From 4ff3f5d1607025e3767d4d19ab4edfa2d5ea94fc Mon Sep 17 00:00:00 2001
From: Dan TS <dan@interlock.network>
Date: Wed, 10 May 2023 16:04:18 -0700
Subject: [PATCH 1/4] threatslayer-privacy-policy.md: Adds TS-specific privacy
 policy

---
 docs/threatslayer-privacy-policy.md | 59 +++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 docs/threatslayer-privacy-policy.md

diff --git a/docs/threatslayer-privacy-policy.md b/docs/threatslayer-privacy-policy.md
new file mode 100644
index 0000000..4b387d7
--- /dev/null
+++ b/docs/threatslayer-privacy-policy.md
@@ -0,0 +1,59 @@
+# ThreatSlayer Data Privacy Policy
+
+This document will cover the ThreatSlayer data collected and used by Interlock, a web3 security company.
+
+## ThreatSlayer
+
+ThreatSlayer is a browser extension by Interlock. It protects users from malicious websites. Registered users will be eligible to receive Interlock's $ILOCK token for browsing. 
+
+When ThreatSlayer is running in your browser, it runs scripts to:
+
+1. Send your URL to our backend to see if the site is malicious.
+
+2. If the site *is* malicious, to block the site so you don’t give it sensitive information.
+
+3. *For users who register with us*, a unique API key associated with that user is sent together with the URL in order to accurately calculate rewards for that user.
+
+Note: Users do not need to register in order to use and be protected by ThreatSlayer. But only registered users will be rewarded for browsing. 
+
+ThreatSlayer is an open source project – you can see the source code on [GitHub](https://github.com/interlock-network/threatslayer), including the code for the scripts.
+
+## Data We Collect for Scanning URLs
+
+Interlock maintains a backend pipeline that classifies URLs as safe or unsafe. To do so, we collect and retain certain kinds of data. This data is not considered personally identifiable information (PII), and thus is not protected under the General Data Protection Regulation (GDPR) or similar legislation. This includes:
+
+* Dynamically rendered heuristic assets (i.e. favicons made by JS, instead of static)
+
+* Query string parameters will be stripped from the target URL in the link object
+
+## Data We Collect for Token Rewards
+
+Interlock's business is based on protecting users with ThreatSlayer while identifying malicious URLs. We therefore reward registered ThreatSlayer users for the URLs they browse, especially malicious ones. In order to reward users fairly, we collect the following data:
+
+* The username, password, and web3 account ID users register with
+
+* The username of the user who first navigates to a new URL (malicious or not)
+
+## Analytics Data
+
+Interlock will collect and retain the following information for URL classification:
+
+* Resolvable URLs
+
+* The data generated by Interlock about the link (classification as safe or unsafe, etc.)
+
+* Analytics data is stored indefinitely
+
+## Data Anonymization and Deletion Policy
+
+Analytics data will be disassociated from the user who generated it.
+
+For example, if a user posts a safe URL, Interlock will retain the URL and the “safe” classification in case another user posts the same URL in the future, but will not retain any association between that safe URL and the user who posted it.
+
+This protects users who post links to safe websites like Planned Parenthood who get their records subpoenaed by a state or country where abortion is illegal.
+
+## Data Processing
+
+Discord message event data is processed on DigitalOcean infrastructure located in the United States. It is stored in a Digital Ocean virtual machine that is only accessible to Interlock employees. Discord mods can access Bouncer settings for their own Discord servers via HTTPS.
+
+If you have any questions or concerns about ThreatSlayer, please email threatslayer@interlock.network

From e303947236bef52134c1c4c705ef5a2289e54371 Mon Sep 17 00:00:00 2001
From: John Mercouris <john@mercouris.email>
Date: Thu, 11 May 2023 12:25:13 -0500
Subject: [PATCH 2/4] threatslayer-privacy-policy.md: update with group
 collaboration changes.

---
 docs/threatslayer-privacy-policy.md | 38 ++++++++++++++---------------
 1 file changed, 18 insertions(+), 20 deletions(-)

diff --git a/docs/threatslayer-privacy-policy.md b/docs/threatslayer-privacy-policy.md
index 4b387d7..28abc2b 100644
--- a/docs/threatslayer-privacy-policy.md
+++ b/docs/threatslayer-privacy-policy.md
@@ -6,54 +6,52 @@ This document will cover the ThreatSlayer data collected and used by Interlock,
 
 ThreatSlayer is a browser extension by Interlock. It protects users from malicious websites. Registered users will be eligible to receive Interlock's $ILOCK token for browsing. 
 
