pod.inrupt.com presently is  intended for research, prototype development, and experimentation. At the current time, we ask all users not to use Solid Pods to store any Personal Data, such as real names, email addresses or telephone numbers. Solid Pods should not host any data that is otherwise sensitive, confidential, or intended in any way for commercial use.

‍

Privacy Policy

Inrupt provides its users (“Clients”) with Solid Pods, which enable them to store data and choose who to share that data with and when to share it. A Solid Pod can be owned and controlled by a single individual or by an organization or legal entity. In order to function, a Pod must be associated with a corresponding WebID.

Inrupt’s mission of “personal empowerment through data” is enabled by Solid, the open technology created by our co-founder, Sir Tim Berners-Lee. We believe that Solid provides a better way to structure data, applications and identities on the web.

Solid Pods and our websites [pod.inrupt.com; inrupt.com] (“websites”) are the primary tools through which we provide our Services (“Services”) to Clients. Remember, your use of Inrupt’s Services is at all times subject to our Terms of Use.

This Privacy Policy sets out how Inrupt treats Personal Data, including the data collected or processed through our Developer Sandbox Solid Pods. In some cases, like when Solid Pods are made available to users through an Enterprise Solid Server at the direction of an organization or legal entity, we act in the capacity of a service provider and our processing of that data is governed by the agreement in place between us and the applicable enterprise customer. The enterprise customer’s privacy policy or other agreement between the enterprise customer and you or your organization, and not this Privacy Policy, applies to such processing. Where that is the case, please contact the relevant enterprise, and not Inrupt, in the first instance to address your rights with respect to such data

We need to collect and process Personal Data in order to offer our Services. We don’t use Personal Data for any purposes other than to provide the contracted services, and we don’t share Personal Data with third parties except for the limited purposes described in this Privacy Policy.

By using our Services, Clients understand that we will collect and use their Personal Data as described in this Privacy Policy. We recommend to our Clients that they read this Privacy Policy in full to ensure they are fully informed and we have done our best to make it straightforward and easy to understand.

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” or “sensitive personal information” under applicable data privacy laws, rules or regulations. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.

If you have any questions about this Privacy Policy or how we handle Personal Data, please contact us at support@inrupt.com.

‍

What Personal Data Does Inrupt Collect and Why?

‍
‍The Personal Data that Inrupt collects from Clients allows us to provide our Services. For example, it allows us to set up a Solid Pod when a Client registers, provide them support, enable payment for those Services, and otherwise stay in contact with our Clients about our Services.

Information Clients Provide to Inrupt
‍We receive and store the Personal Data you supply to us, such as name, email address, phone number, and company name, when you sign up to use a Solid Pod and when you communicate with us by email, chat, telephone, or social media.

Clients can sign up for our Services through our website, which requires you to create an account and collects WebID, name and email address and creates an authentication token that we may check periodically. We enable Clients to create a unique login and password to ensure that you can use our Services securely. We do not store passwords. Clients may also choose to login using a third party identity provider that supports OIDC and is registered as trusted.

We also collect email addresses when users email us for information or sign up for our newsletters or email updates. You can unsubscribe from newsletters or updates at any time by clicking “Unsubscribe” at the bottom of the email.

From time to time we may provide an opportunity for Clients to answer questionnaires or surveys to help improve our services by collecting user experience information or assessing Client interests and needs. Any such questionnaires or surveys will be voluntary and ask for consent. The purpose and intended use of the information being collected will be explained in the survey itself.

‍Information We Collect Automatically from Clients
‍We also collect certain information automatically:

• Audit Log Information. When you use our Services, we may automatically collect and store certain Personal Data in our audit logs. This may include which users (by username) are accessing the Services, how users are accessing these Services (including device-specific information and integration), the dates and times users access the Services, and from where users are accessing the Services (by IP address). Audit logs are not used as part of our normal operations but are used to support audit or security investigations. In order to troubleshoot or provide help to a user, and with that user’s consent, we may associate this information with the user’s personal information (by WebID). Access to audit log data is strictly restricted to personnel with audit rights.
• Device Information. We also collect information specific to a device used in order to provide support for our Services and optimize them for geographic location. This includes information such as the hardware model, operating system, screen resolution, as well as unique device identifiers. In order to troubleshoot or provide help to a user, and with that user’s consent, we may associate this information with the user’s personal information (by WebID).
• Cookies. Like many websites, Inrupt.com uses cookies and obtains certain types of information when your web browser accesses our site. We may collect information such as browser type, version, language, timezone, plug-in/extension type, and version. Cookies are used most commonly to do things like reporting page views, offering personalization to returning users, and utilizing login tokens for a session. Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.
• Aggregate usage data for our Solid Pods, to enable us to understand how our Solid Pods are being used and to develop and refine them to better serve our Clients.

