A => .hgignore +21 -0
@@ 0,0 1,21 @@
+syntax:glob
+.svn
+.hgsvn
+settings_local.py
+.*.swp
+**.pyc
+*.*~
+.coverage
+
+# virtualenv
+syntax:regexp
+^env$
+^testenv$
+^media$
+^static$
+^fixtures$
+
+# Unit test / coverage reports
+htmlcov/
+
+celerybeat-schedule
A => README.md +60 -0
@@ 0,0 1,60 @@
+# Netlandish Policies, Terms and Legal Stuff
+
+This is the public repo for all the Netlandish policy documents. Please feel
+free to submit changes, corrections, suggestions, etc.
+
+Also, a huge thank you to [Basecamp][bc] for providing these policies
+with open licenses. This allowed us to rework our policies to be more fair,
+plain, and easier to understand.
+
+## Contact Details
+
+Some contact pages or email address may be wrong or have typos or whatever.
+Please if anything ever fails you can always use `hello@<domain.com>` to reach
+us. Here are the individual ones:
+
+- Netlandish: [hello@netlandish.com](mailto:hello@netlandish.com)
+- AnyHow: [hello@anyhowhq.com](mailto:hello@anyhowhq.com)
+- HelpYouFindMe: [hello@helpyoufind.me](mailto:hello@helpyoufind.me)
+
+## Contributing
+
+We accept patches submitted via `hg email` which is the `patchbomb` extension
+included with Mercurial.
+
+The mailing list where you submit your patches is
+`~netlandish/public-inbox@lists.code.netlandish.com`. You can also view the
+archives on the web here:
+
+https://lists.code.netlandish.com/~netlandish/public-inbox
+
+To quickly setup your clone of `policies` to submit to the mailing
+list just edit your `.hg/hgrc` file and add the following:
+
+ [email]
+ to = ~netlandish/public-inbox@lists.code.netlandish.com
+
+ [patchbomb]
+ flagtemplate = "policies"
+
+ [diff]
+ git = 1
+
+We have more information on the topic here:
+
+- [Contributing][cdoc]
+- [Using email with Mercurial][hgemail]
+- [Mailing list etiquette][etiquette]
+
+[etiquette]: https://man.code.netlandish.com/lists/etiquette.md
+[hgemail]: https://man.code.netlandish.com/hg/email.md
+[cdoc]: https://man.code.netlandish.com/contributing.md
+
+## Copying License
+
+Netlandish policies are open source, licensed under [CC BY
+4.0](https://creativecommons.org/licenses/by/4.0/). Adapted from the [Basecamp
+open-source policies](https://github.com/basecamp/policies) / [CC BY
+4.0](https://creativecommons.org/licenses/by/4.0/).
+
+[bc]: https://basecamp.com "Basecamp"
A => policies/abuse.md +94 -0
@@ 0,0 1,94 @@
+---
+title: Netlandish Restricted Use Policy
+description: It is not okay to use Netlandish products for these restricted purposes.
+---
+
+# Use Restrictions
+
+*Last updated: March 21, 2021*
+
+People all over the world use Netlandish products. We are proud to give them a
+better way to work. We also recognize that however good the maker's intentions,
+technology can amplify the ability to cause great harm. That's why we've
+established this policy. We feel an ethical obligation to counter such harm:
+both in terms of dealing with instances where Netlandish products are used (and
+abused) to further such harm, and to state unequivocally that the products we
+make at Netlandish are not safe havens for people who wish to commit such harm.
+If you have an account with any of our products, you can't use them for any of
+the restricted purposes listed below. If we find out you are, [we will take
+action](/policies/how-we-handle/).
+
+## Restricted purposes
+
+* **Violence, or threats thereof**: If an activity qualifies as violent crime
+ in the United States or where you live, you may not use Netlandish products
+ to plan, perpetrate, or threaten that activity.
+* **Child exploitation, sexualization, or abuse**: We don't tolerate any
+ activities that create, disseminate, or otherwise cause child abuse. Keep
+ away and stop. Just stop.
+* **Hate speech**: You cannot use our products to advocate for the
+ extermination, domination, or oppression of people.
+* **Harassment**: Intimidating or targeting people or groups through repeated
+ communication, including using racial slurs or dehumanizing language, is not
+ welcome at Netlandish.
+* **Doxing**: If you are using Netlandish products to share other peoples'
+ private personal information for the purposes of harassment, we don't want
+ anything to do with you.
+* **Malware or spyware**: Code for good, not evil. If you are using our
+ products to make or distribute anything that qualifies as malware or spyware
+ — including remote user surveillance — begone.
+* **Phishing or otherwise attempting fraud**: It is not okay to lie about who
+ you are or who you affiliate with to steal from, extort, or otherwise harm
+ others.
+* **Spamming**: No one wants unsolicited commercial emails. We don't tolerate
+ folks (including their bots) using Netlandish products for spamming purposes.
+ If your emails don't pass muster with
+ [CAN-SPAM](https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business)
+ or any other anti-spam law, it's not allowed.
+* **Cybersquatting**: We don't like username extortionists. If you purchase a
+ Netlandish product account in someone else's name and then try to sell that
+ account to them, you are
+ [cybersquatting](https://www.law.cornell.edu/uscode/text/15/1125).
+ Cybersquatting accounts are subject to immediate cancellation.
+* **Infringing on intellectual property**: You can't use Netlandish products to
+ make or disseminate work that uses the intellectual property of others beyond
+ the bounds of [fair use](https://www.copyright.gov/fair-use/more-info.html).
+
+While our use restrictions are comprehensive, they can't be exhaustive — it's
+possible an offense could defy categorization, present for the first time, or
+illuminate a moral quandary we hadn't yet considered. That said, we hope the
+overarching spirit is clear: Netlandish products are not to be harnessed for
+harm, whether mental, physical, personal or civic. Different points of view —
+philosophical, religious, and political — are welcome, but ideologies like
+white nationalism, or hate-fueled movements anchored by oppression, violence,
+abuse, extermination, or domination of one group over another, will not be
+accepted here.
+
+## How to report abuse
+
+For cases of suspected malware, spyware, phishing, spamming, and
+cybersquatting, please alert us at [abuse@netlandish.com][abemail]
+
+For all other cases, please let us know by emailing
+[hello@netlandish.com][email]. If you're not 100% sure if something rises to the
+level of our use restrictions policy, report it anyway.
+
+Please share as much as you are comfortable with about the account, the content
+or behavior you are reporting, and how you found it. Sending us a URL or
+screenshots is super helpful. If you need a secure file transfer, let us know
+and we will send you a link. We will not disclose your identity to anyone
+associated with the reported account. For copyright cases, we've outlined extra
+instructions on [how to notify us about infringement
+claims](/policies/copyright/).
+
+Someone on our team will respond within one business day to let you know we've
+begun investigating. We have published details on [how we investigate use
+restriction reports](/policies/how-we-handle/). We will also let you know the
+outcome of our investigation (unless you ask us not to, or we are not allowed
+to under law).
+
+**This policy and process applies to any product created and owned by
+Netlandish Inc. That includes AnyHow and HelpYouFindMe.**
+
+[abemail]: mailto:abuse@netlandish.com "abuse@netlandish.com"
+[email]: mailto:hello@netlandish.com "hello@netlandish.com"
A => policies/cancellation.md +53 -0
@@ 0,0 1,53 @@
+--- title: Cancellation policy description: Everything you need to know about
+canceling your Netlandish product account. ---
+
+# Cancellation policy
+
+*Last updated: March 21, 2021*
+
+We want satisfied customers, not hostages. That's why we make it easy for you
+to cancel your account directly in all of our apps — no phone calls required,
+no questions asked.
+
+Account owners can follow these instructions to cancel in-app:
+* [AnyHow](https://docs.anyhowhq.com/billing/#cancelling)
+* [HelpYouFindMe](https://helpyoufind.me/help/billing/#cancelling)
+
+Our legal responsibility is to account owners, which means we cannot cancel an
+account at the request of anyone else. If for whatever reason you no longer
+know who the account owner is, [contact us][email]. We will
+gladly reach out to any current account owners at the email addresses we have
+on file.
+
+## What happens when you cancel?
+
+You won't be able to access your account once you cancel, so make sure you
+download everything you want to keep beforehand.
+
+We'll permanently delete your account data within 30 days from our servers and
+logs, and within 60 days from our backups. Retrieving data for a single account
+from a backup isn't possible, so if you change your mind you'll need to do it
+within the first 30 days. **Data can't be recovered once it has been
+permanently deleted.**
+
+We won't bill you again once you cancel. We don't automatically prorate any
+unused time you may have left but if you haven't used your account in months or
+just started a new billing cycle, [contact us][email] for a
+[fair refund](/policies/refund/). We'll treat you right.
