diff --git a/src/core/jinja2/core/privacy.jinja2 b/src/core/jinja2/core/privacy.jinja2 new file mode 100644 index 00000000..aff1205f --- /dev/null +++ b/src/core/jinja2/core/privacy.jinja2 @@ -0,0 +1,134 @@ +{% extends 'core/home.jinja2' %} +{% block content %} +
+
+

{{ _("Privacy Policy") }}

+

+ {{ _("Last updated") }}: 2026-04-25 +
+ {{ _("Effective date") }}: + {{ _("Pending legal review and team approval.") }} +

+ +

+ {{ _("This privacy policy describes how memeLab (\"we\", \"our\", \"us\") collects, uses, and shares information when you use the Jandig platform — the web application at jandig.app, the documentation site at jandig.app/docs, and the Meta Quest application that consumes the same backend (collectively, \"the Service\").") }} +

+ +
+ {{ _("Status") }}: + {{ _("this document is a draft prepared by the engineering team and is not yet legally reviewed or approved. Treat it as a starting point for the privacy review required for the Meta Quest VRC.Publishing and VRC.Quest.Privacy criteria. Final wording will need a legal pass and Meta Data Use Checkup approval before the MR Viewer launch.") }} +
+ +

{{ _("1. What we collect") }}

+ +

{{ _("Information you give us") }}

+ + +

{{ _("Information we collect automatically") }}

+ + +

+ {{ _("We do not collect") }}: + {{ _("precise geolocation (beyond what an IP can imply), payment information, advertising identifiers, microphone or camera input, voice recordings, contacts, biometric data, or information from people under 13.") }} +

+ +

{{ _("2. How we use information") }}

+ +

{{ _("We do not sell or rent personal data.") }}

+ +

{{ _("3. Where data is stored and processed") }}

+ +

{{ _("Data is processed and stored in the United States and Brazil depending on the service. By using Jandig you consent to that cross-border processing.") }}

+ +

{{ _("4. Sharing with third parties") }}

+

{{ _("We share information with the following processors, only to the extent necessary for them to perform their function:") }}

+ +

{{ _("We do not share personal data with advertisers.") }}

+ +

{{ _("5. Public content") }}

+

+ {{ _("When you create an exhibit and make it public (the default for exhibits), your username and the metadata you provided (titles, authorship, descriptions, content) become publicly visible at jandig.app/{your-exhibit-slug}/ and are discoverable by search engines unless excluded by robots.txt. Do not upload content you don't want to be public.") }} +

+ +

{{ _("6. Your rights") }}

+

{{ _("Depending on your jurisdiction (notably LGPD in Brazil and GDPR in the EU/EEA), you have the right to:") }}

+ +

{{ _("To exercise these rights, contact us at the address in section 9.") }}

+ +

{{ _("7. Children") }}

+

{{ _("Jandig is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.") }}

+ +

{{ _("8. Security") }}

+

{{ _("Passwords are stored using Django's PBKDF2 hashing (current default). HTTPS is enforced site-wide. Cookies are marked HttpOnly and Secure in production. We patch dependencies on a regular cadence.") }}

+

{{ _("No system is perfectly secure. Report a security issue privately at the address in section 9.") }}

+ +

{{ _("9. Contact") }}

+

+ memeLab — Jandig project +
+ GitHub: https://github.com/memeLab/Jandig +
+ {{ _("Email") }}: {{ _("to be filled in by the team prior to publication.") }} +

+ +

{{ _("10. Changes") }}

+

{{ _("We may update this policy from time to time. The \"last updated\" date at the top reflects the latest revision. Material changes will be communicated on the home page.") }}

+
+
+{% endblock %} diff --git a/src/core/urls.py b/src/core/urls.py index 6d8b9fc9..25d4d77a 100644 --- a/src/core/urls.py +++ b/src/core/urls.py @@ -11,6 +11,7 @@ manifest, marker_generator, me_hotsite, + privacy_policy, robots_txt, service_worker, ) @@ -47,6 +48,7 @@ path("community/", community, name="community"), path("content/delete/", delete, name="delete-content"), path("documentation/", documentation, name="documentation"), + path("privacy/", privacy_policy, name="privacy-policy"), path("exhibit_select/", exhibit_select, name="exhibit_select"), path("exhibit/", exhibit_detail, name="exhibit-detail"), path("exhibits/create-ar/", create_or_edit_ar_exhibit, name="create-ar-exhibit"), diff --git a/src/core/views/static_views.py b/src/core/views/static_views.py index 22dff02a..e9757c40 100644 --- a/src/core/views/static_views.py +++ b/src/core/views/static_views.py @@ -11,6 +11,10 @@ def documentation(request): return render(request, "core/documentation.jinja2", {}) +def privacy_policy(request): + return render(request, "core/privacy.jinja2", {}) + + def favicon(_): return redirect(static("images/icons/favicon.ico"))