Table of contents
- Dark Flows
- Your Rights
- Data Security
- Information We Collect
- How We Use Your Information
- How We Share Your Information
- Data Retention
- How We Protect Your Information
- How To Control Your Privacy
- International Data Transfers
- Information for EEA, United Kingdom, and Brazil Users
- Information for California Users
- Contact us
Guided by our principles, Kernel Services are designed to preserve spaces for free moral and cultural play, which we feel are necessary to independent critical thought and collective wisdom.
It’s important that you read this entire policy, but here’s a summary to get you started:
We care about privacy. We are committed to creating spaces where people can find authentic relationships and intimate conversation. Respecting your privacy is a key part of that mission.
We don’t sell your data. We are supported by ecosystem grants for public goods.
We limit what information is required. We require the information that enables us to create your account, provide our services, meet our commitments to fellows, and satisfy our legal requirements. The rest is optional.
We care about safety. Kernel stewards work hard to keep our community safe. We have access to certain information which allows us to assist with the recovery of your data (but not your funds!) if you lose your private keys. We will never use or edit this data for any purpose other than a recovery you specifically request.
We give you control. We give you the ability to control your privacy.
Kernel fellow Anastasia Uglova is a privacy researcher and makes the point that privacy:
is a prerequisite for developmental formation
preserves “spaces for free moral and cultural play” that are necessary for moral autonomy and independent critical thought
enables agency over how we see ourselves and in turn present ourselves to others
protects our ability to evaluate options and ask better questions.
In addition, the loss of privacy produces harmful inhibiting behaviors and self-censorship, reducing self-determination and critical thinking. Surveillance not only changes the thoughts people express but also the behaviors they adopt.
However, centrally-managed privacy frameworks - like the one currently described in this policy - are by nature contradictory because they make essential claims that are supposed to hold constant across all contexts, settings, and environments. Rather than such an approach, it is the very specific intention of Kernel Services to work actively toward community-managed data and privacy settings, which are arrived at together and serve the continued creation of safe and intimate spaces for critical thought and honest, nuanced dialogue, free of surveillance or self-censorship.
In particular, we intend to work together towards Anastasia’s clear vision:
“Protections should focus on responsiveness to experience and flexibility in context [...] Perhaps a more useful framework for governing privacy might offer individuals greater latitude to modulate how much privacy they wish and when. More privacy is not always desirable, nor is it always possible. The key is to be able to choose, or at least to bring the absence of choice into conscious awareness and out of hypnotic suggestion.”
In order to make this a reality, we work according to the three pillars Anastasia presents.
Confidentiality governs the encryption and protection of private data, objects, and resources from unauthorized viewing and access.
Interoperability is concerned with maintaining consistent, accurate, and trustworthy data which you can easily port to third-party services if you so choose.
Agency requires that fellows can exercise meaningful, pluralistic choice and consent with respect to the governance of their data. This is the most nuanced (but most valuable) pillar to work towards.
We offer one more section before detailing the specifics of data that we currently collect, how we use it, and which laws it is controlled and processed under.
Privacy requires not just law, but lore. It is, in this sense, a public good critical to free thought and must be protected as much by our cultural precedents and narratives as it is by our contracts and laws.
We invite you to consider “The Seven Darknesses of Lunarpunk” by Kernel fellow Stephen Reid to begin exploring the lore in which we ground our approach to privacy and the sorts of systems which can preserve it in the flexible, responsible, and communal way described by Anastasia above.Your Rights¶
As laid out in relevant privacy legislation, you have the right to:
Correct or update your personal data (where possible);
Ask us to remove your personal data from our systems;
Ask us for a copy of your Data processed, which may also be transferred to another data controller at your request;
Withdraw your consent to process your personal data, which only affects processing activities that are based on your consent and doesn’t affect the validity of such processing activities before you have withdrawn your consent;
Object to the processing of your personal data;
File a complaint with the Federal Data Protection and Information Commissioner (FDPIC), if you believe that your personal data has been processed unlawfully.
Kernel protects the personal data we process from unauthorized and unlawful access, change, disclosure, use, and destruction. For example, we take the following technical and organizational security:
- We encrypt our Services using SSL and other security measures.
- We review our information collection, storage, and processing practices, from time to time, to guard our systems against unauthorized access.
- We restrict access to personal data to specific roles within our community, subject to strict contractual confidentiality obligations.
We collect certain information when you use Kernel Services. This includes information you provide to us, information we collect automatically, information we receive from other sources, and information given to third-party services we use.