+
+## Netlandish-initiated cancellations
+
+We may cancel accounts if they have been inactive for an extended period:
+* For trial accounts:
+ * For all services: 30 days after a trial has expired without being
+ upgraded
+* For frozen accounts: 180 days after being frozen due to billing failures
+* For free accounts: after 365 days of inactivity
+
+We also retain the right to suspend or terminate accounts for any reason at any
+time, as outlined in our [Terms of Service](/policies/terms-of-service/). In practice,
+this generally means we will cancel your account without notice if we have
+evidence that you are using our products to engage in [abusive
+behavior](/policies/abuse/).
+
+[email]: mailto:hello@netlandish.com "hello@netlandish.com"
A => policies/company-processors.md +25 -0
@@ 0,0 1,25 @@
+---
+title: Company Processors
+description: Netlandish Inc. uses some other third-party processors for company purposes outside of delivering our services.
+---
+
+# Company processors
+
+We as a company use third-party software that may process your information
+under certain circumstances.
+
+For the following processors, we have established GDPR-compliant data
+processing agreements, extending [GDPR safeguards](../regulations/index.md)
+everywhere personal data is processed. These processors are all located in the
+United States:
+
+* [HelloSign](https://www.hellosign.com/trust/compliance/gdpr). Electronic
+ signature service.
+* [Paypal](https://www.paypal.com/us/webapps/mpp/gdpr-readiness-requirements).
+ Payment transfer service.
+
+As a company, we also host a blog and maintain social media profiles. If you
+voluntarily engage with us through those media, your personal information may
+also be collected by the following processors, also all located in the US:
+
+* [Twitter](https://gdpr.twitter.com/). Social media platform.
A => policies/copyright.md +72 -0
@@ 0,0 1,72 @@
+---
+title: Copy that?
+description: How Netlandish handles copyright infringement claims.
+---
+
+# Copyright Infringement Claims
+
+## Notification of Copyright Infringement Claims
+
+Making original work is hard! As described in our [Use Restrictions
+policy](/policies/abuse/), you can't use Netlandish products* to make or
+disseminate work that uses the intellectual property of others beyond the
+bounds of [fair use](https://www.copyright.gov/fair-use/more-info.html).
+
+Are you a copyright owner? Under the Digital Millennium Copyright Act (17
+U.S.C. § 512), you have the right to notify us (Netlandish Inc.) if you believe
+that an account user of any product we built and maintain has infringed on your
+work(s) as copyright owner. To be effective, the notification of claimed
+infringement must be written. Please include the following information:
+
+- A physical or electronic signature of a person authorized to act on behalf of
+ the owner of an exclusive right that is allegedly infringed.
+- Identification of the copyrighted work(s) claimed to have been infringed. If
+ there are multiple, please share a representative list of those works.
+- A way for us to locate the material you believe is infringing the copyrighted
+ work.
+- Your name and contact information so that we can get back to you. Email
+ address is preferred but a telephone number or mailing address works too.
+- A statement that you, in good faith, believe that use of the material in the
+ manner complained of is not authorized by the copyright owner, its agent, or
+ the law.
+- A statement that the information in the notification is accurate, and under
+ penalty of perjury, that you are authorized to act on behalf of the owner of
+ an exclusive right that is allegedly infringed.
+
+## Digital Millennium Copyright Act ("DCMA") Counter-notifications
+
+On the flip-side, if you believe your material has been removed in error, you
+can file a written counter-notification. Please include the following
+information:
+
+- A physical or electronic signature, or the signature of the person authorized
+ to act on your behalf.
+- A description of the material that was removed.
+- A description of where the material appeared in Netlandish products prior to
+ their removal.
+- Your name and contact information so that we can get back to you. Email
+ address is preferred but a telephone number or mailing address works too.
+- A statement under penalty of perjury that you have a good faith belief that
+ the material was removed or disabled as a result of mistake or
+ misidentification.
+- A statement that you consent to the jurisdiction of the Federal District
+ Court for the judicial district in which your address is located, or if your
+ address is outside of the United States, in the Southern District of
+ California (where Netlandish is located).
+- A statement that you will accept service of process from the person who filed
+ the original DMCA notice or an agent of that person. (In other words, you've
+ designated that person to receive documents on your behalf.)
+
+## Where to Send Notices
+
+You can notify us of either copyright infringement claims or DCMA
+counter-notifications through either of the following channels:
+
+**By email**: [abuse@netlandish.com][abemail]
+
+**By mail**: Netlandish Inc., 5200 Clark Ave, #832, Lakewood CA 90714, USA
+
+**This policy and process applies to any product created and owned by
+Netlandish Inc. That includes AnyHow and HelpYouFindMe.**
+
+[abemail]: mailto:abuse@netlandish.com "abuse@netlandish.com"
A => policies/how-we-handle.md +119 -0
@@ 0,0 1,119 @@
+---
+title: How we handle abusive usage
+description: Guiding principles and process for investigating abuse reports
+---
+
+# How we handle abusive usage
+
+*Last updated: March 21, 2021*
+
+We build our products* to give teams a better way to work. We are proud of that
+purpose and trust that our customers use our products for appropriate
+endeavors.
+
+Sometimes, though, we discover potential abusive usage as detailed in our [Use
+Restrictions policy](/policies/abuse/). When that happens, we investigate using the
+following guiding principles and process.
+
+## Guiding Principles
+
+### Human oversight
+
+Who's "we", you ask? It's us: folks from the Netlandish team. Our internal abuse
+oversight committee includes our President, Peter Sanchez, and
+representatives from multiple departments across the company. On rare occasions
+for particularly sensitive situations or if legally required, we may also seek
+counsel from external experts.
+
+### Balanced responsibilities
+
+We have an obligation to protect the privacy and safety of both our customers
+and the people reporting issues to us. We do our best to balance those
+responsibilities throughout the process.
+
+### Focus on evidence
+
+We base our decisions on the evidence available to us: what we see and hear
+account users say and do. We document what we observe and ask whether that
+observable evidence points to a restricted use.
+
+## Process
+
+Every case goes through the same general process:
+
+1. Discovery
+2. Investigation
+3. Decision, sometimes with right to an appeal
+
+### How do we discover potential abuse?
+
+From our experience, we learn about potential abuse because:
+
+- Someone alerts us. We give [abuse reports](/policies/abuse/) our full care and
+ attention. Our Support team also responds to every question or comment that
+ comes in. If we notice anything in those emails that points to a violation,
+ we will look into it.
+- We notice an anomaly in our business operations monitoring. We monitor a
+ range of things about our products, like sign-up volume and error rates of web
+ requests. If we see something weird with those numbers, we get to the bottom
+ of it.
+- We stumble upon public web content that links an individual or organization
+ to a Netlandish product. We aren't scouring the Internet looking for those
+ links, but if we do come across any, we check them out.
+
+This list is not exhaustive; there are always edge cases. We will update the
+list if we find regular new avenues.
+
+### How do we investigate?
+
+We focus on the evidence:
+
+- Language and imagery used by users on the account
+- Evidence of account users' power and/or ability to act on spoken claims
+- Publicly available information about account users
+
+We strive to balance privacy and safety for all those involved:
+
+- We make every effort to complete our investigations without accessing a
+ customer account. For instance, if there are screenshots or public documents
+ available, we review those. We also consider whether it is appropriate to
+ involve the account owner in a given investigation and seek additional
+ evidence from them.
+- As we review the evidence, we look for indications of existing negative
+ impact. We also assess the severity of any potential negative impact,
+ regardless of intent. When relevant, we look for and follow available
+ guidelines from expert institutions.
+- If we cannot come to a fair assessment from the information available, we may
+ decide to access a customer account without notice. We do not make this
+ decision lightly. Customer privacy is a big deal to us and we only pursue
+ this course of action if the evidence we have already is very concerning, but
+ not definitive.
+
+While some violations are flatly obvious, others are subjective, nuanced, and
+difficult to adjudicate. We give each case adequate time and attention,
+commensurate with the violation, criticality, and severity of the charge.
+
+### What happens if someone really broke the rules?
+
+We will terminate an account without advance notice if there is evidence it is
+being used for a restricted purpose that has, is, or will cause severe harm. If
+applicable, we will also report the incident to the appropriate authorities.
+
+For other cases, we'll take a case-by-case approach to clear things up.
+
+Further, as a small, privately owned independent business that puts our values
+and conscience ahead of growth at all costs, we reserve the right to deny
+service to anyone we ultimately feel uncomfortable doing business with.
+
+### Can you appeal a decision?
+
+If we terminate an account without notice, the decision is final.
+
+For other cases, we will consider good faith appeals sent to
+[abuse@netlandish.com][abemail] by the account owner within
+14 calendar days.
+
+**This process applies to any product created and owned by
+Netlandish Inc. That includes AnyHow and HelpYouFindMe.**
+
+[abemail]: mailto:abuse@netlandish.com "abuse@netlandish.com"
A => policies/hyfm-refund.md +35 -0
@@ 0,0 1,35 @@
+---
+title: Refund policy
+description: "Learn about how and when we offer refunds for HelpYouFindMe."
+---
+
+# A fair refund policy
+
+## With HelpYouFindMe, we sell subscriptions on an annual basis only.
