{% extends 'main/layout.html' %}
{% block title %}Platform Methodology{% endblock %}
{% block content %}
<main>
<h1>Platform Methodology</h1>
<p>
Details on the what and how the BōcPress platform is designed to work.
</p>
<h2>Contents</h2>
<h3>Values</h3>
<ul>
<li><a href="#purpose">Purpose</a></li>
<li><a href="#ethics">Ethics</a></li>
<li><a href="#code-of-publication">Code of Publication</a></li>
<li><a href="#comments-moderation">Comments Moderation</a></li>
<li><a href="#business-transparency">Business Transparency</a></li>
</ul>
<h3>Business</h3>
<ul>
<li><a href="#account-terms">Account Terms</a></li>
<li><a href="#account-data">Account Data</a></li>
<li><a href="#payments">Payments</a></li>
<li><a href="#refunds">Refunds</a></li>
<li><a href="#liability">Liability</a></li>
<li><a href="#third-parties">Third-parties</a></li>
</ul>
<h3>Maintenance</h3>
<ul>
<li><a href="#service-availability">Service Availability</a></li>
<li><a href="#contact-and-support">Contact and Support</a></li>
</ul>
<h3>Infrastructure</h3>
<ul>
<li><a href="#open-source">Open Source</a></li>
<li><a href="#infrastructure-policies">Infrastructure Policies</a></li>
<li><a href="#encryption">Encryption</a></li>
<li><a href="#cookies">Cookies</a></li>
<li><a href="#server-providers">Server Providers</a></li>
<li><a href="#acknowledgements">Acknowledgements</a></li>
</ul>
<h3>Meta</h3>
<ul>
<li><a href="#changes">Changes</a></li>
</ul>
<h2 id="purpose">Purpose</h2>
<p>
BōcPress exists to enable people to have their own voice on the web
without needing to rely on the platforms and infrastructure of the
most powerful.
</p>
<p>
We want to do that by empowering personal independent blogs.
</p>
<h2 id="ethics">Ethics</h2>
<p>We are committed to:</p>
<ul>
<li>No tracking of user or visitor behaviour.</li>
<li>Never sell any user or visitor data.</li>
<li>No ads — ever.</li>
</ul>
<h2 id="code-of-publication">Code of Publication</h2>
<p>
BōcPress is designed to be a place for people to voice their thoughts.
</p>
<p>
However, we do not want to provide a platform for thoughts that
are spiteful or malevolent to an individual or a group on account of
their race, colour, nationality, sex, disability, religion, or sexual
orientation.
</p>
<p>
Additionally, we do not want to contribute to the current state of the
web, which is ridden with ads, SEO tricks, and bot content. This
includes blogs with extremely low quality content that is designed to
serve as marketing for a specific shop or professional. Eg: a blog
named "Dentist in London" which contains a post titled "How to find the
best dentist", which itself contains a few paragraphs of random advice
and a link to one specific dentist in London.
</p>
<p>
Any blogs found that match the above descriptions will be immediately
deleted, with an final markdown export emailed to the blog author (in
case they have an email on their account), and a notice of why their
blog was deleted.
</p>
<h2 id="comments-moderation">Comments Moderation</h2>
<p>
Comments in BōcPress are filtered and reviewed by blog authors.
</p>
<h2 id="business-transparency">Business Transparency</h2>
<p>
We aim to be as transparent as possible. We maintain a
<a href="{% url 'transparency' %}">Business Transparency</a>
page with data on our revenue and costs.
</p>
<h2 id="account-terms">Account Terms</h2>
<ul>
<li>
The user is responsible for all content posted and all actions
performed with their account.
</li>
<li>
The user is responsible for maintaining the security of their
account and password.
</li>
<li>
We reserve the right to disable or delete a user's account for any
reason at any time. We have this clause because, statistically
speaking, there will be people trying to do something nefarious.