-When ThreatSlayer is running in your browser, it runs scripts to:
+When ThreatSlayer is running in your browser, it:
 
-1. Send your URL to our backend to see if the site is malicious.
+1. Sends the URL you are browsing to our backend to check if the URL is safe.
 
-2. If the site *is* malicious, to block the site so you don’t give it sensitive information.
+2. Blocks URLs that we detect are malicious, to protect you from entering sensitive information.
 
-3. *For users who register with us*, a unique API key associated with that user is sent together with the URL in order to accurately calculate rewards for that user.
+3. (For users who register with us) Sends a unique key together with the URL in order to accurately calculate rewards for you.
 
-Note: Users do not need to register in order to use and be protected by ThreatSlayer. But only registered users will be rewarded for browsing. 
+Note: You do not need to register in order to use and be protected by ThreatSlayer. But only registered users will be rewarded for browsing. 
 
 ThreatSlayer is an open source project – you can see the source code on [GitHub](https://github.com/interlock-network/threatslayer), including the code for the scripts.
 
-## Data We Collect for Scanning URLs
+## Data We Store for Scanning URLs
 
-Interlock maintains a backend pipeline that classifies URLs as safe or unsafe. To do so, we collect and retain certain kinds of data. This data is not considered personally identifiable information (PII), and thus is not protected under the General Data Protection Regulation (GDPR) or similar legislation. This includes:
+Interlock maintains a backend classifier that classifies URLs as safe or malicious. To do so, we collect and retain certain kinds of data. This data is not considered personally identifiable information (PII), and thus is not protected under the General Data Protection Regulation (GDPR) or similar legislation. This includes:
 
-* Dynamically rendered heuristic assets (i.e. favicons made by JS, instead of static)
+* Contents of the page
 
 * Query string parameters will be stripped from the target URL in the link object
 
-## Data We Collect for Token Rewards
+## User Data We Store for Token Rewards
 
-Interlock's business is based on protecting users with ThreatSlayer while identifying malicious URLs. We therefore reward registered ThreatSlayer users for the URLs they browse, especially malicious ones. In order to reward users fairly, we collect the following data:
+Interlock's business is based on protecting users with ThreatSlayer while identifying malicious URLs. We therefore reward registered ThreatSlayer users for the URLs they browse, especially malicious ones. In order to reward users fairly, we store the following data:
 
-* The username, password, and web3 account ID users register with
+* The username, a password hash, and web3 account ID users register with
 
-* The username of the user who first navigates to a new URL (malicious or not)
+* The URLs registered users visit
 
 ## Analytics Data
 
-Interlock will collect and retain the following information for URL classification:
+Interlock will store the following information for URL classification:
 
 * Resolvable URLs
 
-* The data generated by Interlock about the link (classification as safe or unsafe, etc.)
+* The data generated by Interlock about the link (classification as safe or malicious, etc.)
 
-* Analytics data is stored indefinitely
+* Analytics data may be stored indefinitely
 
 ## Data Anonymization and Deletion Policy
 
-Analytics data will be disassociated from the user who generated it.
+If a user posts a safe URL, Interlock will retain the URL and the “safe” classification in case another user posts the same URL in the future.
 
-For example, if a user posts a safe URL, Interlock will retain the URL and the “safe” classification in case another user posts the same URL in the future, but will not retain any association between that safe URL and the user who posted it.
-
-This protects users who post links to safe websites like Planned Parenthood who get their records subpoenaed by a state or country where abortion is illegal.
+If a user wishes for anonymity, they can use Interlock ThreatSlayer without registering. In this case, there will be no data collected saving the connection between their browsing activity, and them.
 
 ## Data Processing
 
-Discord message event data is processed on DigitalOcean infrastructure located in the United States. It is stored in a Digital Ocean virtual machine that is only accessible to Interlock employees. Discord mods can access Bouncer settings for their own Discord servers via HTTPS.
+Discord message event data is processed on DigitalOcean infrastructure located in the United States. It is stored in a Digital Ocean virtual machine that is only accessible to Interlock employees.
 