+
+If you pay for a year of HelpYouFindMe and then cancel before the year is up,
+we make sure you aren't charged in the future. Your account will remain active
+for the remainder of the period you'd already paid for. Once your account
+becomes inactive it becomes subject to the data retention rules defined in our
+[Cancellation policy](/policies/cancellation/).
+
+Here are examples of refunds for HelpYouFindMe we'd grant:
+
+- You decided HelpYouFindMe wasn't for you and stopped using it early on but forgot to
+ cancel your account. Then you got the auto-renewal invoice. If you don't need
+ any extra time to migrate and you don't need outbound forwarding, let us know
+ and we'll refund that last payment.
+- If you were really not happy with HEY, you can have your money back.
+
+We'll also consider giving credits for future cycles if something goes wrong on
+our side. For example, if we had extended downtime (multiple hours in a day, or
+multiple days in a month) or you emailed customer service and it took multiple
+days to get back to you, we'll issue a partial credit to your account.
+
+## Get in touch
+
+At the end of the day, nearly everything on the edges comes down to a
+case-by-case basis. [Send us a note][email], tell us what's up, and we'll work
+with you to make sure you're happy.
+
+[email]: mailto:hello@netlandish.com "hello@netlandish.com"
A => policies/index.md +16 -0
@@ 0,0 1,16 @@
+---
+title: 'Netlandish Policies and Terms of Service'
+description: 'All the policies and legal stuff for Netlandish customers. We try to make all our policies as clear, fair, and readable as possible.'
+---
+
+# Netlandish Policies, Terms, and Legal Stuff
+
+The rough print and the fine print. We try to make all our policies as clear, fair, and readable as possible.
+
+* [Terms of Service](/policies/terms-of-service/)
+* [Privacy policy](/policies/privacy/)
+* [Privacy Regulations reference](/policies/regulations/)
+* [Cancellation policy](/policies/cancellation/)
+* [Refund policy](/policies/refund/)
+* [Use Restrictions policy](/policies/abuse/)
+* [Security overview](/policies/security/)
A => policies/ownership-anyhow.md +58 -0
@@ 0,0 1,58 @@
+---
+title: 'AnyHow Account Ownership'
+description: 'Everything you need to know about AnyHow account ownership.'
+---
+
+# Who owns a AnyHow account?
+
+AnyHow accounts are owned by individuals, not by organizations. When you sign
+up and create a [AnyHow account][home], you are the owner of that account and
+all the data in it. Our legal responsibility is to the account owner(s), so we
+won't let other people take over your account without your permission.
+
+## What can account owners do?
+
+Account owners can:
+
+- **Create multiple organizations**: Any account owner can create
+ organizations. Each organization can have it's own team members, clients,
+ projects, and separate billing profiles.
+- **Join multiple organizations**: Any account can be a member of any
+ organization. If the account is not the owner of said organization then the
+ organization manager must invite the account to join.
+- **Access and export all data in an account**: account owners can add
+ themselves to any Team or Project and view everything in the organization
+ accumulated assets.
+- **Manage all aspects of the account's subscription:** including updating
+ billing information; adding more users and account administrators; and
+ cancelling an account
+ ([how-to](https://docs.anyhowhq.com/billing/#cancelling)).
+- **Designate other account owners**: AnyHow organizations can have multiple
+ managers. We recommend designating other managers you trust, so
+ that updates can be made to the account when you're not available.
+
+## Designating other people as organization managers
+
+It's important to remember that accounts own organizations and one account can
+own multiple organizations. Each organization has it's own billing, users, etc.
+
+An organization owner can add or remove other managers from the
+"Manage" section in the organization. When you designate someone
+else as a manager, they will have the same power to add and remove other
+managers at any time. However they can **not** remove you as the organization
+owner. So your account will always maintain control over any organizations it
+owns.
+
+## What if I have another question about ownership?
+
+Netlandish may update this policy once in a blue moon — we'll notify you about
+significant changes by emailing the account owner or by placing a prominent
+notice on our site. You can access, change or delete your personal information
+at any time by contacting Netlandish [support][support].
+
+Questions about this account ownership policy? Please get in touch with our
+[support team][support-email] and we'll be happy to answer them!
+
+[home]: https://anyhowhq.com/
+[support]: https://anyhowhq.com/support
+[support-email]: mailto:hello@anyhowhq.com
A => policies/ownership-hyfm.md +32 -0
@@ 0,0 1,32 @@
+---
+title: 'HelpYouFind.Me Account Ownership and Management'
+description: 'Who owns and manages HYFM accounts.'
+---
+
+# HelpYouFindMe Ownership & Management Policy
+
+HelpYouFindMe accounts are owned by each individual who created the during sign-up.
+Even in the event of sub-accounts. In other words, regardless of who is
+*paying* for the account, the account owner is *always* the person who
+registered the account. For information on account types, etc. see the
+[terminology help page][terms].
+
+Regardless of account type, the *management* of the account is done by the account
+owner. This is the person who originally signed up for the account.
+
+## Can "Family Account" owners access data of sub-accounts?
+
+Not without specific permission. Data access in HelpYouFindMe works the same
+for everyone, regardless of family/sub account relationships.
+
+This is not just our policy it's actually built into the application itself.
+It's impossible for us to provide the Family Account (or any other account or
+third party) access to a sub-accounts private data. This is because the data is
+encrypted on your local browser. We have no access to it.
+
+## Still have a question?
+
+Please get in touch with our [support team](mailto:hello@helpyoufind.me) and we'll
+be happy to answer them!
+
+[terms]: https://helpyoufind.me/help/terms/
A => policies/privacy.md +422 -0
@@ 0,0 1,422 @@
+--- title: Privacy policy description: The privacy of your data — and it is
+your data, not ours! — is a big deal to us. Here's the rundown of what we
+collect and why, when we access your information, and your rights. ---
+
+# Privacy policy
+
+*Last updated: March 21, 2021*
+
+The privacy of your data — and it is your data, not ours! — is a big deal to
+us. In this policy, we lay out: what data we collect and why; how your data is
+handled; and your rights to your data. We promise we never sell your data:
+never have, never will.
+
+This policy applies to all products built and maintained by Netlandish Inc.
+including AnyHow and HelpYouFindMe.
+
+## What we collect and why
+
+Our guiding principle is to collect only what we need. Here's what that means
+in practice:
+
+### Identity & access
+
+When you sign up for a Netlandish product, we typically ask for identifying
+information such as your name, email address, and maybe a company name. That's
+just so you can personalize your new account, and we can send you invoices,
+updates, or other essential information. We sometimes also give you the option
+to add a profile picture that displays in our products, but we do not normally
+look at or access that picture. We'll never sell your personal info to third
+parties, and we won't use your name or company in marketing statements without
+your permission either.
+
+### Billing information
+
+When you pay for a Netlandish product, we ask for your credit card and billing
+address. That's so we can charge you for service, calculate taxes due, and send
+you invoices. Your credit card is passed directly to our payment processor and
+doesn't ever go through our servers. We store a record of the payment
+transaction, including the last 4 digits of the credit card number and as-of
+billing address, for account history, invoicing, and billing support. We store
+your billing address to calculate any sales tax due in the United States or VAT
+in the EU, to detect fraudulent credit card transactions, and to print on your
+invoices.
+
+### Geolocation data
+
+We log all access to all accounts by full IP address so that we can always
+verify no unauthorized access has happened. We keep this login data for as long
+as your product account is active.
+
+We also log full IP addresses used to sign up a product account. We keep this
+record forever because they are used to mitigate spammy signups.
+
+Web analytics data — described further in the Website Interactions section —
+are also tied temporarily to IP addresses to assist with troubleshooting cases.
+We blind all web analytics data after 30 days.
+
+### Website interactions
+
+When you browse our marketing pages or applications, your browser automatically
+shares certain information such as which operating system and browser version
+you are using. We track that information, along with the pages you are
+visiting, page load timing, and which website referred you for statistical
+purposes like conversion rates and to test new designs. We sometimes track
+specific link clicks to help inform some design decisions. These web analytics
+data are tied to your IP address and user account if applicable and you are
+signed into our Services. We blind all of these individual identifiers after 30
+days.
+
+### Anti-bot assessments
+
+We use [CAPTCHA](https://en.wikipedia.org/wiki/CAPTCHA) services across our
+applications to mitigate brute force logins and in HEY as a means of spam
+protection. We have a legitimate interest in protecting our apps and the
+broader Internet community from credential stuffing attacks and spam. When you
+log into your accounts and fill specific forms, the CAPTCHA service
+evaluates various information (e.g IP address, how long the visitor has been on
+the app, mouse movements) to check whether the data is possibly filled out by
+an automated program instead of a human. We retain these data via our
+subprocessor forever because they are used for anti-spam mitigation.
+
+### Cookies and Do Not Track
+
+We do use persistent first-party cookies to store certain preferences, make it
+easier for you to use our applications, and support some in-house analytics. A
+cookie is a piece of text stored by your browser to help it remember your login
+information, site preferences, and more. You can adjust cookie retention
+settings in your own browser. To learn more about cookies, including how to
+view which cookies have been set and how to manage and delete them, please
+visit: [www.allaboutcookies.org](https://www.allaboutcookies.org).