</li>
<li>
We do not require an email address to register an account. However,
it is the only way for us to contact a user in cases of any
service update or account access restoration. For this reason,
having an email registered is very useful.
</li>
</ul>
<h2 id="account-data">Account Data</h2>
<p>
In order to have a functional BōcPress account a username and a
password are required. An email is also asked as it is the only way for
a user to restore their account in case of a forgotten password.
However, an email is not required.
</p>
<p>
A user is able to change their username and password and any other
details (eg. email) through their
<a href="{% url 'dashboard' %}">dashboard</a>.
</p>
<p>
A user is able to export all their data directly and at any point
through the <a href="{% url 'export_index' %}">export</a> page.
</p>
<p>
A user is able to completely delete their account and all information
related to their account through the dashboard, and then navigating to
<a href="{% url 'user_update' %}">blog settings</a>, and scrolling all
the way down. In this case, the user account will be immediately
purged from our primary servers and 20 days later from our database
backups.
</p>
<h2 id="payments">Payments</h2>
<p>
We offer a Premium Plan of our service which requires payment. If a
user opts for the Premium Plan they are billed immediately for the
next one year term, and automatically billed every year unless cancelled.
</p>
<p>
We accept card payments through <a href="https://stripe.com/">Stripe</a>,
but if one is not fond of this method we support alternatives. Please,
email <a href="mailto:admin@bocpress.co.uk">admin@bocpress.co.uk</a> for
and with details.
</p>
<p>
We also fund CO₂ removal from the atmosphere using 5% of our
subscription revenue through
<a href="https://climate.stripe.com/QPSBFx">Stripe Climate</a>.
</p>
<h2 id="refunds">Refunds</h2>
<p>
We wouldn’t want to cause unhappiness. Any dissatisfied with our
service user can ask—and most probably get—a refund at
<a href="mailto:admin@bocpress.co.uk">admin@bocpress.co.uk</a>.
</p>
<h2 id="liability">Liability</h2>
<p>
The user expressly understands and agrees that Zermelo Fraenkel LTD,
the operators of this website shall not be liable, in law or in equity,
to them or to any third party for any direct, indirect, incidental,
lost profits, special, consequential, punitive or exemplary damages.
</p>
<h2 id="third-parties">Third-parties</h2>
<p>
We have a strong commitment to never share any user data with any
third-parties. The only neccessary exception to this rule is the
payment processor we use to accept card payments. That processor is
<a href="https://stripe.com/">Stripe</a> and the data sent over are
card numbers. This enables us to never—not even temporarily—store card
details on our servers and benefit from Stripe’s secure,
<a href="https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard">PCI-compliant</a>
payment infrastructure.
</p>
<p>
Please bear in mind that Stripe may also collect other data, such as IP
address and browser user agent.
</p>
<h2 id="service-availability">Service Availability</h2>
<p>
We provide the BōcPress service on an “as is” and “as available”
basis. We do not offer service-level agreements—but do take uptime
seriously. You can find a record of outages at
<a href="https://status.uptimia.com/bocpress/">https://status.uptimia.com/bocpress/</a>.
</p>
<h2 id="contact-and-support">Contact and Support</h2>
<p>
Email us at <a href="mailto:admin@bocpress.co.uk">admin@bocpress.co.uk</a>
with any queries.
</p>
<h2 id="open-source">Open Source</h2>
<p>
We have a creed to write <a href="https://fsfe.org/freesoftware" title="Free Software explanation on FSFE website">free software</a>.
BōcPress is developed publicly on <a href="https://sr.ht/~linuxgoose/bocpress/">sr.ht</a>
and <a href="https://github.com/linuxgoose/bocpress">GitHub</a>.
</p>
<p>
There is no backlog or roadmap or issue/ticket system for BōcPress projects.
</p>
<p>
We use
<a href="https://lists.sr.ht/~linuxgoose/bocpress-community">a mailing list</a>
and <a href="https://github.com/linuxgoose/bocpress/issues">GitHub Issues</a>
for bug tracking and other discussions.
