The Infomation We Collect
We take security of user data very seriously and, as a matter of policy, The South Wales Climbing Wiki does not, (and will not) collect data on its users except for the following:
- When users sign-up he/she can, if they choose, submit their email address. This is not mandatory.
- We collect user edits to the wiki.
- Users' edits to the Wiki are recorded under their username. Use of users' real names are mandatory.
- The Wiki collects HTTP server log information. This information cannot, by itself, be used to identify users' IP addresses and is never used for that purpose. The server log files are used for debugging the wiki and for amassing general usage information.
- When users upload media files, e.g. photographs, PDFs, etc., they should be aware that such files often contain metadata and this metadata is often presented to other users of the Wiki. Such metadata may include, (using the example of a photograph), the date and time the photo was taken, the device on which the photo was taken, the software with which it may have been edited, the geolocation from the where the photo was taken, etc.. Users should remove any sensitive metadata from media files before uploading them to the Wiki.
Processing of User Data
Our policy is to not process user data any more than is needed to run the Wiki effectively.
- We retain the abilty, when necessary, to remove accounts of those users who are abusive of the Wiki.
- The transparency enabling nature of the Wiki software (Mediawiki), means that users can see all (including their own) edits; this includes time and date each edit was made. We do not collect data about the origin (i.e. the ip address) of edits.
Security of User Data
The Wiki is a publicly accessible document and user edits are visible under each user's real name, i.e. user name.
As a matter of policy, we take take the following precautions to protect user data:
- Connections to the Wiki by client web browsers are encrypted using Transport Layer Security
- User passwords are stored 'salted' and hashed (MD5) and are, thus, hidden from server operators. You are, however, encouraged to use a "strong" and unique password for each online account you operate. See: https://www.ed.ac.uk/infosec/how-to-protect/lock-your-devices/passwords/choosing-strong-passwords
- The Wiki Team make every effort to secure the server by using suitable firewalling and applying security patches as and when they become available
- The Wiki team will not make any information about its users available to any other party except when legally required to do so.
- The Wiki does not collect ip addresses together with associated edits.
- Users can have their accounts deleted on request.
Please email email@example.com