+
+At this time, our sites and applications do not respond to Do Not Track beacons
+sent by browser plugins.
+
+### Voluntary correspondence
+
+When you write Netlandish with a question or to ask for help, we keep that
+correspondence, including the email address, so that we have a history of past
+correspondences to reference if you reach out in the future.
+
+We also store any information you volunteer like surveys. Sometimes when we do
+customer interviews, we may ask for your permission to record the conversation
+for future reference or use. We only do so if you give your express consent.
+
+### Information we do not collect
+
+We don't collect any characteristics of protected classifications including
+age, race, gender, religion, sexual orientation, gender identity, gender
+expression, or physical and mental abilities or disabilities. You may provide
+these data voluntarily, such as if you include a pronoun preference in your
+email signature when writing into our Support team.
+
+We also do not collect any biometric data. You are given the option to add a
+picture to your user profile, which could be a real picture of you or a picture
+of something else that represents you best. We do not extract any information
+from profile pictures: they are for your use alone.
+
+### How we approach mobile app permissions
+
+We currently do not have any mobile apps for our Services. However for
+HelpYouFindMe we do have mobile integration using the [Telegram][telegram]
+secure messaging service. There are no special permissions required to
+integrate your HelpYouFindMe account with Telegram but you do need to provide
+permissions for certain features when using Telegram. For example, if you want
+to send your location to HelpYouFindMe using Telegram then you will need to
+grant the Telegram application permission to access your location.
+
+[telegram]: https://telegram.org "Telegram"
+
+## When we access or share your information
+
+Our default practice is to not access your information. The only times we'll
+ever access or share your info are:
+
+**To provide products or services you've requested**. We do use some
+third-party services to run our applications and only to the extent necessary
+process some or all of your personal information via these third parties. You
+can [view the list of third-party services we use][subp] for our products.
+Having subprocessors means we are using technology to access your data. No
+Netlandish human looks at your data for these purposes unless an error occurs
+that stops an automated process from working and requires manual intervention
+to fix. These are rare cases and when they happen, we look for root cause
+solutions as much as possible to avoid them from reoccurring. We also use some
+other processors for other business functions, which you can view: [Company
+processors](/policies/company-processors/).
+
+**To help you troubleshoot or squash a software bug, with your permission.** If
+at any point we need to access your account to help you with a Support case, we
+will ask for your consent before proceeding.
+
+**To investigate, prevent, or take action regarding [restricted
+uses](../abuse/index.md).** Accessing a customer's account when investigating
+potential abuse is a measure of last resort. We have an obligation to protect
+the privacy and safety of both our customers and the people reporting issues to
+us. We do our best to balance those responsibilities throughout the process. If
+we do discover you are using our products for a restricted purpose, we will
+report the incident to the appropriate authorities.
+
+**When required under applicable law.**
+
+Netlandish, Inc. is a US company and all data infrastructure are located in the
+US.
+
+* If US law enforcement authorities have the necessary warrant, criminal
+ subpoena, or court order requiring we share data, we have to comply.
+ Otherwise, we flat-out reject requests from local and federal law enforcement
+ when they seek data. And unless we're legally prevented from it, we'll always
+ inform you when such requests are made. In the event a government authority
+ outside the US approaches Netlandish with a request, our default stance is to
+ refuse unless the US government compels us to comply through procedures
+ outlined in a mutual legal assistance treaty or agreement. ***We have never
+ received a National Security Letter or Foreign Intelligence Surveillance Act
+ (FISA) order.***
+* Similarly, if Netlandish receives a request to preserve data, we refuse unless
+ compelled by either the US Federal Stored Communications Act, 18 U.S.C.
+ Section 2703(f) or a properly served US subpoena for civil matters. In both
+ of these situations, we have to comply. In these situations, we notify
+ affected customers as soon as possible unless we are legally prohibited from
+ doing so. We do not share preserved data unless absolutely required under the
+ Stored Communications Act or compelled by a court order that we choose not to
+ appeal. Furthermore, unless we receive a proper warrant, court order, or
+ subpoena before the required preservation period expires, we destroy any
+ preserved copies we made of customer data once the preservation period
+ lapses.
+* If we get an informal request from any person, organization, or entity, we do
+ not assist. If you are an account owner who wants to export data from their
+ accounts, you can do so directly by [submitting a request directly][email].
+* If we are audited by a tax authority, we may be required to share
+ billing-related information. If that happens, we only share the bare minimum
+ needed such as billing addresses and tax exemption information.
+
+Finally, if Netlandish, Inc. is acquired by or merged with another company — we
+don't plan on that, but if it happens — we'll notify you well before any info
+about you is transferred and becomes subject to a different privacy policy.
+
+## Your rights with respect to your information
+
+At Netlandish, we apply the same data rights to all customers, regardless of
+their location. Currently some of the most privacy-forward regulations in place
+are the European Union's General Data Protection Regulation ("GDPR") and
+California Consumer Privacy Act ("CCPA") in the US. Basecamp recognizes all of
+the rights granted in these regulations, except as limited by applicable law.
+These rights include:
+
+* **Right to Know.** You have the right to know what personal information is
+ collected, used, shared or sold. We outline both the categories and specific
+ bits of data we collect, as well as how they are used, in this privacy
+ policy.
+* **Right of Access.** This includes your right to access the personal
+ information we gather about you, and your right to obtain information about
+ the sharing, storage, security and processing of that information.
+* **Right to Correction.** You have the right to request correction of your
+ personal information.
+* **Right to Erasure / "To be Forgotten".** This is your right to request,
+ subject to certain limitations under applicable law, that your personal
+ information be erased from our possession and, by extension, all of our
+ service providers. Fulfillment of some data deletion requests may prevent you
+ from using Basecamp services because our applications may then no longer
+ work. In such cases, a data deletion request may result in closing your
+ account.
+* **Right to Complain.** You have the right to make a complaint regarding our
+ handling of your personal information with the appropriate supervisory
+ authority. To identify your specific authority or find out more about this
+ right, EU individuals should go to
+ [https://edpb.europa.eu/about-edpb/board/members_en](https://edpb.europa.eu/about-edpb/board/members_en).
+* **Right to Restrict Processing.** This is your right to request restriction
+ of how and why your personal information is used or processed, including
+ opting out of sale of personal information. (Again: we never have and never
+ will sell your personal data.)
+* **Right to Object.** You have the right, in certain situations, to object to
+ how or why your personal information is processed.
+* **Right to Portability.** You have the right to receive the personal
+ information we have about you and the right to transmit it to another party.
+* **Right to not be subject to Automated Decision-Making.** You have the right
+ to object and prevent any decision that could have a legal, or similarly
+ significant, effect on you from being made solely based on automated
+ processes. This right is limited, however, if the decision is necessary for
+ performance of any contract between you and us, is allowed by applicable law,
+ or is based on your explicit consent.
+* **Right to Non-Discrimination.** This right stems from the CCPA. We do not
+ and will not charge you a different amount to use our products, offer you
+ different discounts, or give you a lower level of customer service because
+ you have exercised your data privacy rights. However, the exercise of certain
+ rights (such as the right "to be forgotten") may, by virtue of your
+ exercising those rights, prevent you from using our Services.
+
+Many of these rights can be exercised by signing in and directly updating your
+account information.
+
+If you have questions about exercising these rights or need assistance, please
+contact us at [hello@netlandish.com][email] or at
+Netlandish, Inc., 5200 Clark Ave, #832, Lakewood, CA 90714 USA. For
+requests to delete personal information or know what personal information has
+been collected, we will first verify your identity using a combination of at
+least two pieces of information already collected including your user email
+address. If an authorized agent is corresponding on your behalf, we will first
+need written consent with a signature from the account holder before
+proceeding.
+
+If you are in the EU, you can identify your specific authority to file a
+complaint or find out more about GDPR, at
+[https://edpb.europa.eu/about-edpb/board/members_en](https://edpb.europa.eu/about-edpb/board/members_en).
+
+## How we secure your data
+
+All data is encrypted via
+[SSL/TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) when
+transmitted from our servers to your browser. The database backups are also
+encrypted.
+
+For products except HelpYouFindMe, most data are not encrypted while they live
+in our database (since it needs to be ready to send to you when you need it),
+but we go to great lengths to secure your data at rest. For more information
+about how we keep your information secure, please review our [security
+overview](/policies/security/).
+
+With HelpYouFindMe, the security overview still applies _and_ we've gone even
+further by encrypting the private data in your, the user's, web-browser. All
+private data is encrypted on your computer before it is ever sent to Netlandish
+servers. Your private data is protected by your own encryption key that you
+set and are responsible for safe guarding.
