Also; this doesn't cover what our users do on their blogs. While we try and prevent any tracking scripts from being added, we can't guarantee we get them all. When you visit a blog, it might collect information that we don't.
In the course of providing the Services, we collect and recieve various types of information. Some is necessary to use the Services, such as some basic analytics information on how you're using the site to provide recommendations. We describe more about the information and their uses below.
We rely on the following bases to lawfully collect and use your information:
First, we need to process your information in certain ways to provide the Services to you in accordance with our Terms of Service. This processing is necessary to perform the contract between you and us, and our TOS makes it clear that processing this information to provide personalised recommendations to you, and to provide detailed analytics regarding selected creator's content is a necessary part of providing the Services. All data provided to creators is fully anonymised.
Second, where you've given us consent to use your information in certain ways, we will rely on your continued consent. This consent can be revoked at any time.
Third, as described below, in certain cases we might process information where necessary to further legitimate interests, whether those of ourselves, our users (such as to decide on additional site features that benefit everyone) or partners, but only when those interests are not overridden by your own rights or interests.
Occasionally, Waterfall may rely on other legal bases to process your information, such as to protect your vital interests or those as others (such as where there is a risk of imminent harm), where necessary in the public interest, or to comply with legal obligations. Where appropriate, users will be informed of these uses.
Account Information: When you create an account on the Services (an "Account"), we ask information such as your email address, blog names, password, date of birth, etc ("Account Information") in order to provide the Services. We may use this data to allow or deny access to certain types of content, such as by using your age to prevent access to adult content, or your provided blacklist to help you avoid content you don't want to see.
You can keep yourself as anonymous as you want on Waterfall, but remember that if you post something, you should, by and large, assume it's here forever, same as with anything on the Internet. Blogs are visible publicly by default, but you can password protect them.
Email Communications: As part of the Services, you will occasionally receive email and other communications from us. Administrative communications are considered part of the services (for example, account recovery, password reset, and emergency security notifications), which cannot be opted out of. Other notifications, such as when a user follows a blog you own, can be opted of from the Settings pages. We will never email you to ask for your password.
Information about Your Accounts on Third Party Services: You can link your Account to certain Third Party Services, such as Discord. In order to do so, you can choose to provide us with your username or other user ID for a Third Party Service, and you may then be required to log into that Service. After you complete this login process, we will receive a token that allows us to access your account on that service so that we can, for example, post your content to that service when you ask us to. We do not receive or store your passwords for your Third Party Service accounts.
User Content: By default, all sharing through the Services is public. When you provide content to us, it is published so that anyone can view it. We do have options for restricted access, such as password protected blogs, blocking users, etc that allows private publishing. Unless you specifically select otherwise, you should assume content is public. Please also be aware that though you may have shared something privately with another User, they may choose to subsequently post it in a public manner. Content published publicly is accessible to everyone, including search engines (note: when you disable your blog from being searched on the site, we also ask search engines not to index it. Most respect this request, though there are some that don't) and this may affect the control you have regarding that content. In addition, information shared publicly may be copied and shared throughout the Internet, including through actions or features native to the Services, such as reblogging.
Don't let this put you off form sharing your creations or thoughts - just understand that it can be nearly impossible to get rid of something once it's out there.
Native Actions: The Services allow you to perform certain actions integral to the product, such as like, reblog, or comment on a post. These are all public actions, and a record is left on the notes of a post. We use information about native actions to improve the Services, such as by seeing which kinds of content are popular, which kinds of content have trouble spreading, etc. We also use this for personalisation - such as generating blog recommendations, etc.
Information Related to Use of the Services: We collect information about how people use the Services, including those with an Account. This type of information may be collected in our log files each time you interact with the Services. We use internal tools and third party applications and services (like Google Analytics) to collect and analyse this information. Some of this information may be associated with the IP Address used to access the Services, and some may be connected with your Account, and some may only be collected and used in an aggregated and anonymised form (as a statistical measure that wouldn't identify you or your Account).
Location Information: As well as your IP Address, which could be used to glean a rough location, we collect your timezone and local currency when you log in. We use this to determine the correct timezone for queued posts, and the currency to present to you when purchasing blog slots or a subscription on the Services.
Derived Information: As described above in "Native Actions" and "Information Related to Use of the Services," we may analyse your actions on the Services in order to derive or infer characteristics that may be descriptive of your Account (for example, what kinds of blogs you follow or what kinds of posts you view, like, or reblog). We use this information for the purposes described in "Information Related to Use of the Services" above.
Information Shared With and Received from out Affiliates: Waterfall is an operational division of The Overseer Project Ltd, meaning it is not currently a separate entity. As such, information may be shared internally to help us understand how the Services are being used. Should Waterfall spin off into its own company, it will share data between itself and the owning company. We do not share data with any business or group external to ourselves except as outlined below.
Information Shared with the Public through the Services: As noted above, by default, content on the Services is public. Because this kind of information is public and may be indexed by search engines, this information is inherently shared.
Remember, you can make a blog private or unsearchable in your Settings.
Information We Share with Your Consent or at Your Request: Without prejudice to your rights mentioned below, if you ask us to release information that we have about your Account, we will do so if reasonable and not unduly burdensome.
Information Shared with Other Third Parties: We may share or disclose public, aggregate or anonymised information with people and entities that we do business with, such as for the purposes of analytics.
Protecting our systems and the information within is an uphill battle, but a necessary one. We do our best to make sure everything stays secure, and that the trust you put in us is deserved.
Your Account Information is protected by a password for your privacy and security. We may enable additional security features in the future, or you may elect to use any of the features provided to further enhance your security, such as Two-Factor Authentication. Choosing a strong, secure password is your responsibility. Waterfall cannot see your password.
Waterfall will retain account information for as long as necessary for the purposes set out above. You can, at any time, close your account and Waterfall will, within a reasonable timeframe, delete all information that is no longer required to comply with legal requirements, provide the Services, resolve disputes, enforce other agreements, or as otherwise permitted by law.
We may also use your information for safety and security purposes, including the sharing of your information for such purposes and we do so, as it is necessary to pursue our and your legitimate interests of ensuring the security of our Services, including enhancing users' protection against harassment, intellectual property infringement, spam, crime and security risks of all types.
If you have a registered Account, you can access most information associated with your Account by logging in and checking your Account Settings. All users, regardless of whether logged in or having an account, can remove cookies from their web browser settings.
You can delete your account while logged in from your settings page. This action cannot be undone. Deletion will be effective immediately, though it will take some time for some data to be cycled out of backups, caches, etc. Data that will not be scrubbed includes any reblogs of your post, and data within them. Those will remain on the blogs of whoever reblogged them. If there's something you absolutely need gone, edit the post before deleting your account.
The Overseer Project is a British company, and so information is primarily collected and processed in the United Kingdom. However, we also maintain servers in Canada, which serves as a secondary location for processing and collection. Under GDPR, we are permitted only to transfer information to countries outside of the EU with an adequate level of privacy protection. The Adequacy Decisions made under the old Data Protection Directive remain in force, meaning that Waterfall may, if ever required, transfer data between the countries of Andorra, Argentina, Canada, Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, and Uruguay.
Waterfall will maintain an up to date list of server locations on this page. Currently, servers are located in France, Canada, and the United Kingdom.
Waterfall will not store data in the United States due to doubts over the adequacy of US Privacy Protections.
If you have questions regarding privacy on the Services, please contact us using the support email. You are also welcome to contact us in the Discord server if a faster response is warranted.