Privacy policy
Last Modified: 2nd December 2022
Introduction
The privacy policy described below is provided by David Connelly Ltd, (“Company”, “we”, or “us”). We respect your privacy and are committed to protecting the privacy of our Website visitors, customers, business partners and end users, through our compliance with this policy.
This policy describes the types of information we may collect from you or that you may provide when you visit the Website trongate.io (our "Website") or otherwise access our app store (“Module Market”), Help Bar or desktop app, or other digital assets that link, reference or are associated with this Privacy Policy (collectively with the Website, the "Services") and our practices for collecting, using, maintaining, protecting, and disclosing of information.
We reserve the right to change this Privacy Policy at any time. We will notify you of any changes to this Privacy Policy by posting a new Privacy Policy to this page, and/or by sending notice to the primary email address specified in your account. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes. Changes to this Privacy Policy are effective when they are posted on this page. You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that the collection, use and sharing of your information is subject to the updated Privacy Policy.
This policy applies in the following scenarios:
- On this Website (regardless of the type of the device or other means you use to access) or through our Services.
- In email, text, and other electronic messages between you and our Services.
- Through mobile and desktop applications, plug-ins, integrations you download from this Website, which provide dedicated non-browser-based interaction between you and this Website.
- When you interact with our applications on third-party Websites and services, if those applications include links to this policy.
- While offering our products and services to you.
Children Under the Age of 16
Our Services are not intended for children under 16 years of age. No one under age 16 may provide any personal information to or on the Services. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on the Services or through any of its features, register on the Website, make any purchases through the Services, use any of the interactive or public comment features of the Services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us.
Information We Assign To All Users
All users who access our Website, regardless of login status, are assigned with a “session ID” value upon each visitation. A session ID is a random alpha-numeric string of characters with a length of 32. This string of characters has the potential to assist with basic Website usage such as remembering selected items or displaying form validation errors. Session ID variables are created and assigned by use of the PHP function, session_start(). All session IDs are automatically and permenantly deleted after the termination of a user session (for example, by closing a browser window) or ten minutes of inactivity. The full specifications for how this Website uses sessions can be found at https://www.php.net/manual/en/book.session.php.
Information We Collect From Account Holders / Members And How That Information Is Stored
Under normal Website usage conditions, Website visitors have the ability to create accounts on our Website via the URL https://trongate.io/members/join. When a user creates an account on our Website, the following four fields are required:
- username
- first name
- last name
- email address
- password
Member information is stored on a MySQL database table. The 'username' field is stored as a plain text field, as is the email address. Passwords are stored using a hashing algorithm that utilizes the BCRYPT hashing algorithm. The code that we use for password hashing is shown below:
function _hash_string($str) { $hashed_string = password_hash($str, PASSWORD_BCRYPT, array( 'cost' => 11 )); return $hashed_string; }
All member first names and last names are encrypted for additional security. The code that we use for encrypting first names and last names is shown below:
private $key = '********************************'; private $cipher = "aes-128-gcm"; private $options = 0; function _encrypt($plaintext) { $ivlen = \openssl_cipher_iv_length($this->cipher); $iv = \openssl_random_pseudo_bytes($ivlen); $ciphertext = openssl_encrypt($plaintext, $this->cipher, $this->key, $this->options, $iv,$tag); $enc_string = bin2hex($iv).bin2hex($tag).$ciphertext; return $enc_string; } function _decrypt($enc_string) { $iv = substr($enc_string, 0, 24); $tag = substr($enc_string, 24, 32); $ciphertext = substr($enc_string, 56, strlen($enc_string)); $result = \openssl_decrypt($ciphertext, $this->cipher, $this->key, $this->options, \hex2bin($iv), \hex2bin($tag)); return $result; }
Why We Collect Information About Account Holders
The bullet points below describe why we collect the fields of; username, first name, last name, email address and password:
- The 'username' field gives account holders an opportunity to communicate with other members of our community - for example, via the Help Bar - anonymously, if they wish to do so.
- The email address field gives our members an opportunity to confirm their identity. This can be useful in situations such as the resetting of passwords.
- The first name and last name fields are collected in order to increase the likelihood of our own outbound emails passing spam filter tests.
- The password field is collected and stored to give users an opportunity to securely login.
Third Party Authentication & Authorization
There may be instances where Website visitors decide to use third-party providers for account creation and authorization, for example - via social media providers like Twitter. In those scenarios, our Website will comply with licences and protocols of relevant trusted third-party providers but only in situations where users have actively agreed to those terms.