+
+## What happens when you delete data in your product accounts
+
+In many of our applications, we give you the option to trash data. Anything you
+trash on your product accounts while they are active will be kept in an
+accessible trash can for up to 30 days (it varies a little by product). After
+that, the trashed data are no longer accessible via the application and are
+deleted from our active servers within the next 30 days. We also have some
+backups of our application databases, which are kept for up to another 30 days.
+In total, when you trash things in our applications, they are purged within 90
+days from all of our systems and logs. Retrieving data for a single account
+from a backup is cost-prohibitive and unduly burdensome so if you change your
+mind you'll need to do so before your data are deleted from our active servers.
+
+We also delete your data after an account is cancelled. In this case, there is
+no period of data being kept in an accessible trash can so your data are purged
+within 60 days. This applies both for cases when an account owner directly
+cancels and for auto-cancelled accounts. Please refer to our [Cancellation
+policy](../cancellation/index.md) for more details.
+
+## Location of site and data
+
+Our products and other web properties are operated in the United States. If you
+are located in the European Union or elsewhere outside of the United States,
+**please be aware that any information you provide to us will be transferred to
+and stored in the United States**. By using our Site, participating in any of
+our services and/or providing us with your information, you consent to this
+transfer.
+
+## When transferring personal data from the EU
+
+The GDPR requires that any data transferred out of the EU must be treated with
+the same level of protection that the EU privacy laws grant. The privacy laws
+of the United States generally do not meet that requirement. That is why since
+GDPR went into effect, Basecamp has offered a data processing addendum and
+voluntarily participated in the EU-US Privacy Shield Framework as well as the
+Swiss-US Privacy Shield Framework.
+
+There are also a few ad-hoc cases where EU personal data may be transferred to
+the US related to Netlandish, Inc. operations. For instance, if someone in the
+EU comments on our company blog or a customer participates in one of our
+infrequent surveys or someone applies to one of our open positions or buys swag
+on our company shop. Such transfers are only occasional and transferred under
+the [Article 49(1)(b) derogation](https://gdpr-info.eu/art-49-gdpr/) under
+GDPR.
+
+## EU-US and Swiss-US Privacy Shield policy
+
+The EU-US [Privacy Shield](https://www.privacyshield.gov/) is an agreement
+between certain European jurisdictions and the United States that up until July
+16, 2020, allowed for the transfer of personal data from the EU to the US.
+Participation in the Privacy Shield program is voluntary. The Swiss-US Privacy
+Shield is a similar program for data transferred to the US from Switzerland
+that was in effect until September 8, 2020.
+
+### We comply with the frameworks for EU, UK, and Swiss data that are transferred into the United States
+
+Netlandish complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S.
+Privacy Shield Framework as set forth by the U.S. Department of Commerce
+regarding the collection, use, and retention of personal information
+transferred from the European Union, the United Kingdom, and Switzerland to the
+United States, respectively. We've certified to the Department of Commerce that
+we adhere to the Privacy Shield Principles. If there is any conflict between
+the terms in this privacy policy and the Privacy Shield Principles, the Privacy
+Shield Principles take precedent. To learn more about the Privacy Shield
+program, and to view our certification, please visit
+[https://www.privacyshield.gov/](https://www.privacyshield.gov/).
+
+Netlandish is subject to the investigatory and enforcement powers of the Federal
+Trade Commission (FTC) with regard to the Privacy Shield Frameworks.
+
+The Privacy Shield Frameworks uphold specific principles, many of which are
+already outlined in the section on Your Rights. For clarity, pursuant to the
+Privacy Shield Frameworks, the following principles apply to all EU, UK, and
+Swiss data that has been transferred into the United States:
+
+- Individuals have the right to access their personal data and to update,
+ correct, and/or amend information that is incomplete. Individuals also have
+ the right to request erasure of personal information that has been processed
+ in violation of the principles. Individuals wishing to exercise these rights
+ may do so by by signing in and directly updating your account information. If
+ you have questions about exercising these rights or need assistance, please
+ contact us at [hello@netlandish.com][email] or at Netlandish, Inc., 5200
+ Clark Ave, #832, Lakewood, CA 90714 USA.
+- We remain liable for the onward transfer of personal data to third parties
+ acting as our agents unless we can prove we were not a party to the events
+ giving rise to the damages.
+- We do not sell personal data nor do we permit it to be used for reasons other
+ than those for which it was originally provided. If this practice should
+ change in the future, we will update this policy accordingly and provide
+ individuals with opt-out or opt-in choice as appropriate.
+- We may be required to release personal data in response to lawful requests
+ from public authorities including to meet national security and law
+ enforcement requirements.
+
+### We commit to resolving all complaints
+
+In compliance with the EU-US Privacy Shield Principles and the Swiss-US Privacy
+Shield Principles, we commit to resolve complaints about your privacy and our
+collection or use of your personal information. European Union, United Kingdom,
+or Swiss individuals with inquiries or complaints regarding this privacy policy
+should first contact Peter Sanchez at Netlandish at hello@netlandish.com, or by
+mail at Netlandish, Inc., 5200 Clark Ave, #832, Lakewood, CA 90714 USA.
+
+Netlandish (the company) has further committed to refer unresolved privacy
+complaints under the EU-US Privacy Shield Principles and the Swiss-US Privacy
+Shield Principles to an independent dispute resolution mechanism, the BBB EU
+PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely
+acknowledgment of your complaint, or if your complaint is not satisfactorily
+addressed, please visit
+[https://bbbprograms.org/privacy-shield-complaints/](https://bbbprograms.org/privacy-shield-complaints/)
+for more information and to file a complaint. This service is provided at no
+cost to you. Please do not submit GDPR complaints to BBB EU Privacy Shield.
+
+If your EU-US Privacy Shield complaint cannot be resolved through these
+described channels, under certain conditions, you may invoke binding
+arbitration for some residual claims not resolved by other redress mechanisms.
+To learn more, please view the Privacy Shield Annex 1 at
+[https://www.privacyshield.gov/article?id=ANNEX-I-introduction](https://www.privacyshield.gov/article?id=ANNEX-I-introduction).
+
+## Changes & questions
+
+We may update this policy as needed to comply with relevant regulations and
+reflect any new practices. You can view a history of the changes to our
+policies [on our code forge][sh]. Whenever we make a significant change to our
+policies, we will also announce them on our [company blog][nlb].
+
+Have any questions, comments, or concerns about this privacy policy, your data,
+or your rights with respect to your information? Please get in touch by
+emailing us at [hello@basecamp.com][email] and we'll be
+happy to answer them!
+
+[email]: mailto:hello@netlandish.com "hello@netlandish.com"
+[nl]: https://www.netlandish.com/ "Netlandish Inc."
+[anyhow]: https://anyhowhq.com/ "AnyHow"
+[hyfm]: https://helpyoufind.me "Help You Find Me"
+[sh]: https://hg.code.netlandish.com/~netlandish/policies/log "Code Forge"
+[nlb]: https://www.netlandish.com/blog/ "Netlandish Blog"
+[ah2fa]: https://docs.anyhowhq.com/two_step_verification/ "AnyHow 2FA"
+[hyfm2fa]: https://helpyoufind.me/help/two-step-verification/ "HYFM 2FA"
+[subp]: /policies/subprocessors/ "Subprocessors"
A => policies/refund.md +48 -0
@@ 0,0 1,48 @@
+---
+title: Refund policy
+description: "Bad refund policies are infuriating. We never want our customers to feel that way, so our refund policy is simple: If you're ever unhappy with our products for any reason, we'll take care of you."
+---
+
+# A fair refund policy.
+
+Bad refund policies are infuriating. You feel like the company is just trying
+to rip you off. We never want our customers to feel that way, so our refund
+policy is simple: If you're ever unhappy with our products* for any reason,
+just contact [our support team][email] and we'll take care
+of you.
+
+## Examples of full refunds we'd grant.
+
+* If you were just charged for your next month of service but you meant to
+ cancel, we're happy to refund that extra charge.
+* If you forgot to cancel your account a couple months ago and you haven't used
+ it since then, we'll give you a full refund for a few back months. No
+ problem.
+* If you tried one of our products for a couple months and you just weren't
+ happy with it, you can have your money back.
+
+## Examples of partial refunds or credits we'd grant.
+
+* If you forgot to cancel your account a year ago, and there's been activity on
+ your account since then, we'll review your account usage and figure out a
+ partial refund based on how many months you used it.
+* If you upgraded your account a few months ago to a higher plan and kept using
+ it in general but you didn't end up using the extra features, projects, or
+ storage space, we'd consider applying a prorated credit towards future
+ months.
+* If we had extended downtime (multiple hours in a day, or multiple days in a
+ month) or you emailed customer service and it took multiple days to get back
+ to you, we'd issue a partial credit to your account.
+
+## Get in touch
+
+At the end of the day, nearly everything on the edges comes down to a
+case-by-case basis. [Send us a note][email], tell us what's
+up, and we'll work with you to make sure you're happy.
