Ethical Software Manifesto
Disclaimer
- The company declares its official position on the topics mentioned below and will strive to achieve the stated goals. However, we must acknowledge that not every goal can be fully achieved due to objective circumstances.
- The company commits to complying with current legislation and to working towards improving laws within the framework of existing international and local regulations.
- Users should be explicitly informed about any technical or legal limitations that prevent compliance with the requirements of this document.
Agreements
-
Uniform Font Size for Transparency
- The company commits to ensuring transparency in all legal documents. This includes the use of a uniform, readable font size across the main body of the agreement, as well as in footnotes, references, and all additional sections such as annexes. This practice is intended to ensure that no important details are obscured or hidden from the parties involved, fostering clear understanding of the agreement.
-
Clarity in Terms and Conditions
- All terms and conditions of the agreement must be clearly stated. This ensures that all parties have a thorough understanding of their rights and obligations under the contract without ambiguity. The goal is to create straightforward, easily understandable agreements that do not require legal expertise to interpret.
-
Avoidance of Legal Jargon
- The company aims to eliminate legal slang or overly technical language that might be difficult for a layperson to understand. By using plain language, the company ensures that all parties fully understand the agreement without misconceptions or the need for legal interpretation.
-
Proactive Communication of Changes
- Users will be explicitly and proactively informed of any changes in costs and terms of services. Notification will be provided through email or another trackable method, ensuring that users are well-informed in advance about any adjustments that may affect their decision to continue using the services. This approach is designed to maintain trust and transparency between the company and its users.
Personal Data
-
Access to Collected Data
- Users should be able to receive information about the personal data collected on them, even if the data was not collected intentionally, such as visit history linked to their personal accounts.
-
Right to Data Deletion
- Users should have the ability to request the deletion of their personal data at any time.
-
Transparency in Data Processing
- Users should be explicitly informed about the terms and conditions of personal data processing and any changes to these terms. Detailed information provided should include:
- List of services using the data, with the same detailed information provided for each service.
- Data location.
- Data encryption practices.
- Data backup policy, detailing how often data is backed up, the location of backups, the storage period of backups, and encryption of backup data.
- Access to data, specifying which categories of employees and third-party organizations have access, including an explicit list of these organizations.
- Users should be explicitly informed about the terms and conditions of personal data processing and any changes to these terms. Detailed information provided should include:
Data Privacy
-
Encryption and User Control Over Data
- All sensitive user data must be encrypted. Furthermore, users should have the ability to wipe their data at their discretion.
-
Granular Data Processing Agreement
- The data processing agreement should not be overly broad and must be granular down to the types of organizations that can access the data. For instance, if a new law is introduced that allows certain government organizations to access user data, users must be notified beforehand. They should have the option to opt-out of sharing specific types of personal data or discontinue using the services entirely. If no service can be provided without this type of personal data, the user should receive a partial refund.
-
Proactive and Detailed Notifications
- Users must be promptly notified of:
- Any known actual or potential compromise or loss of their data.
- Official requests to access their personal data.
- Any changes in the methods of processing and storing personal data.
- Any changes in access rights to their personal data.
- Any changes in the list of organizations that may access their personal data.
- Users must be promptly notified of:
-
Data Collection Limitations
- Organizations should only collect data that is required to provide services and must act in accordance with local and international laws.
Liberty and Privacy
-
Conditional Registration and Login
- Users should not be forced to register or log in unless it is necessary to access protected resources or to provide services as stipulated in the agreement.
-
User Anonymity and Depersonalization
- Users can maintain privacy as long as it is feasible and use a depersonalized identifier when possible within the product usage scenario.
- Exception Example: When paying for a service with a credit card, identification may be necessary.
- Users can maintain privacy as long as it is feasible and use a depersonalized identifier when possible within the product usage scenario.
-
Inalienable Right to Private Life
- Every individual has an inalienable right to a private life, including an online private life, hence social roles should be protected. Employers should not access information about an employee's private life unless it is explicitly shared by the individual.
-
Restricted Location Tracking
- Software vendors should not track or collect personalized or depersonalized information about a user's location unless it is obvious from the usage scenario and has been confirmed by the user.