Our goal, in offering third-party authentication and authorization, is merely to give our members a faster and easier means of logging into our Website.
Regardless of what data is shared by third-party providers, we aspire to never store any more than the following:
- account usernames
- first name (if available)
- last name (if available)
- email address
If any third-party authorization provider sends us information over and above the fields declared above (for example, a user's Twitter timeline or other profile information), we pledge to refuse or delete that information at the soonest possible opportunity.
About Cookies
This Website operates outwith the scope of EU Cookie Law since we do not set or use cookies within the bounderies of normal Website usage conditions. We are only aware of two scenarios where a cookie could be set - directly or indirectly - via this Website.
- When a member logs into their account and ticks the 'remember me' checkbox
- In a hypothetical situation where third-party code has been added - for example - via an embedded YouTube video
PLEASE NOTE: We are not aware of any third-party providers using technologies - such as cookies - to track and record user data, directly or indirectly, via our Website. Nevertheless, we do recognise this as a hypothetical possibility (for example: https://rewis.io/urteile/urteil/lhm-20-01-2022-3-o-1749320/) and we acknowledge this for the purposes of being comprehensive and transparent. YOUR USAGE OF OUR WEBSITE IS OFFERED WITH THE UNDERSTANDING THAT YOU AGREE TO NOT PURSUE THE OWNER(S) OF THE WEBSITE - IN THE LEGAL ARENA OR ANY OTHER ARENA - IN THE EVENT OF USER TRACKING CODE, COOKIES OR OTHER TECHNOLOGIES BEING USED TO UNKNOWINGLY RECORD OR MONITOR YOU, YOUR DEVICE, YOUR LOCATION AND/OR YOUR BEHAVIOUR. IF THIS IS NOT ACCEPTABLE THEN YOU ARE ADVISED TO STOP USING THIS WEBSITE IMMEDIATELY AND CLEAR YOUR BROWSER HISTORY, INCLUDING ALL COOKIE DATA. IF YOU HAVE A LEGITIMATE CONCERN REGARDING COVERT TRACKING CODE BEING INJECTED INTO OUR WEBSITE, PLEASE CONTACT US SO THAT WE MAY HAVE AN OPPORTUNITY TO INVESTIGATE YOUR CONCERNS.
More Information Regarding The 'remember me' Feature
If a user logs into their account, on this Website, and clicks 'remember me' then a cookie is set. The cookie contains a random string. Below is the code that we use for cookie creation:
setcookie('trongatetoken', $random_string, $data['expiry_date'], '/');
Any cookies set using the above code expire after sixty days and are used to assist with account authorization and authentication.
Sharing Of User Data
We do not share user data with anyone else.
Regarding Covert Tracking Of User Data & Behaviour
We do not actively monitor or record users' general behaviour on this Website. We do not store or record browser history, on this Website. We do not know or care about what device you are using to access this Website. We do not store user IP addresses. We do not actively record or track geographical information, relating to either account holders or general Website visitors. As far as we are aware, there is no code related to advertising - third party or otherwise - on this Website. If you find any code on this Website - or the wider Trongate ecosystem - that gives you cause for concern in this regard, please contact us immediately so that we can investigate and resolve your concerns as a priority.
Exceptional Circumstances
Whilst we pride ourselves in running this Website in a manner that is non-intrusive and requires only a bare minimum of user data to be stored, we may record device data and other data such as IP addresses in the event of a malicious attack being carried out against our Website and/or ecosystem. Fortunately, this is an exceptional circumstance and in those instances any relevant collected data (specifically data pertaining to an attacker's device(s), behaviour and location) would be handed over to appropriate law enforcement agencies as a priority and not stored on our own servers for any more than fourteen days.
This scenario has only happened once in the history of our Website. In the unlikely event that it happens again, we will update this webpage by posting a declaration that the Website is 'under attack'. In that instance, a full description of the data that we are collecting will be published.
We stress that these measures would only apply in exceptional circumstances and not under normal operational conditions. Right now, the operational status of this Website is normal.
Data Protection
This Website operates in compliance with the Data Protection Act of 2018, as set out by the government of the United Kingdom. For full details, visit: https://www.gov.uk/data-protection.
Submitting Comments, Questions and Concerns
Any comments, questions or concerns about how data is being stored or handled on the Trongate Website or general ecosystem should be directed to our Contact Us Page.