Rockstor Privacy Policy


We are committed to protecting the privacy of our customers, community members, and visitors of our websites. To this end we strive to collect the absolute minimum information required to accomplish each service’s function. This privacy policy is a simple explanation of what information we collect through our websites, why we collect that information, and what we do with it.

User submitted information


Rockstor uses the information provided by users to support its products and services by directly communicating with users. We do not share user information with any third party service provider other than Shopify, who host our subscription store front.

Our Shopify hosted Store Front

Our “shop” subdomain. On subscribing to our Stable channel updates, our shop service provider, Shopify , stores and manages, on their servers, all personal identifiable information provided there according to their policies: see Shopify’s GDPR whitepaper , privacy policy , and Cookie Policy . Our specific shop configuration has no Google Analytics enabled and all EU and California user tracking disabled via:

  • “Limit data collection for EU buyers is Activated.”
  • “Limit data collection for California buyers is Activated.”

See Shopifies help page entitled Cookies and customer tracking for related information and for an explanation of our above shop settings.

Regardless we also have the recommended California Consumer Privacy Act (CCPA) opt-out page . Assumed redundant given our configuration.

We then only use/store, on our own servers (located in the EU), the following non-personal information: order id & name (eg 1234567890 & #2034), date of purchase, subscription length, discount code if used, appliance id, arbitrary computer name (if later entered in Appman), and renewal reminder sent status. However, to fulfill the function of sending the required activation code and later subscription renewal reminder, associated with our subscription service, we also store and use the email associated with each Shopify managed order as login id at our Appliance ID manager site. Our Appliance ID manager home page has additional information on expected email frequency and purpose.

Requests for erasure of information entered in our store front, as per GDPR’s “Right to Erasure” are as per our forum instructions below in the paragraph beginning “Requests for erasure”.

Appliance ID Manager (Appman)

Our Appliance ID manager service, subdomain “appman”, sets a non-personal persistent cookie (csrftoken) on every form/input page. This is solely to enhance security. Two additional non-personal session-only cookies (messages, sessionid) are set upon login for their namesake purpose. All 3 are: non-tracking, first-party (set by this site), and required for this site’s intended functions: and thus considered ‘strictly necessary’: ICO link . As such, via ICO guidelines , we are assuming PECR and GDPR (see below) compliance. Please note that these 3 cookies will be stored in your browser’s cache.

Default web server logs are enabled. As such the potentially personally identifiable information of visiting client IP addresses, when combined with other information, as per the GDPR, is recorded in these logs. These logs are rotated periodically as per default OS settings and so this information is not kept indefinitely.

Requests for erasure of information entered in Appman, as per GDPR’s “Right to Erasure” are as per our forum instructions below in the paragraph beginning “Requests for erasure”.

The lawful basis assumed, under GDPR, for our use of your email is to fulfill our contractual obligation of a Stable Channel updates subscription maintenance service: the Appliance ID manager service. The sign-up email used there must therefore be that of your existing subscription purchased at our Shopify hosted subscription store front: see Shopify’s GDPR whitepaper & privacy policy .

The lawful basis assumed, under GDPR, for the collection of visitors IP addresses on our Appman subdomain site, via default web server logs, is that of legitimate interest of protecting our users access to this site’s content and resources, as well as protecting our hosting infrastructure from attacks.

Our Forum

Our “forum” subdomain uses the Discourse open source software and requires no cookies to operate if not logged in. Post login, there are only session cookies and non-personal persistent cookies that are non-tracking, first-party (set by the forum site itself) and required for the forum’s core functions. The current list of default cookies, maintained by a Discourse co-founder, is detailed in the following meta discourse forum thread . Our instance of Discourse, in common with all our other sites, does not have Google Analytics (GA) enabled and runs no additional personalized content or ads; and so has no additional associated cookies or information sharing. All cookies are thus considered ‘strictly necessary’ for our forums core functions. We also do not use forum emails for any non forum-related activity. Also note that our “log anonymizer details” option is unset so as not to keep a user’s details in the log after they are anonymized; as our part in our members’ GDPR “Right to Erasure”.

Requests for erasure should be directed, via forum private message (PM), to a moderator or above forum members. We are required, via the GDPR, to keep these PM erasure requests by way of documenting this erasure process. Background reference: Your Discourse forum and the GDPR .

Please note: Discourse (our forum software) stores the following information: pages visited, IP, incoming & outgoing links, reading times per post, and user profiles viewed. Additionally for account holders: likes given, requested flags, registration IP, email, username, and optionally a “full name”. All information associated with our forum is used exclusively for the forum’s core functions, as detailed above. As such, and given we link to this privacy policy during forum signup, and given the below legal basis for collecting the associated personally identifiable information (email & IP address) our forum sign-up is consent-free with this privacy policy serving as our means of informing prospective forum members of what we collect, why, and what we do with it.

The lawful basis assumed, under GDPR, for our use of forum members email is to fulfill the implied contract of a forum sign-up: that of a shared community ‘hub’ where discussion content can be optionally emailed to members.

The lawful basis assumed, under GDPR, for the collection of visitors IP addresses is that of legitimate interest of protecting our members content and our hosting infrastructure from spam and attacks.

Main Web Site

Our ‘Main site’, rockstor.com (no subdomain), hosts our documentation, rock-ons, and our main web page. No user-submitted information is requested or stored and no cookies are used. Default web server logs are enabled as per our Appliance ID Manager site detailed above.

The lawful basis assumed, under GDPR, for the collection of visitors IP addresses on our main site, via default web server logs, is that of legitimate interest of protecting our users access to this site’s content and resources and protecting our hosting infrastructure from attacks.

Analytics


In the past we used Google Analytics (GA) on: this site (rockstor.com), our documentation, our forum, and our shop. We no longer use Google Analytics on any of our sites. However, GA-related cookies are persistent in browser cache and will require intervention specific to your browser to permanently remove their association with this domain prior to their intended expiration date.