a government entity) or covered by another federal privacy law, such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.
  2. To the extent that we collect personal information about you that is subject to the CCPA, that information, our practices, and your rights are described below.
  3. Right to information regarding the categories of personal information collected, sold, and disclosed: You have the right to obtain information regarding the categories of personal information we collect. We collect the categories of information described above.
  4. We do not sell personal information.

Cookie Policy

A cookie is a small text file that a website stores on your computer or mobile device when you visit this site. This forum only uses essential first party cookies to remember your preferences and your log-in state.

Name Essential Expires Description Contains personal data
email Y Session Used during account creation, login, or password reset to prefill form.
Created when E-mail address is provided in URL as a query parameter.
Y
destination_url Y Session Used during login to redirect to the requested page.
Created when user visits URL which required authentication. They are redirected to login page and value from cookie is used to redirect back to originally requested URL after authentication.
Deleted after authentication.
N
theme_ids Y 1 year Remembers user theme personalization if “Make this my default theme on all my devices” is not ticked.
Created when personal preferences are changed.
Deleted when personal preferences are reset to default.
N
color_scheme_id Y 1 year Remembers user color scheme personalization if “Set default colour scheme(s) on all my devices” is not ticked.
Created when personal preferences are changed.
Deleted when personal preferences are reset to default.
N
dark_scheme_id Y 1 year Remembers user dark colors personalization if “Set default colour scheme(s) on all my devices” is not ticked.
Created when personal preferences are changed.
Deleted when personal preferences are reset to default.
N
text_size Y 1 year Remembers user text size personalization if “Make this the default text size on all my devices” is not ticked.
Created when personal preferences are changed.
Deleted when personal preferences are reset to default.
N
cn Y Session Client clear notifications.
Created after notification is clicked.
Deleted when page is loaded.
N
_bypass_cache Y Session Used to skip cache.
Created on SSO callback.
N
_t Y 1440 hours User authentication token cookie. Expiry date can be configured with maximum_session_age site setting.
Created after authentication.
Deleted after logout.
N
_forum_session Y Session Session cookie.
Created when page is loaded.
N
dosp Y next page view Temporary cookie that informs client denial of service protection is in place.
Created when page is loaded.
N
cookietest Y Session Check if cookies are enabled.
Created when authentication fails to ensure that cookies are enabled (disabled cookies may be a reason for failure).
N
cookieconsent_status Y 1 year Stores whether user has dismissed cookie banner. N

Removing cookies from your device

You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited.

Be aware though that you may also lose some saved information (e.g. saved login details, site preferences).

Managing site-specific cookies

For more detailed control over site-specific cookies, check the privacy and cookie settings in your preferred browser.

Blocking cookies

You can set most modern browsers to prevent any cookies being placed on your device, but you may then have to manually adjust some preferences every time you visit a site/page. And some functionalities may not work properly at all (e.g. logging in).