Information you provide to us¶
Account information. When you create a Kernel Services account, you can come up with a username and password, and provide a way of contacting you (such as an email address).
Content you create. This includes any content that you upload to any Service. For example, you may add information about the work or project you are currently engaged with. This may also include your profile information and other biographical data you provide in the application process.
Information from actions you take. We collect information about your use of and activities on the services. This includes the events you host, the groups you work with and any artifacts you create together during the course of your time in a Kernel block.
Other information you provide directly to us. You may have the option to submit additional information as you use Kernel. For example, you may participate in surveys where you can provide feedback on our Services or your educational experience.
Information we collect automatically¶
We also collect information automatically from you when you use Kernel Services. In particular, we may receive information from cookies (small text files placed on your computer or device) and similar technologies. First-party cookies are placed by us and allow you to use the services and to help us analyze and improve your experience and the services. You can control cookies as described in the “How to control your privacy” section below. The services use the following types of cookies:
Strictly Necessary Cookies: These are required for services to function. If you try to use tools to disable these cookies, parts of the services may not work properly.
Functional Cookies: These help us provide enhanced functionality on the services like remembering language preferences. Disabling these could affect some service functionality.
Local Storage: We do not collect anything from this, but note it here as we use local storage to store information about your public key in order to make logging in to Kernel Services easier. This is not exposed to any other site: it is here for completeness.
Information we receive from other sources¶
We may receive information about you from other sources, including from other users and third parties, and combine that information with the other information we have about you. For example, if you interact with our social media account on another platform, we may receive certain information about you like your username on that platform.How We Use Your Information¶
We use your information for the following purposes:
To fulfill our contract with you¶
To provide access. We use your information to provide you with access to all Kernel Services. For example, we use the information you provide to us to connect you with mentors and other experts within the web3 community who may be able to help you with technical, investment, strategic or other advice.
To meet our commitments to the Kernel community. We work hard to try to make Kernel a safe, careful, and diverse place. To do so, we use your information to take action against fellows and content that violate our Terms of Service, Code of Conduct, and other policies.
To personalize Kernel. We use your information to provide, personalize and improve Kernel Services. This information powers our Explorer (so that you see relevant fellows or projects first).
To contact you. We use your information to contact you and connect you with relevant people. We may also use your information to contact you about important product or policy changes, to send you information about Kernel and the community, or just to let you know about new products or features we think you’ll like. You may opt-out of receiving marketing communications. Where local law requires, we will obtain your consent before sending such communications.
To respond with care. We use your information to respond to your questions about our products and services, and to investigate bugs or other issues.
For our legitimate business interests¶
To protect our Services. We use information to keep our Services secure, to prevent misuse, and to enforce our Terms of Service and other policies against people who violate them.
To report on our performance. We use some information to help us review the service we provide, to perform financial reporting, and to respond to regulatory obligations.
To improve our services. We use your information to help us understand how fellows interact with our services, what features or products fellows may want, or to otherwise understand and improve our Services.
To comply with our legal obligations¶
We retain and use your information in connection with potential legal claims when necessary and for compliance, regulatory, and auditing purposes. For example, we retain information where we are required by law or if we are compelled to do so by a court order or regulatory body. Also, when you exercise any of your applicable legal rights to access, amend, or delete your personal information, we may request identification and verification documents from you for the purpose of confirming your identity.
When you tell us to. When you add your content to any Kernel Service, you are telling us to share that content with certain communities, people, or in the case of public spaces, with anyone who accesses it. We will always make it clear which kinds of people or groups can see data associated with any Kernel Service. We may also share your information as you otherwise instruct us or provide us your consent to do so.
With our vendors. We rely on some third party providers for services which make Kernel possible. This includes cloud providers like Google that host our data as well Typeform, Airtable, Notion, and Slack. Your use of these services as it relates to Kernel is governed by their respective Terms of Service and Privacy Policies. Please familiarize yourself with those contracts as far as possible. Kernel undertakes to limit our use of such third-party applications and will update you as our internal capabilities mature.
To comply with the law. We may share information in response to a request for information if we believe disclosure is required by law, including meeting national security or law enforcement requirements. Where allowed and feasible, we will attempt to provide you with prior notice before disclosing your information in response to such a request.
In an emergency. We may share information if we believe in good faith that it's necessary to prevent serious harm to a person.
To enforce our policies and rights. We may share information if needed to enforce our Terms of Service, Code of Conduct, or other policies, or to protect the rights and safety of ourselves and others.