</p>
<h2 id="infrastructure-policies">Infrastructure Policies</h2>
<ul>
<li>
We maintain a
<a href="https://docs.bocpress.co.uk/dependencies/">Dependency Policy</a>
for all our top-level code dependencies.
</li>
<li>We take daily backups of our database.</li>
<li>Our backup retention policy is 20 days.</li>
<li>We test our backups every 6 months.</li>
<li>All passwords are stored in a hashed form.</li>
<li>All data centers we use have an ISO 27001 certification.</li>
<li>
All rights under
<a href="https://gdpr.eu/tag/chapter-3/">GDPR</a>
are exercisable:
<ul>
<li>via the site</li>
<li>by emailing <a href="mailto:admin@bocpress.co.uk">admin@bocpress.co.uk</a></li>
</ul>
</li>
</ul>
<h2 id="encryption">Encryption</h2>
<ul>
<li>
All user passwords are stored
<a href="https://en.wikipedia.org/wiki/SHA-2">SHA256</a>-hashed
using
<a href="https://en.wikipedia.org/wiki/PBKDF2">PBKDF2</a>.
</li>
<li>
We support and require encryption in transit via
<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">TLS</a>
1.2 and 1.3.
</li>
<li>We do not implement data encryption at rest.</li>
</ul>
<h2 id="cookies">Cookies</h2>
<p>
We do not use any cookies for analytics, advertising, preferences, or
for any third-party service.
</p>
<p>
We do use two cookies, one for account authentication (keeping users
logged in) and another for security (to prevent
<a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">CSRF</a>).
</p>
<h2 id="server-providers">Server Providers</h2>
<ul>
<li>
Our servers are operated by
<a href="https://www.hetzner.com/">Hetzner Online GmbH</a>,
an EU company based in Gunzenhausen, Germany.
</li>
<li>
The main data center we use is
<a href="https://docs.hetzner.com/general/others/data-centers-and-connection/">HEL1-DC2</a>
and is located in Helsinki, Finland.
</li>
<li>
We store backups with
<a href="https://www.scaleway.com/">Scaleway</a>
in Paris, France.
</li>
</ul>
<h2 id="acknowledgements">Acknowledgements</h2>
<p>
BōcPress was forked by <a href="https://mataroa.blog/">Mataroa</a>,
another minimal blogging platform.
</p>
<p>
BōcPress was also inspired by <a href="https://bearblog.dev/">Bear Blog</a>,
another minimal blogging platform.
</p>
<p>
BōcPress is built using many existing open source technologies,
which we deeply appreciate and want to thank for their beyond stellar
work.
</p>
<p>In somewhat particular order but not of importance:</p>
<ul>
<li>
The Django Project, community, and the
<a href="https://www.djangoproject.com/foundation/">Django Software Foundation</a>.
</li>
<li>The <a href="https://www.postgresql.org/">PostgreSQL</a> community.</li>
<li>The <a href="https://www.psycopg.org/">psycopg</a> team.</li>
<li>The <a href="https://github.com/caddyserver/caddy">Caddy</a> community.</li>
<li>
The contributors of <a href="https://github.com/Python-Markdown/markdown">markdown</a>,
<a href="https://github.com/pygments/pygments">pygments</a>,
<a href="https://github.com/mozilla/bleach">bleach</a> packages.
</li>
<li>
and of course the creators and contributors of Python, Ubuntu, Debian, Linux kernel,
Bash, GNU Project, rclone, Let’s Encrypt, C, Git, vim, and the list is never ending...
</li>
</ul>
<h2 id="changes">Changes</h2>
<p>
Maybe we’ll change our minds for some of these statements. In cases of
major changes, users with an email to their account will receive a
notice 14 days prior.
</p>
</main>
{% include 'partials/footer.html' %}
{% endblock content %}