‍

Storing and Processing Data on Behalf of Our Clients

‍Inrupt enables its Clients to store their own data in a Solid Pod. In doing so, Inrupt empowers its Clients to determine what data they will store, if that data should be shared and with whom, and for what purposes. As noted above, at the current time, we ask all users not to use Solid Pods to store any Personal Data such as real names, email addresses or telephone numbers. Solid Pods should not host any data that is otherwise sensitive, confidential, or intended in any way for commercial use.

Inrupt does not use this Client data for any purposes other than to provide the contracted Services and we do not share Personal Data with third parties except as described in this Privacy Policy.

Clients have the responsibility to understand what data they are storing in their Pod, whom that data is shared with, and what, if any, data they have made public.

At present, each Solid Pod has its data encrypted at rest with AES-256 using a managed Relational Database Service (RDS). Data in transit is encrypted with TLS v1.2. Data only is unencrypted in memory and while being processed.

‍

Our Legal Bases for Processing Personal Data

‍
For Personal Data under the control of Inrupt, we rely on several bases to lawfully obtain and process Personal Data. First, where Clients have given us valid consent to use their data in particular ways, we rely on that consent.

Second, certain information is necessary for us to perform the contract between you and us and to allow us to comply with certain legal obligations.

Third, we may also process Personal Data when we believe it furthers the legitimate interests of Inrupt or of others, so long as any such legitimate interests are not overridden by your rights or interests. Examples of legitimate interests include, as discussed in more detail throughout this Privacy Policy: providing, customizing, and improving the Services; marketing the Services; corresponding with you; meeting legal requirements and enforcing terms; completing corporate transactions; and others.

And finally, as described in more detail below, in certain cases we may process information where this is necessary to meet legal obligations, such as compliance with law enforcement subpoenas or warrants..

‍

How and When Do We Share Personal Data?

‍
As set out below, we only share Personal Data on a limited basis in order to enable us to offer our services. We do not otherwise make Personal Data available to third parties. We do not sell Personal Data or share it for advertising or marketing purposes.

Sharing Data With Applications, Groups and Individuals:  By default, all data contained within a Client’s Solid Pod is private and cannot be accessed by other individuals or parties. Clients are given the opportunity and choice to “opt in” and share their data with other applications, groups, or individuals. This decision is made by the Client and controlled by the Client. A Client can decide to share, or unshare, data from its Solid Pod at any time.

Service Providers: We employ other organizations and service providers to perform certain functions on our behalf. This includes cloud infrastructure services (IaaS), usability analysis, log analysis, issue ticketing and alerting. These third parties have only limited access to your information, may use your information only to perform these tasks on our behalf, and are obligated to Inrupt not to disclose or use your information for other purposes.

If you have any questions or would like further information about the service providers we use, please contact us at support@inrupt.com.

Legal Compliance, Protection of the Public and Our Business, and Legitimate Interests: We may be required to release personal and account information in response to lawful requests by public authorities, including to meet legitimate national security or law enforcement requirements; to protect, establish, or exercise our legal rights or defend against legal claims; to comply with a subpoena, court order, legal process, or other legal requirement; or when we believe in good faith that such disclosure is necessary to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of our Terms of Service.

However, this does not include selling, renting, sharing, or otherwise disclosing Personal Data for commercial purposes in violation of the commitments set forth here. Please note, further, that we do not sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.

If Inrupt undertakes or is involved in a reorganization, merger, acquisition, sale of assets, bankruptcy, or insolvency event, then we may transfer, share or sell some or all of our assets, including Personal Data, in connection with this transaction or in contemplation of this transaction. If we do so, we will provide notification of any changes to the control of your information, as well as any choices you may have.

‍

Children's Privacy

‍Our Services are not designed for, and are not marketed to, people under the age of 18 (“minors”). We do not knowingly collect or ask for information from minors, and we do not knowingly allow minors to use our Services. By using our Services or accessing our websites, Clients represent that they are at least the age of majority in their country, state and/or province of residence.

‍

Data Transfers

‍
‍If your Personal Data originates in the EEA, the United Kingdom, or Switzerland, and is shared with a third party service provider outside of these countries, we establish the necessary means to ensure an adequate level of data protection. This may be an adequacy decision of the European Commission confirming an adequate level of data protection in the respective non-EEA country or an agreement on the basis of the EU Model Clauses (a set of clauses issued by the European Commission). By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Inrupt in the U.S. and will be hosted on U.S. servers, and you authorize Inrupt to transfer, store and process your information to and in the U.S., and possibly other countries.

