Privacy Policy

Last updated: December 15, 2024

1. Purpose

This Privacy Policy outlines how OpenMeet Survey ("the Service") collects, uses, and protects your personal data. Our Service is designed with privacy in mind, leveraging ATProto (the protocol behind Bluesky) to give you control over your data.

2. Data Collection

OpenMeet Survey collects different data depending on how you use the Service:

For ATProto Users (Logged In)

  • Identity Data: Your ATProto DID (Decentralized Identifier) and handle
  • Profile Data: Display name and avatar (if public on your PDS)
  • Survey Data: Surveys you create are stored on your Personal Data Server (PDS)
  • Response Data: Your votes are stored on your PDS and indexed locally

For Guest Users (Not Logged In)

  • Session Data: A hashed identifier derived from your IP address and browser information, used solely to prevent duplicate voting
  • Response Data: Your votes are stored in our database only

For All Users

  • Usage Data: Basic analytics about page views and interactions (via PostHog)
  • Device Information: Browser type and version, used for session identification

3. Data Storage and Ownership

Our Service uniquely leverages ATProto's decentralized architecture:

  • ATProto Users: Your surveys and responses are stored on your own PDS. You maintain full ownership and can delete this data at any time through your PDS provider.
  • Guest Users: Your responses are stored in our PostgreSQL database. We retain this data to maintain accurate vote counts.
  • Local Index: We maintain an index of surveys and responses to enable search and aggregation. This index can be rebuilt from PDS data.

4. Anonymous Voting

Survey results are displayed anonymously. We show aggregate vote counts—never individual voter identities. Even though ATProto responses are technically stored on your PDS, the survey results only display totals, not who voted for what.

Note on text responses: If a survey includes free-text questions, those text responses may be displayed in results. Do not include personal information in text responses unless you intend for it to be visible.

5. Use of Data

OpenMeet Survey uses collected data for:

  • Providing the survey creation and voting functionality
  • Preventing duplicate votes (one vote per user per survey)
  • Displaying aggregate results
  • Improving the Service through anonymized analytics

6. Data Sharing

  • We do not sell or share your personal data with third parties
  • ATProto data is inherently public on the AT Protocol network (this is how the protocol works)
  • Aggregated, anonymous statistics may be displayed publicly (e.g., total surveys created)

7. Data Control

ATProto Users:

  • Access your data anytime via the "My Data" page
  • Delete surveys or responses from your PDS at any time
  • Export your data through your PDS provider

Guest Users:

  • Contact us to request deletion of your vote data
  • Note: We cannot identify individual guest votes without your session information

8. Data Security

OpenMeet Survey implements the following security measures:

  • Encryption: All data is transmitted over HTTPS
  • Authentication: ATProto OAuth with DPoP (Demonstration of Proof-of-Possession) for secure sessions
  • Hashing: Guest identifiers are hashed and cannot be reversed to identify individuals
  • Access Control: Database access is restricted to authorized services only

9. Cookies and Tracking

  • Session Cookies: Used to maintain login state for ATProto users
  • Guest Voting Cookies: Used to prevent duplicate votes
  • Analytics: We use PostHog for privacy-respecting analytics

10. Third-Party Services

  • ATProto PDS Providers: Your data is stored with your chosen PDS provider (e.g., bsky.social)
  • PostHog: Privacy-focused analytics platform

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

12. Updates to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via the Service.

13. Contact Information

For questions or concerns about this Privacy Policy, please contact us at support@openmeet.net.