+
+**This policy applies to any product created and owned by Netlandish, Inc. That
+includes AnyHow and HelpYouFindMe. There are [some nuances with
+HelpYouFindMe](/policies/hyfm-refund/) because its subscriptions are on an
+annual basis only.**
+
+[email]: mailto:hello@netlandish.com "hello@netlandish.com"
A => policies/regulations.md +126 -0
@@ 0,0 1,126 @@
+---
+title: Privacy Regulations Reference
+description: Privacy laws are in a lot of flux. Here's info you should know.
+---
+
+# Privacy Regulations Reference
+
+*Last updated: March 21, 2021*
+
+The data privacy regulatory landscape is undergoing a lot of change. You
+probably have heard about the EU General Data Protection Regulation (GDPR) that
+went into effect on May 25, 2018. There are also other regulations in effect or
+in the works around the world. We've written up this reference document to put
+helpful information regarding our products and privacy regulations in one
+place. Please also view our full [Privacy policy](/policies/privacy/).
+
+If you have any questions, comments, or concerns about our [Privacy
+policy](/policies/privacy/), your data, or your rights with respect to your
+information, please email us at [hello@netlandish.com][email].
+
+## European Union General Data Protection Regulation (GDPR)
+
+Netlandish is an American company and our data infrastructure is currently
+based in the US. That means if you are in another country in the world and you
+use our products, your data are transferred to the US. The EU has stronger
+privacy laws than the US and a core tenet of the GDPR is that if you transfer
+any personal data of EU residents out of the EU, you must protect it to the
+same level as guaranteed under EU law. There are two factors to this:
+
+1. The practices that businesses take handling personal data; and
+2. The laws of the countries where you transfer the EU personal data to
+
+### Practices we have at Netlandish
+
+We are serious about treating our customers fairly. We are equally serious
+about protecting your data, security, and right to privacy as if it were our
+own. This applies to all our customers, regardless of where you are in the
+world.
+
+Please do read our [Privacy Policy](/policies/privacy/) and our [Security
+Overview](/policies/security/) in full. Some highlights:
+
+* We never have and never will sell customer data.
+* We don't run ads for other services in our products.
+* We limit the data we collect: if we don't need it, we don't ask for it.
+* We put a lot of security measures into place including in-transit encryption,
+ encryption at-rest, and requiring employees and contractors to sign
+ non-disclosure agreements.
+* When you email us at [hello@netlandish.com][email], someone from our Privacy
+ Working Group will get back to you. You are always speaking with a human! No
+ bots.
+
+We do work with sub-processors. We've listed links to our current
+sub-processors at the end of this page. With each vendor, we assess their
+commitment to privacy and we sign a data processing addendum with them that
+include the controller-processor [Standard Contractual
+Clauses](https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
+
+### Relevant US laws
+
+The US does not have a national consumer privacy law akin to GDPR. We'd love to
+see one put in place and until then, shout out to California for leading with
+the California Consumer Privacy Act ("CCPA" — more information following this
+GDPR section) and our spiritual home state of Illinois for its Biometric
+Information Privacy Act.
+
+There are national US security laws that are relevant to GDPR. Chief amongst
+them are: the [Foreign Intelligence Surveillance Act
+(FISA)](https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1286) and
+Executive Order 12-333. FISA establishes ways for US law enforcement and
+intelligence agencies to gather information within the US about non-US entities
+suspected of espionage or terrorism. Executive Order 12-333 sets out how US
+intelligence agencies can gather information, including outside the borders of
+the US.
+
+Virtually every American software service is subject to FISA. That includes all
+the American big tech companies you can think of as well as any European
+service that uses cloud infrastructure from Amazon Web Services, Microsoft
+Azure, or Google Cloud Computing. It also includes small tech American
+companies like us, Netlandish Inc. However **to date, Netlandish has never been
+served a FISA order or National Security Letter.**
+
+Even so, these laws are relevant for why extra mechanisms need to be in place
+to allow the legal transfer of personal data from the EU to the US.
+
+## California Consumer Privacy Act (CCPA)
+
+In the CCPA, there is an important distinction between what are referred to as
+"service providers", "businesses", and "third parties". You can see how the
+regulation defines these words by visiting the California Attorney General's
+website: https://www.oag.ca.gov/privacy/ccpa.
+
+*Under the CCPA, Netlandish is a "service provider."* That means when we
+process data you provide, we do so solely for the purpose you signed up for.
+Our business model is simple: we charge a recurring subscription fee to our
+customers. We do not sell personal information or use your data for any other
+commercial purposes unless with your explicit permission.
+
+The CCPA also grants residents of California with additional rights related to
+their information. We grant those rights to all of our customers and detail
+them in our Privacy policy. Our Privacy policy also explains the information we
+collect in order to provide our services and clearly lists the only times we
+access or share your data.
+
+## US Health Insurance Portability and Accountability Act (HIPAA)
+
+Our products are currently *not*
+[HIPAA](https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html)-compliant
+and we do not have immediate plans to become so.
+
+## Subprocessors
+
+Netlandish uses third party subprocessors, such as cloud computing providers,
+to provide our services. We enter into data processing agreements including
+GDPR Standard Contractual Clauses with each subprocessor, and require the same
+of them.
+
+We also use other software as a company that are not part of providing our
+services but may collect your personal information for other purposes.
+
+You can see which processors are used by category below:
+
+- [Subprocessors](/policies/subprocessors/)
+- [Company Processors](/policies/company-processors/)
+
+[email]: mailto:hello@netlandish.com "hello@netlandish.com"
A => policies/security-response.md +55 -0
@@ 0,0 1,55 @@
+---
+title: 'Security Response'
+description: 'Have you discovered a web security flaw that might impact one of our products? Here's how you can report it.'
+---
+
+# Security response
+
+## We appreciate your concern
+
+Keeping customer data safe and secure is a huge responsibility and a top
+priority. We work hard to protect our customers from the latest threats. Your
+input and feedback on our security is always appreciated.
+
+## Reporting security problems
+
+**For security vulnerabilities and other urgent or sensitive reports**, please
+email our [Security team][email]. If you feel it necessary, use [our public
+key][pub] ( 5216B5D28D2E161A7F98D372FF96FA687153E3C1 ) to keep your message
+safe and please provide us with a secure way to respond. We'll respond as soon
+as we can. Please follow up or [ping us on
+Twitter](https://twitter.com/netlandish) if you don't hear back.
+
+**For requests that aren't urgent or sensitive**: submit a [support
+request][email].
+
+## Tracking and disclosing security issues
+
+We work with security researchers to keep up with the state-of-the-art in web
+security. Have you discovered a web security flaw that might impact our
+products? Please let us know. If you [submit a
+report][email], here's what will happen:
+
+* We'll acknowledge your report.
+* We'll triage your report and determine whether it's eligible for a bounty.
+* We'll investigate the issue and determine how it impacts our products. We
+ won't disclose issues until they've been fully investigated and patched, but
+ we'll work with you to ensure we fully understand severity and impact.
+* Once the issue is resolved, we'll post a security update along with thanks
+ and credit for the discovery.
+
+Our products are built on the Django framework. The issue you reported might
+affect Django, Python, or some other part of our technology stack. We ask for
+your patience while we also make sure other companies and their customers are
+protected. Either way, you'll always have a Netlandish contact for your issue.
+
+## Bounties
+
+Netlandish is a *tiny* company. At the time of this writing we are only 5
+people in total. We are happy to offer bounties but please understand that as a
+small company they will probably to be smaller than you may be used to. We are
+also open to free accounts on our products as partial bounty payment should you
+be interested in such an offer.
+
+[email]: mailto:hello@netlandish.com "hello@netlandish.com"
+[pub]: https://www.netlandish.com/security-pub.txt
A => policies/security.md +83 -0
@@ 0,0 1,83 @@
+---
+title: Security overview
+description: Keeping customer data safe and secure is a huge responsibility and a top priority for us. Here's how we make it happen.
+---
+
+# Security overview.
+
+## We protect your data.
+
+All data are written to multiple disks instantly, backed up daily, and stored
+in multiple locations. Files that our customers upload are stored on servers
+that use modern techniques to remove bottlenecks and points of failure.
+
+## Your data are sent using HTTPS.
+
+Whenever your data are in transit between you and us, everything is encrypted,
+and sent using HTTPS. Within our firewalled private networks, data may be
+transferred unencrypted.
+
+Our application databases are generally not encrypted at rest — the information
+you add to the applications is active in our databases and subject to the same
+protection and monitoring as the rest of our systems. Our database backups are
+encrypted using GPG.
+
+## Full redundancy for all major systems.
+
+Our servers — from power supplies to the internet connection to the air
+purifying systems — operate at full redundancy. Our systems are engineered to
+stay up even if multiple servers fail.
+
+## Sophisticated physical security.
+
+Our state-of-the-art servers are protected by biometric locks and
+round-the-clock interior and exterior surveillance monitoring. Only authorized
+personnel have access to the data center. 24/7/365 on-site staff provides
+additional protection against unauthorized entry and security breaches.
+
+## Regularly-updated infrastructure.