 If you have any questions or concerns about ThreatSlayer, please email threatslayer@interlock.network

From 16c3c75460b737e5017e39603d15e803827159d6 Mon Sep 17 00:00:00 2001
From: Dan TS <dan@interlock.network>
Date: Tue, 16 May 2023 17:00:53 -0700
Subject: [PATCH 3/4] threatslayer-privacy-policy.md: adds sections on what we
 do with data and options

---
 docs/threatslayer-privacy-policy.md | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/docs/threatslayer-privacy-policy.md b/docs/threatslayer-privacy-policy.md
index 28abc2b..f0013d2 100644
--- a/docs/threatslayer-privacy-policy.md
+++ b/docs/threatslayer-privacy-policy.md
@@ -50,8 +50,30 @@ If a user posts a safe URL, Interlock will retain the URL and the “safe” cla
 
 If a user wishes for anonymity, they can use Interlock ThreatSlayer without registering. In this case, there will be no data collected saving the connection between their browsing activity, and them.
 
+## Who We May Share or Sell Your Data To
+
+One of the ways Interlock makes money is to sell threat data to major internet companies. To do so, we may sell URLs that you navigate to and we classify as malicious. We may also sell related browsing data, like the site you navigated to that had the link to that malicious URL. We may also sell threat data and related browsing data to thid party brokers who bundle together threat data for sale to inernet companies.
+
+## Your Data Choices, Rights, and Controls
+
+Access: You have the right to confirm whether we are processing your personal information and to access your personal information.
+
+Opt-out: You can prevent Interlock from collecting any data about you by not registering for ThreatSlayer. We will never associate any part of your identity with any data you generate. We may still sell any URLs you navigate to that we classify as malicious. 
+
+Deletion: You can delete your account at any time. This will delete your association with any URLs you navigate to. Again, we may still sell any URLs you navigate to that we classify as malicious. 
+
+Correction: You have the right to request correction of your inaccurate personal information.
+
+Non-discrimination: We will not discriminate against you based on whether you are registered, unregistered, or deleted. You will receive the same protection against malicious URLs.
+
+Appeal: If you have any unresolved privacy concerns that we have not addressed satisfactorily after contacting us, you may have the right to appeal our decision by responding directly in your request or by sending another email and indicating that you are appealing our response to your previous request.
+
 ## Data Processing
 
-Discord message event data is processed on DigitalOcean infrastructure located in the United States. It is stored in a Digital Ocean virtual machine that is only accessible to Interlock employees.
+All ThreatSlayer data is processed on DigitalOcean infrastructure located in the United States. It is stored in a Digital Ocean virtual machine that is only accessible to Interlock employees.
+
+## How to Contact Us and Exercise Your Rights
+
+If you would like to exercise your right to delete your account and associated data, you can do so by clicking here (TODO: add URL)
 
 If you have any questions or concerns about ThreatSlayer, please email threatslayer@interlock.network

From 21f40a1e5655d2b73ae9ffa6faefb28b89c0d8d3 Mon Sep 17 00:00:00 2001
From: Dan TS <100495150+DecentralizedDan@users.noreply.github.com>
Date: Fri, 26 May 2023 10:34:30 -0700
Subject: [PATCH 4/4] updates after group editing

---
 docs/threatslayer-privacy-policy.md | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/docs/threatslayer-privacy-policy.md b/docs/threatslayer-privacy-policy.md
index f0013d2..e5dbb76 100644
--- a/docs/threatslayer-privacy-policy.md
+++ b/docs/threatslayer-privacy-policy.md
@@ -4,19 +4,19 @@ This document will cover the ThreatSlayer data collected and used by Interlock,
 
 ## ThreatSlayer
 
-ThreatSlayer is a browser extension by Interlock. It protects users from malicious websites. Registered users will be eligible to receive Interlock's $ILOCK token for browsing. 
+ThreatSlayer is a browser extension by Interlock. It protects users from malicious websites. Registered users will be eligible to receive Interlock's $ILOCK token in exchange for browsing. 
 
 When ThreatSlayer is running in your browser, it:
 
-1. Sends the URL you are browsing to our backend to check if the URL is safe.
+1. Sends the URL you are browsing to our backend to check if the URL is safe
 
-2. Blocks URLs that we detect are malicious, to protect you from entering sensitive information.
+2. Blocks URLs that we detect are malicious, to protect you from entering sensitive information
 
-3. (For users who register with us) Sends a unique key together with the URL in order to accurately calculate rewards for you.
+3. (For users who register with us) Sends a unique key together with the URL in order to accurately calculate rewards for you
 
 Note: You do not need to register in order to use and be protected by ThreatSlayer. But only registered users will be rewarded for browsing. 
 