We retain personal information for as long as it is needed for the purposes for which we collected it. In general, you have full control over the data associated with you which is stored on any Kernel server or associated with any Kernel Service and may choose to delete it, without notice, at any time you like.How We Protect Your Information¶
We take a number of steps to help protect your information. All information sent within our services is encrypted both in transit and at rest. For example, we use Transport Layer Security (“TLS”) to encrypt text and images in transit. We also enforce technical and administrative access controls to limit which of our employees and contractors have access to nonpublic personal information.How To Control Your Privacy¶
We believe that users should be able to tailor their Kernel experience to their preferences, including privacy. And while local laws may require different things, we believe that fellows should have the same basic ability to shape their experience no matter where they are in the world. Here’s how you can control how we process your information and how to request access to your information:
Be aware of privacy settings in each space to which you contribute¶
You can always choose what groups to participate in and what information you add to our Services. You can choose what information to add, who to engage with (e.g., one or more particular fellows or a larger group), what information to include in your profile, and more. For example, if you share content in public spaces, it may be accessed by anyone. Public content may also be subject to fewer restrictions under your local laws.
Customize your personal settings¶
We offer a setting that allows you to tailor your experience within Kernel by either sharing or not sharing your profile data. This choice affects what data you can see through the Kernel Explorer. This particular feature speaks to the flexibility and responsiveness of Kernel Services described in the “Framing” section, and we expect there to be ongoing community discussion about how choices about what we selectively reveal about ourselves should imply what we can see of the communities in which we participate.
We also expect that your ability to share, or not share, more granular and specific details about yourself will evolve over time as our Services mature.
You can also delete your account at any time by emailing us at hello[at]kernel.community. Please note that, while deleting your account will remove permanently any data associated with you on all Kernel servers, we cannot remove data that has been added to public blockchains and associated with your public key.
Request Your Data¶
If you want to see what information we have collected about you, you can request a copy of your data by emailing us at hello[at]kernel.community. Data is delivered in JSON, and any other file format you used when uploading attachments to the services.
To control how information is collected and used from cookies on our Services, you can take one or more of the following steps. We also recommend reading this thread to understand more about various options you have to block cookies and other trackers in your browser more generally.
Depending on where you are accessing our services, you may be able to adjust your cookie preferences at any time through a cookies banner or by selecting “Cookie Settings” from the footer or menu on our website.
If you disable or remove cookies, some parts of the services may not function properly. Information may be collected to remember your opt-out preferences.
We are based in the Cayman Islands, and we process and store information on servers located in the United States. We may also store information on servers and equipment in other countries depending on a variety of factors, including the locations of our users and service providers. These data transfers allow us to provide our services to you. By accessing or using our services or otherwise providing information to us, you understand that your information will be processed, transferred, and stored in the U.S. and other countries, where different data protection standards may apply and/or you may not have the same rights as you do under local law.
The transmission of data will always happen in conformity with privacy legislation.Information for EEA, United Kingdom, and Brazil Users¶
Certain local laws, such as the European Union’s General Data Protection Regulation (GDPR) and Brazil’s Lei Geral de Proteção de Dados (LGPD), require services to provide information about the information they collect, how they use it, and the lawful basis for processing it. We’ve described most of that already in the earlier portions of this Policy.
Exercising your rights: You can exercise your GDPR rights as described in the “How to control your privacy” section above. If you encounter a problem, please email us at hello[at]kernel.community.Information for California Users¶
Consumers residing in California are afforded certain additional rights with respect to their personal information under the California Consumer Privacy Act or (“CCPA”) and the “Shine the Light” Law. If you are a California resident, this section applies to you.
Our collection and use of personal information: We collect the following categories of personal information: identifiers (such as your username, and the email address you used to sign up); internet or other network information (how you interact with the application); location information (if you choose to provide us with the name of the city you’re in); and other information that identifies or can be reasonably associated with you. For more information about what we collect and the sources of such collection, please see the “Information We Collect” section above. We collect personal information for the business and commercial purposes described in “How We Use Your Information” above.
Disclosure of personal information: We may share your personal information with third parties as described in the “How We Share Your Information” section above. We disclose the categories of personal information mentioned above for business or commercial purposes.
No sale of personal information: The CCPA sets forth certain obligations for businesses that sell personal information. We do not sell the personal information of our users. We do share information as outlined in the “How we share your information” section above and you can make choices with respect to your information as outlined in this policy.
This document is CC-BY-SA.