+
+Our software infrastructure is updated regularly with the latest security
+patches. Our products run on a dedicated network which is locked down with
+firewalls and carefully monitored. While perfect security is a moving target,
+we work with security researchers to keep up with the state-of-the-art in web
+security.
+
+## We protect your billing information.
+
+All credit card transactions are processed using secure encryption—the same
+level of encryption used by leading banks. Card information is transmitted and
+processed securely on a <a
+href="https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard">PCI-Compliant
+network</a>. We do not store any credit card data on our servers.
+
+## Constant monitoring
+
+We have a team dedicated to maintaining your account's security on our systems
+and monitoring tools we've set up to alert us to any nefarious activity against
+our domains. To date, we've _never_ had a data breach.
+
+We also audit internal data access. If a Netlandish employee wrongly accesses
+customer data, they will face penalties ranging from termination to
+prosecution. Again, to our knowledge, this hasn't happened.
+
+We have processes and defenses in place to keep our streak of 0 data breaches
+going. But in the unfortunate circumstances someone malicious does successfully
+mount an attack, we will immediately notify all affected customers.
+
+## Over 12 years in business.
+
+We've been around the block and we've seen a lot of companies come and go.
+Security isn't just about technology, it's about trust. Since 2008, we've
+worked hard to earn the trust of hundreds of companies world wide. We'll
+continue to work hard every day to maintain that trust. Longevity and stability
+is core to our mission at Netlandish.
+
+## Have a concern? Need to report an incident?
+
+Have you noticed abuse, misuse, an exploit, or experienced an incident with
+your account? Please visit our [security response
+page](/policies/security-response/) for details on how to securely submit a
+report.
+
+[email]: mailto:hello@netlandish.com "hello@netlandish.com"
A => policies/subprocessors.md +23 -0
@@ 0,0 1,23 @@
+---
+title: Netlandish Subprocessors
+description: All the third-party subprocessors that we use to run Basecamp.
+---
+
+# Netlandish subprocessors
+
+We use third party subprocessors, such as cloud computing providers and
+customer support software, to run Basecamp (the service). We establish
+GDPR-compliant data processing agreements with each subprocessor, extending
+[GDPR safeguards](../regulations/index.md) everywhere personal data is
+processed.
+
+The following is a list of personal data subprocessors we use. These
+subprocessors are all located in the United States:
+
+* [Stripe](https://stripe.com/guides/general-data-protection-regulation).
+ Payment processing services.
+* [Amazon Web Services](https://aws.amazon.com/compliance/gdpr-center/). Cloud
+ services provider.
+* [ARP Networks](https://arpnetworks.com/tos). Cloud services provider.
+* [Digital Ocean](https://www.digitalocean.com/legal/gdpr/). Cloud services
+ provider.
A => policies/terms-of-service.md +307 -0
@@ 0,0 1,307 @@
+---
+title: Terms of Service
+description: All the terms that you agree to when you sign up for a Netlandish product.
+---
+
+# Terms of Service
+
+*Last updated: March 21, 2021*
+
+From everyone at Netlandish, thank you for using our products! We build them to
+help you do your best work. Many people are using Netlandish
+products every day. Because we don't know every one of our customers
+personally, we have to put in place some Terms of Service to help keep the ship
+afloat.
+
+When we say "Company", "we", "our", or "us" in this document, we are referring
+to [Netlandish, Inc.][nl] as a whole.
+
+When we say "Services", we mean any product created and maintained by
+Netlandish, Inc. That includes [AnyHow][anyhow] and [HelpYouFindMe][hyfm],
+whether delivered within a web browser, desktop application, mobile
+application, or another format.
+
+When we say "You" or "your", we are referring to the people or organizations
+that own an account with one or more of our Services. We have specific
+ownership policies for our products: [AnyHow][ownah], [HelpYouFindMe][ownhyfm].
+
+We may update these Terms of Service in the future. You can track all changes
+made [on our code forge][sh]. Typically these changes have been to clarify some
+of these terms by linking to an expanded related policy. Whenever we make a
+significant change to our policies, we will also announce them on our [company
+blog][nlb].
+
+When you use our Services, now or in the future, you are agreeing to the latest
+Terms of Service. That's true for any of our existing and future products and
+all features that we add to our Services over time. There may be times where we
+do not exercise or enforce any right or provision of the Terms of Service; in
+doing so, we are not waiving that right or provision. **These terms do contain
+a limitation of our liability.**
+
+If you violate any of the terms, we may terminate your account. That's a broad
+statement and it means you need to place a lot of trust in us. We do our best
+to deserve that trust by being open about [who we
+are](https://www.netlandish.com/about), how we work, and keeping an open door
+to [your feedback](mailto:hello@netlandish.com).
+
+## Account Terms
+
+1. You are responsible for maintaining the security of your account and
+ password. The Company cannot and will not be liable for any loss or damage
+ from your failure to comply with this security obligation. We recommend
+ users set up two-factor authentication for added security. In some of our
+ Services, we may require it. For help with setting up two-factor
+ authentication see specific instructions for [AnyHow][ah2fa] or
+ [HelpYouFindMe][hyfm2fa].
+2. You may not use the Services for any purpose outlined in our [Use
+ Restrictions policy](/policies/abuse/).
+3. You are responsible for all content posted and activity that occurs under
+ your account. That includes content posted by others who either: (a) have
+ access to your login credentials; or (b) have their own logins under your
+ account.
+4. You must be a human. Accounts registered by "bots" or other automated
+ methods are not permitted.
+
+## Payment, Refunds, and Plan Changes
+
+1. If you are using a free version of one of our Services, it is really free:
+ we do not ask you for your credit card and — just like for customers who pay
+ for our Services — we do not sell your data.
+2. For paid Services that offer a free trial, we explain the length of trial
+ when you sign up. After the trial period, you need to pay in advance to keep
+ using the Service. If you do not pay, we will freeze your account and it
+ will be inaccessible until you make payment. If your account has been frozen
+ for a while, we will queue it up for auto-cancellation. See our
+ [Cancellation policy](/policies/cancellation/) for more details.
+3. If you are upgrading from a free plan to a paid plan, we will charge your
+ card immediately and your billing cycle starts on the day of upgrade. For
+ other upgrades or downgrades in plan level, the new rate starts from the
+ next billing cycle.
+4. All fees are exclusive of all taxes, levies, or duties imposed by taxing
+ authorities. Where required, we will collect those taxes on behalf of the
+ taxing authority and remit those taxes to taxing authorities. Otherwise,
+ you are responsible for payment of all taxes, levies, or duties.
+5. We process refunds according to our [Fair Refund
+ policy](/policies/refund/).
+
+## Cancellation and Termination
+
+1. You are solely responsible for properly canceling your account. Within each
+ of our Services, we provide a simple no-questions-asked cancellation link.
+ You can find instructions for how to cancel your account in our
+ [Cancellation policy](../cancellation/index.md). An email or phone request
+ to cancel your account is not automatically considered cancellation. If you
+ need help cancelling your account, you can always [contact our Support
+ team]({{ site.email_support }}).
+2. All of your content will be inaccessible from the Services immediately upon
+ cancellation. Within 30 days, all content will be permanently deleted from
+ active systems and logs. Within 60 days, all content will be permanently
+ deleted from our backups. We cannot recover this information once it has
+ been permanently deleted. If you want to export any data before your account
+ is cancelled, please send an email to
+ [hello@netlandish.com](mailto:hello@netlandish.com) for assistance.
+3. If you cancel the Service before the end of your current paid up month, your
+ cancellation will take effect immediately, and you will not be charged
+ again. We do not automatically prorate unused time in the last billing
+ cycle. See our [Fair Refund policy](../refund/index.md) for more details.
+4. We have the right to suspend or terminate your account and refuse any and
+ all current or future use of our Services for any reason at any time.
+ Suspension means you and any other users on your account will not be able to
+ access the account or any content in the account. Termination will
+ furthermore result in the deletion of your account or your access to your
+ account, and the forfeiture and relinquishment of all content in your
+ account. We also reserve the right to refuse the use of the Services to
+ anyone for any reason at any time. We have this clause because statistically
+ speaking, out of the hundreds of thousands of accounts on our Services,
+ there is at least one doing something nefarious. There are some things we
+ staunchly stand against and this clause is how we exercise that stance. For
+ more details, see our [Use Restrictions policy](../abuse/index.md).
+5. Verbal, physical, written or other abuse (including threats of abuse or
+ retribution) of Company employee or officer will result in immediate account
+ termination.
+
+## Modifications to the Service and Prices
+
+1. We make a promise to our customers to support our Services for as long as we
+ are in control of them or until the last customer leaves the Service. That
+ means when it comes to security, privacy, and customer support, we will
+ continue to maintain any legacy Services. Sometimes it becomes technically
+ impossible to continue a feature or we redesign a part of our Services
+ because we think it could be better or we decide to close new signups of a
+ product. We reserve the right at any time to modify or discontinue,
+ temporarily or permanently, any part of our Services with or without notice.
