Acknowledging the importance of the confidentiality issue and the responsibility to protect customers’ privacy, the RTA team try our best to secure your information. We want to help you understand what information we collect, the reasons behind it, and how you can manage your information.
1. Collect information and rationale
The information we collect is for the purpose of providing services for our customers, maintain and improve our services, develop new services and provide personalized services via RTA platforms.
1.1 Information we collect as you use RTA services
Your apps, browsers & devices
When you perform an activity with RTA service which contacts our servers, such as downloading a form or checking for automatic updates, we will collect information about the apps, browsers, and devices you use to to access the services. The information includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information such as carrier name and phone number, and application version number. This will help us provide features like automatic updates, dimming your screen if your battery runs low and notify when you are not charging your device. We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request.
We collect information about your activity in our services in order to provide certain functions such as those you want to use when you want to wake up the App. These information may include: views and interactions with content, voice and audio information when you use microphone and camera, people with whom you communicate or share content with, activity on third-party sites and apps that use our services.
If you use our services to make and receive calls or send and receive messages, we may collect telephony log information such as your phone number, calling-party number, receiving-party number, forwarding numbers, time and date of calls and messages, duration of calls, routing information, and types of calls.
Your location information
We collect information about your location when you use our services, which helps us offer features such as driving directions or taking the polygon of your farm. Your location can be determined with varying degrees of accuracy by: GPS, IP address, sensor data from your device, information about things near your device, such as Wi-Fi access points, cell towers, and Bluetooth-enabled devices.
We also use various technologies to collect and store information, including cookies, pixel tags, local storage, such as browser web storage or application data caches, databases, and server logs. Please note that our systems mostly ask for user permission before collecting data. Currently, we are working on providing users the records of their data sharing history as soon as possible.
1.2 Private Data
Federal regulations (Protection of Human Subjects 2009) define “private information” as the “information about behavior that occurs in a context in which an individual can reasonably assume that no observation or recording is taking place, and information which has been provided for specific purposes by an individual and which he or she can reasonably expect will not be made public.” We understand that there are certain private data of the user such as the contents share in private chat or private notes. We guarantee that there is no access to your private data unless you actively provide those to other users, including RTA system, your Business User, your fellow Member User and Individual User. According to RTA Terms of Service, the Business User or RTA admins can only get access to your private information upon request from you or Third Parties upon Enforcement Requests and Applicable Laws specified in session 2.4.
1.3 Information we collect when serving as intermediaries
As we provide a variety of services, sometimes we serve more than one client on the same project. In that case, we will serve as intermediaries and will need certain information from both clients. Therefore, we suggest that customers read the terms of usage and privacy for each product thoroughly before using it.
1.4 Our usage of ‘cookies’
You have the option of turning off all cookies or setting your browser to have your computer warn you each time a cookie is being sent.. We suggest that you look at your browser’s Help menu to learn the correct way to modify your cookies setting because each browser is different from each other.
If you disable cookies, some minor features might be disabled.
2. What Information is Shared With Third Parties and Why?
To support communications and operations between users on different platforms or products, your username, display name, messages and files are sometimes shared with other services that are connected with RTA
Federation / Distributed content
RTA system shares user data with the wider ecosystem such as Matrix.org and Mastodon.social over federation.
Whenever you produce contents including all messages and files in a federated room on our platform, a copy of the data is sent to all participants in the room. If these participants are on remote servers, your username, display name, messages and files may be replicated across each participating server.
We will forget and erase your copy of data upon your request. We will also forward your request to be forgotten onto federated servers. However, we cannot guarantee the request will be fulfilled by federated parties.
Federated servers can be located anywhere in the world, and are subject to local laws and regulations.
If the way in which data is shared is not acceptable to you, please use a different server or service.
Some RTA functions and platforms are bridged to third-party services, such as IRC networks, maps or email. When a function has been bridged, your username, display name, location, messages and file transfers may be duplicated on the bridged service where supported.
It may not be technically possible to support your management of your data once it has been copied onto a bridged service.
Bridged services can be located anywhere in the world, and are subject to local laws and regulations.
RTA are working on a notification system providing information whenever user start to transfer to bridged service. However, due to the two above reasons, we cannot guarantee your data privacy relating to bridged functions and services. If this is not acceptable to you, please do not use bridged services.
Integration Services (Bots)
The RTA platforms provide a range of integrations in the form Bots (automated participants in chat rooms) for specific purposes such as detecting errors. Bots currently have access to all the messages and files in any room in which they participate, although we are adding a more sophisticated access control system.
3. Sharing Data with Third Parties upon Enforcement Requests and Applicable Laws
As much as we try to protect your data, we might have to share information about you with a third party if that is crucial to
(a) meet a lawful government request, regulation or any applicable law
(b) protect the security or integrity of our products and services (e.g. for a security audit),
(c) protect RTA and our users from harm or illegal activities, or
(d) prevent serious harms to any person in case of emergency
4. How Do We Handle Passwords?
We never store passwords in plain text. Instead, they are stored hashed (data rested) and encrypted using SSL once sent to the server (data in transmission). If you forget your password (and you have registered an email address) you can use the password reset facility to reset it. We will never change a password for you. If you are a Member User, your Business User can reset the password for you.As a user, you are responsible for keeping your own username, password and other sensitive information confidential.
Any action using your credentials will have to face service termination, civil and criminal penalties. If you detect any unauthorized use of your account, you must notify us at firstname.lastname@example.org. We also encourage users to change their passwords under these circumstances.
5. How Can I Access or Correct My Information?
In the case of rtWork and rtSurvey, since RTA works with Business Users as our direct clients, Business Users have access and controls over the information of their users including admins and Member users. However, Member Users do have the rights to choose which information they want to share and decide whether to comply with the request to send their information to the server. Since Business owners can apply their own policies on which information they allow their member-users to see and edit, RTA cannot interfere with their decisions on such matter. For Individual Users, you can always review and update information by visiting the services you use after signed in.
6. Who Can See My Messages and Files In The Messaging System?
In unencrypted and encrypted chat rooms, each member user connecting to RTA platform will be able to see messages and files according to the access permissions configuration of each room.
In encrypted rooms, the data is stored in our databases but the encryption keys are stored only on your devices or by yourself. Therefore, nobody can see your messages and files content in our database, and if you lose access to your encryption keys you lose access to your messages forever.
We use HTTPS to transfer all data. End-to-end encrypted messaging data is stored encrypted using AES-256, using message keys generated using the Olm and Megolm cryptographic ratchets.
7. Who Else Has Access to Your Data?
Only authorized database administrators have access to users’ data. We use secure private keys when accessing servers via SSH, and protect our system passwords locally with a password management tool. We also log application data such as username, user IP and user agent. Please note that without consent from user, the system cannot collect certain data, as specified in session 2.2.3 of the Terms of Service.
8. How Is Your Data Protected from Another User’s Data?
All of our users’ data for the Service are currently located in servers hosted in serviced data centers. We use software best practices to guarantee that only people who you designate as viewers of your data can access it. We are doing our best to protect user’s data to the highest level; however, like every other service that hosts their user data on the Internet, we cannot guarantee that it is immune to a sophisticated attack.
9. What Should I Do If I Find a Security Vulnerability in the Service?
If you have encountered a security concern, please email us at email@example.com. We will look into the issue to understand it thoroughly and address your concern accordingly. We strive to prioritize matters raised by users and work to resolve them as soon as possible.
Please be mindful with our users’ data when you disclose information. We always endorse white hat security researchers.