-ThreatSlayer is an open source project – you can see the source code on [GitHub](https://github.com/interlock-network/threatslayer), including the code for the scripts.
+ThreatSlayer is an open source project – you can see the source code on [GitHub](https://github.com/interlock-network/threatslayer).
 
 ## Data We Store for Scanning URLs
 
@@ -24,13 +24,13 @@ Interlock maintains a backend classifier that classifies URLs as safe or malicio
 
 * Contents of the page
 
-* Query string parameters will be stripped from the target URL in the link object
+Note: Query string parameters will be stripped from the scanned URL for privacy.
 
 ## User Data We Store for Token Rewards
 
 Interlock's business is based on protecting users with ThreatSlayer while identifying malicious URLs. We therefore reward registered ThreatSlayer users for the URLs they browse, especially malicious ones. In order to reward users fairly, we store the following data:
 
-* The username, a password hash, and web3 account ID users register with
+* The username, a password hash, the user's web3 signature, and the web3 account ID users are registered with, and
 
 * The URLs registered users visit
 
@@ -40,19 +40,19 @@ Interlock will store the following information for URL classification:
 
 * Resolvable URLs
 
-* The data generated by Interlock about the link (classification as safe or malicious, etc.)
+* The data generated by Interlock about the link: classification as safe or malicious, etc.
 
-* Analytics data may be stored indefinitely
+Note: Analytics data may be stored indefinitely.
 
 ## Data Anonymization and Deletion Policy
 
 If a user posts a safe URL, Interlock will retain the URL and the “safe” classification in case another user posts the same URL in the future.
 
-If a user wishes for anonymity, they can use Interlock ThreatSlayer without registering. In this case, there will be no data collected saving the connection between their browsing activity, and them.
+If a user wishes for anonymity, they can use ThreatSlayer without registering, and there will be no data stored by Interlock connecting the user to their browsing activity.
 
 ## Who We May Share or Sell Your Data To
 
-One of the ways Interlock makes money is to sell threat data to major internet companies. To do so, we may sell URLs that you navigate to and we classify as malicious. We may also sell related browsing data, like the site you navigated to that had the link to that malicious URL. We may also sell threat data and related browsing data to thid party brokers who bundle together threat data for sale to inernet companies.
+One of the ways Interlock makes money is to sell threat data to major Internet companies. To do so, we may sell URLs that you navigate to and that we classify as malicious. We may also sell related browsing data, like the site you navigated to that had the link to that malicious URL. We may also sell threat data and related browsing data to third party brokers who bundle together threat data for sale to Internet companies.
 
 ## Your Data Choices, Rights, and Controls
 
@@ -60,7 +60,7 @@ Access: You have the right to confirm whether we are processing your personal in
 
 Opt-out: You can prevent Interlock from collecting any data about you by not registering for ThreatSlayer. We will never associate any part of your identity with any data you generate. We may still sell any URLs you navigate to that we classify as malicious. 
 
-Deletion: You can delete your account at any time. This will delete your association with any URLs you navigate to. Again, we may still sell any URLs you navigate to that we classify as malicious. 
+Deletion: If you are a registered user, you can delete your account at any time. This will delete your association with any URLs you navigate to. Again, we may still sell any URLs you navigate to that we classify as malicious.
 
 Correction: You have the right to request correction of your inaccurate personal information.
 
@@ -70,10 +70,10 @@ Appeal: If you have any unresolved privacy concerns that we have not addressed s
 
 ## Data Processing
 
-All ThreatSlayer data is processed on DigitalOcean infrastructure located in the United States. It is stored in a Digital Ocean virtual machine that is only accessible to Interlock employees.
+All ThreatSlayer data is processed on DigitalOcean infrastructure located in the United States. It is stored in a Digital Ocean virtual machine that is only accessible to authorized Interlock employees.
 
 ## How to Contact Us and Exercise Your Rights
 
-If you would like to exercise your right to delete your account and associated data, you can do so by clicking here (TODO: add URL)
+If you are a registered user and would like to exercise your right to delete your account and associated data, you can do so by clicking here (TODO: add URL)
 
 If you have any questions or concerns about ThreatSlayer, please email threatslayer@interlock.network