Privacy

Last updated: March 9, 2021

The privacy of your data — and it is your data, not ours! — is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights to your data. We promise we never sell your data: never have, never will.

Identity & access

When you sign up for a Ihsan account, we typically ask for identifying information such as your name, email address, photos (we do not normally look at or access those photos) and profile bio-data. That’s just so you can access the full features of Ihsan. We’ll never sell your personal info to third parties, and we won’t use your name in any marketing statements without your permission either.

Abuse assessments

Every time you login, your browser automatically shares certain information such as your I.P address, ASN, browser fingerprint and timezone. We use this information to prevent the community from abuse from known banned users and suspicious internet traffic. We keep this login data for as long as your account is active and in standing order.

Anti-bot assessments

We use reCAPTCHA services on our platform to mitigate brute force logins. We have a legitimate interest in protecting our apps and the broader Internet community from credential stuffing attacks and spam.

Cookies

We do use a persistent first-party cookie for authentication only. A cookie is a piece of text stored by your browser to help it remember your login information. You do not need to manage this cookie as it is an aboslute necessary one.

Voluntary correspondence

When you write to Ihsan or on any public social media platform like Discord with a question or to ask for help, we keep that correspondence, you are however free to delete such correspondance from your side if possible.

We also store any information you volunteer like surveys.

Information we do not collect

We don’t collect any accurate geolocation data or active browser tracking analytics.

You are given the option to add pictures for your bio-data, which should be a real picture of you. We do not extract any information from such pictures.

When we access or share your information

Our default practice is to not access your information. The only times we’ll ever access or share your info are:

To provide products or services you’ve requested. We do use some third-party services to run our applications and only to the extent necessary process some of your personal information via these third parties. The third prty providers we use are:

  • Firebase - Phone verifications and push notifications
  • reCaptcha - CAPTCHA provider
  • Honeybadger - Error reporting
  • Imagekit - Image storage
  • Backblaze - Image storage
  • Mailgun - Transactional email provider

To help you troubleshoot or squash a software bug, with your permission. If at any point we need to access your account to help you with a Support case, we will ask for your consent before proceeding.

To investigate, prevent, or take action regarding platform abuse. Accessing a customer’s account when investigating potential abuse is a measure of last resort. If found to be abusing the platfrom, a user will be banned permanently.

When required under applicable law. We won’t hand your data over to law enforcement unless a court order says we have to. We will flat-out reject such requests from any law enforcement when they seek data without a court order. And unless we're legally prevented from it, we’ll always inform you when such requests are made.

How we secure your data

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted.

Data stored is not encrypted while they live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest.

What happens when you delete your account

We immidiately delete all your data including previous connections, incoming/outgoing requests, photos, bio-data, notification preferences, email and chats. Backups are deleted after 6 months.

Inactive accounts

Inactive accounts are deleteled every 6 months.

Location of site and data

Data is stored in both EU and US on different cloud providers.

GDPR

Ihsan recognizes and does comply with GDPR and its rights, except as limited. We make it as easy as possible to exercise most rights directly from your account.

Changes & questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices. You can view a history of the changes to our policies on Github. Whenever we make a significant change to our policies, we will also announce them on the website.

Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch on Discord and we’ll be happy to answer them!

Ihsan policies are open source, licensed under CC BY 4.0. Adapted from the Basecamp open-source policies / CC BY 4.0.

Connections Search