+2. Sometimes we change the pricing structure for our products. When we do that,
+ we tend to exempt existing customers from those changes. However, we may
+ choose to change the prices for existing customers. If we do so, we will
+ give at least 30 days notice and will notify you via the email address on
+ record. We may also post a notice about changes on our websites or the
+ affected Services themselves.
+
+## Uptime, Security, and Privacy
+
+1. Your use of the Services is at your sole risk. We provide these Services on
+ an "as is" and "as available" basis. We do not offer service-level
+ agreements for our Services but do take uptime of our applications
+ seriously.
+2. We reserve the right to temporarily disable your account if your usage
+ significantly exceeds the average usage of other customers of the Services.
+ Of course, we'll reach out to the account owner before taking any action
+ except in rare cases where the level of use may negatively impact the
+ performance of the Service for other customers.
+3. We take many measures to protect and secure your data through backups,
+ redundancies, and encryption. We enforce encryption for data transmission
+ from the public Internet. There are some edge cases where we may send your
+ data through our network unencrypted. Please refer to our [Security
+ Overview](../security/index.md) for full details and our [Security Response
+ page](../security/response/index.md) for how to report a security incident
+ or threat.
+4. When you use our Services, you entrust us with your data. We take that trust
+ to heart. You agree that Netlandish may process your data as described in
+ our [Privacy Policy](../privacy/index.md) and for no other purpose. We as
+ humans can access your data for the following reasons:
+ - **To help you with support requests you make.** We'll ask for express
+ consent before accessing your account.
+ - **On the rare occasions when an error occurs that stops an automated
+ process partway through.** We get automated alerts when such errors occur.
+ When we can fix the issue and restart automated processing without looking
+ at any personal data, we do. In rare cases, we have to look at a minimum
+ amount of personal data to fix the issue. In these rare cases, we aim to
+ fix the root cause as much as possible to avoid the errors from
+ reoccurring.
+ - **To safeguard Netlandish.** We'll look at logs and metadata as part of
+ our work to ensure the security of your data and the Services as a whole.
+ If necessary, we may also access accounts as part of an [abuse report
+ investigation](../abuse/how-we-handle/index.md).
+ - **To the extent required by applicable law.** As a US company with all
+ data infrastructure located in the US, we only preserve or share customer
+ data if compelled by a US government authority with a legally binding
+ order or proper request under the Stored Communications Act. If a non-US
+ authority approaches Netlandish for assistance, our default stance is to
+ refuse unless the order has been approved by the US government, which
+ compels us to comply through procedures outlined in an established mutual
+ legal assistance treaty or agreement mechanism. If Netlandish is audited
+ by a tax authority, we only share the bare minimum billing information
+ needed to complete the audit.
+5. We use third party vendors and hosting partners to provide the necessary
+ hardware, software, networking, storage, and related technology required to run
+ the Services. You can see a [list of all subprocessors][subp] who handle
+ personal data for Netlandish products.
+6. Under the California Consumer Privacy Act ("CCPA"), Netlandish is a "service
+ provider", not a "business" or "third party", with respect to your use of the
+ Services. That means we process any data you share with us only for the purpose
+ you signed up for and as described in these Terms of Service, [Privacy
+ policy](../privacy/index.md), and [other policies](../index.md). We do not
+ retain, use, disclose, or sell any of that information for any other commercial
+ purposes unless we have your explicit permission. And on the flip-side, you
+ agree to comply with your requirements under the CCPA and not use Netlandish's
+ Services in a way that violates the regulations.
+7. These Service Terms incorporate the [Netlandish Data Processing Addendum
+ ("DPA")](../privacy/regulations/dpa/Netlandish.pdf),
+ when the General Data Protection regulation ("GDPR") applies to your use of
+ Netlandish Services to process Customer Data as defined in the DPA. The DPA is
+ effective as of October 5, 2020 and replaces and supersedes any previously
+ agreed data processing addendum between you and Netlandish Inc. relating to the
+ GDPR. If you prefer to have an executed copy of the Data Processing Addendum,
+ you may [sign a copy online](https://app.hellosign.com/s/c0908a3d). Regardless
+ of whether you execute or not, we protect and secure your data to the high
+ standards set out in the addendum.
+
+## Copyright and Content Ownership
+
+1. All content posted on the Services must comply with U.S. copyright law. We
+ provide details on [how to file a copyright infringement
+ claim](../copyright/index.md).
+2. We claim no intellectual property rights over the material you provide to
+ the Services. All materials uploaded remain yours.
+3. We do not pre-screen content, but reserve the right (but not the obligation)
+ in our sole discretion to refuse or remove any content that is available via
+ the Service.
+4. The names, look, and feel of the Services are copyright© to the Company. All
+ rights reserved. You may not duplicate, copy, or reuse any portion of the
+ HTML, CSS, JavaScript, or visual design elements without express written
+ permission from the Company. You must request permission to use the
+ Company's logo or any Service logos for promotional purposes. Please [email
+ us][email] requests to use logos. We reserve the right to rescind this
+ permission if you violate these Terms of Service.
+5. You agree not to reproduce, duplicate, copy, sell, resell or exploit any
+ portion of the Services, use of the Services, or access to the Services
+ without the express written permission by the Company.
+6. You must not modify another website so as to falsely imply that it is
+ associated with the Services or the Company.
+
+## Features and Bugs
+
+We design our Services with care, based on our own experience and the
+experiences of customers who share their time and feedback. However, there is
+no such thing as a service that pleases everybody. We make no guarantees that
+our Services will meet your specific requirements or expectations.
+
+We also test all of our features extensively before shipping them. As with any
+software, our Services inevitably have some bugs. We track the bugs reported to
+us and work through priority ones, especially any related to security or
+privacy. Not all reported bugs will get fixed and we don't guarantee completely
+error-free Services.
+
+## Services Adaptations and API Terms
+
+We offer Application Program Interfaces ("API"s) for some of our Services
+(currently AnyHow). Any use of the API, including through a third-party product
+that accesses the Services, is bound by the terms of this agreement plus the
+following specific terms:
+
+1. You expressly understand and agree that we are not liable for any damages or
+ losses resulting from your use of the API or third-party products that
+ access data via the API.
+2. Third parties may not access and employ the API if the functionality is part
+ of an application that remotely records, monitors, or reports a Service
+ user's activity *other than time tracking*, both inside and outside the
+ applications. The Company, in its sole discretion, will determine if an
+ integration service violates this bylaw. A third party that has built and
+ deployed an integration for the purpose of remote user surveillance will be
+ required to remove that integration.
+3. Abuse or excessively frequent requests to the Services via the API may
+ result in the temporary or permanent suspension of your account's access to
+ the API. The Company, in its sole discretion, will determine abuse or
+ excessive usage of the API. If we need to suspend your account's access, we
+ will attempt to warn the account owner first. If your API usage could or has
+ caused downtime, we may cut off access without prior notice.
+
+## Liability
+
+We mention liability throughout these Terms but to put it all in one section:
+
+***You expressly understand and agree that the Company shall not be liable, in
+law or in equity, to you or to any third party for any direct, indirect,
+incidental, lost profits, special, consequential, punitive or exemplary
+damages, including, but not limited to, damages for loss of profits, goodwill,
+use, data or other intangible losses (even if the Company has been advised of
+the possibility of such damages), resulting from: (i) the use or the inability
+to use the Services; (ii) the cost of procurement of substitute goods and
+services resulting from any goods, data, information or services purchased or
+obtained or messages received or transactions entered into through or from the
+Services; (iii) unauthorized access to or alteration of your transmissions or
+data; (iv) statements or conduct of any third party on the service; (v) or any
+other matter relating to this Terms of Service or the Services, whether as a
+breach of contract, tort (including negligence whether active or passive), or
+any other theory of liability.***
+
+In other words: choosing to use our Services does mean you are making a bet on
+us. If the bet does not work out, that's on you, not us. We do our darnedest to
+be as safe a bet as possible through careful management of the business;
+investments in security, infrastructure, and talent; and in general giving a
+damn. If you choose to use our Services, thank you for betting on us.
+
+If you have a question about any of the Terms of Service, please [contact our
+Support team][email].
+
+[email]: mailto:hello@netlandish.com "hello@netlandish.com"
+[nl]: https://www.netlandish.com/ "Netlandish Inc."
+[anyhow]: https://anyhowhq.com/ "AnyHow"
+[hyfm]: https://helpyoufind.me "Help You Find Me"
+[sh]: https://hg.code.netlandish.com/~netlandish/policies/log "Code Forge"
+[nlb]: https://www.netlandish.com/blog/ "Netlandish Blog"
+[ah2fa]: https://docs.anyhowhq.com/two_step_verification/ "AnyHow 2FA"
+[hyfm2fa]: https://helpyoufind.me/help/two-step-verification/ "HYFM 2FA"
+[subp]: /policies/subprocessors/ "Subprocessors"
+[ownah]: /policies/ownership-anyhow/ "Ownership: AnyHow"
+[ownhyfm]: /policies/ownership-hyfm/ "Ownership: HelpYouFindMe"