Ensembling Help – Data protection

Data protection

Data storage and processing

Just to state the obvious: we store and process the information you give to us in order to provide the service.

We don't share this data except with other participants in the project it belongs to, or distribute it to third-parties except when you ask us to. Your data belongs to you.

The information we store and process comprises only what's needed to provide the service, namely:

your name, email address, encrypted password and the various site preferences you tell us about
any documents you upload to Ensembling
any comments you make about documents you and others have uploaded to Ensembling
log files which note your activity (which pages you visit, forms you request and complete). These are used only to locate a problem when one arises, and to improve the service. See below.

Passwords are stored encrypted, as "hashes". That means even we can't see what they are. All we can do is compare the hash of what password you give when you login with the stored hash.

Previously, when someone invited someone else to a project, we used to store their details temporarily. We no longer do that: all the information necessary is now contained in the email that gets sent, so we don't retain it. Your information is only stored when you accept and invitation. We have to briefly process the details in order to send the email, but in all other respects an invitation is now between the sender and receiver.

Cookies

Cookies are small files stored on your computer by web sites which allow information about you to be carried over from one page to the next. See Wikipedia.

In general, some cookies are essential, for example to know who is logged in and present the correct information to you. Others are used to track where you have been for statistical and marketing purposes. Third-party cookies pose particular privacy concerns. Ensembling does not use these.

Under the European Union Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 web sites are required to ask for your consent when making cookies on your computer.

Ensembling uses cookies and local storage only to actually allow the system to operate, and to gather statistics about use of the site.

Ensembling uses cookies and local storage in the following circumstances:

Session: we remember who you are while you are logged in so that your personal content and settings are used as you move between pages. You cannot use Ensembling without this. Your personal information is stored on the server; only a simple reference to it is stored locally (called PHPSESSID)
Remember login: if you choose to remember that you are logged in on your computer, this is managed by a cookie (called ensembling[permalogin]). You choose to do this explicitly either
- when you log in
- when changing your settings using
  
  my details
  on the
  
  settings
  menu, or
- when you validate your email address
Auto-save. In browsers that support it, when adding or superseding a plain text or formatted text file, we auto-save the text every few seconds in case of accidental loss. This uses local storage on your computer, to which the regulations also apply.
Statistics. See below.

Logging

We used to use Google Analytics, but we've stopped doing this now. So third-parties' cookies are not present at all now. However, it is possible you still have some Google Analytics cookies from previous vists which aren't accessed any longer.

The session cookie links to logs on the server. We keep a record of all page views, searches and queries for both debugging and statistical purposes.

Also, when you provide feedback to the system administrator, the context in which you offered the feedback (current page and most recent page requests, originating computer etc) is included so we can understand the context in which the request is made.

Projects

When you participate in a project as well as sharing information with Ensembling you are sharing information with other participants in the project. That is the whole purpose of Ensembling. They can see the documents you upload and the comments you make. These are attributed to you, hence they can see your name. Your email address, however, is disclosed only to project managers unless you allow it to be seen by others.

Because other participants have access to the data you do share, we have no control over what they might do with it. Conversely you must not share with others any personal information about other people which you do not have permission to share.