‍

‍

How Secure Is Your Personal Data?

‍We maintain administrative, technical and physical safeguards designed to protect the privacy and security of the Personal Data we maintain about you. When you provide us with Personal Data, the connection between your computer and our server is encrypted using Transport Layer Security (TLS) to protect that information. We use a Digital Certificate so secure pages can be identified with a padlock sign and “https://” in the address bar. We store our data in protected databases on secured servers with restricted access. We also use hardware and software firewalls, screen for viruses and malware, and utilize live 24/7 monitoring services to mitigate threats. However, no method of transmission or storage is 100% secure.

Client accounts are protected by a password of the Client’s choice. It is very important for Clients to protect against the theft or unauthorized access of this login and password.

‍

‍Data that is not Personal Data

We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular Client. We may use such aggregated, de-identified or anonymized data and disclose it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not disclose such data in a manner that could identify you.

‍

What Are Your Rights?

‍Inrupt enables our Clients and, in some cases, our Clients’ authorized agents, to exercise a number of fundamental rights in relation to their data.

For data stored in Solid Pods, Clients can exercise many of these rights directly through the control of their Pod. For example, Clients can:

‍

• Decide what data they store in their Pod and if or when they choose to share it
• Rectify inaccurate or incomplete information
• Access the data in their Pod
• Port their data, by copying it and writing it to another provider
• Delete their data, should they choose to do so.

For Personal Data in the possession of Inrupt -- such as your contact information -- you may have rights (subject to conditions and exception in accordance with applicable law) over such data. These include:

• Access: You may have the right to request confirmation of or access to the Personal Data that we process about you. Depending on your state of residence, you may also have the right to request a list of specific third parties, other than natural persons, to which we has disclosed your data.
• Deletion: You may have the right to request that we delete the Personal Data that we have collected about you.
• Correction: You may have the right to request that we correct any inaccurate Personal Data we have collected about you.
• Portability: You may have the right to request a copy of your Personal Data in a machine-readable format, to the extent technically feasible.
• Objection:  You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
• Restriction of Processing:  You can, in some cases, ask us to restrict further processing of your Personal Data.
• Right to File Complaint:  You have the right to lodge a complaint about Inrupt’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State or your local Attorney General.

In order to exercise your rights, you can contact us at support@inrupt.com. We will respond to requests within a reasonable timeframe and may need to take reasonable steps to confirm identity before proceeding. We will not discriminate against you for exercising these rights. If we refuse to take action on your request within a reasonable period of time after receiving your request you may, in certain circumstances, be entitled to appeal our decision. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the applicable laws.

If we are processing your Personal Data based on your consent then you may withdraw your consent at any time. Note that if you withdraw your consent to the use or sharing of your Personal Data for the purposes set out in this policy, we may not be able to provide you with our services. In certain cases we may continue to process your Personal Data after you have withdrawn consent and requested that we delete your Personal Data if we have a legal basis/need to do so.  

‍

Data Retention

‍For Personal Data under its control, Inrupt will retain such data only for as long as is necessary for the purposes set out in this policy or as needed to provide Clients with our Services.

Clients can delete the data in their Pod directly and delete their account, should they choose to do so. If a Client no longer wishes to use our services then it may close its account and delete its Pod at any time.

When a Client closes their account, we retain the data in that account for 60 days so that the Client may recommence using our services should they choose to do so. However, if a Client wishes to delete the data in its Solid Pod then the Client may do so anytime.

Notwithstanding the above, Inrupt may need to retain and use Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may also retain log files for the purpose of internal analysis, for site safety, security and fraud prevention, to improve site functionality, or where we are legally required to retain them for longer time periods.

‍

Changes to this Privacy Policy

‍Inrupt reserves the right to modify this Privacy Policy at any time in accordance with this provision. If we make changes to the Privacy Policy, we will post the revised Privacy Policy on our website and update the “Last Updated” date at the top. In some cases we may provide additional notice such as a statement on our website or by sending an email notification. We encourage Clients to review the Privacy Policy periodically to stay informed about our information practices and the rights we make available to our users. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

‍

Contact Us

If you have any questions, comments or suggestions about how we handle Personal Data you can contact Inrupt at support@inrupt.com.

‍

‍

‍

‍

‍

‍

‍

‍

‍

‍‍

‍

‍

‍

‍

‍

‍

‍

‍

‍

‍

=