-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathprivacy.html
More file actions
368 lines (314 loc) · 14.8 KB
/
Copy pathprivacy.html
File metadata and controls
368 lines (314 loc) · 14.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" type="image/svg+xml" href="icon.svg">
<link rel="alternate icon" href="icon.svg">
<title>Privacy & Open Source - Valley of the Commons</title>
<link rel="stylesheet" href="game.css">
<style>
/* Override body styles for privacy page to allow scrolling */
html {
overflow: auto !important;
height: auto !important;
}
body {
overflow: auto !important;
overflow-x: hidden !important;
height: auto !important;
min-height: 100vh;
min-height: 100dvh; /* Dynamic viewport height for mobile */
display: block !important;
align-items: unset !important;
justify-content: unset !important;
position: relative !important;
-webkit-overflow-scrolling: touch; /* Smooth scrolling on iOS */
}
/* Override terminal styles that might interfere */
.terminal {
display: none !important;
}
.privacy-container {
max-width: 800px;
margin: 0 auto;
padding: 2rem;
padding-top: 4rem; /* Space for top links if they exist */
color: #00ff00;
font-family: 'Courier New', 'Monaco', 'Menlo', monospace;
min-height: 100vh;
min-height: 100dvh;
}
/* Mobile responsive padding */
@media (max-width: 768px) {
.privacy-container {
padding: 1rem;
padding-top: 3.5rem; /* Space for top links */
}
.privacy-header h1 {
font-size: 1.3rem;
}
.privacy-section h2 {
font-size: 1.1rem;
}
.privacy-section h3 {
font-size: 0.95rem;
}
}
.privacy-header {
margin-bottom: 2rem;
border-bottom: 1px solid #00ff00;
padding-bottom: 1rem;
}
.privacy-header h1 {
font-size: 1.5rem;
margin-bottom: 0.5rem;
}
.privacy-header p {
color: #666;
font-size: 0.9rem;
}
.privacy-section {
margin-bottom: 2rem;
}
.privacy-section h2 {
font-size: 1.2rem;
color: #00ff00;
margin-bottom: 1rem;
border-left: 2px solid #00ff00;
padding-left: 1rem;
}
.privacy-section h3 {
font-size: 1rem;
color: #fff;
margin-top: 1.5rem;
margin-bottom: 0.5rem;
}
.privacy-section p {
line-height: 1.6;
margin-bottom: 1rem;
color: #ccc;
}
.privacy-section ul {
margin-left: 1.5rem;
margin-bottom: 1rem;
color: #ccc;
}
.privacy-section li {
margin-bottom: 0.5rem;
line-height: 1.5;
}
.privacy-section code {
background: #111;
padding: 0.2rem 0.4rem;
border: 1px solid #333;
color: #00ff00;
font-size: 0.9em;
}
.privacy-section a {
color: #00ff00;
text-decoration: underline;
}
.privacy-section a:hover {
text-decoration: none;
}
.back-link {
display: inline-block;
margin-top: 2rem;
padding: 0.5rem 1rem;
border: 1px solid #00ff00;
color: #00ff00;
text-decoration: none;
transition: all 0.2s ease;
}
.back-link:hover {
background: #00ff00;
color: #000;
}
.highlight {
color: #00ff00;
font-weight: bold;
}
.warning {
color: #ffaa00;
}
</style>
</head>
<body>
<div class="privacy-container">
<div class="privacy-header">
<h1>Privacy & Open Source FAQ</h1>
<p>Valley of the Commons - Transparency & Open Commons Best Practices</p>
</div>
<div class="privacy-section">
<h2>Model Choice & AI Infrastructure</h2>
<h3>Current Model: Mistral Devstral-2</h3>
<p>
We use <span class="highlight">Mistral Devstral-2</span> via
<a href="https://vercel.com/docs/ai/ai-gateway" target="_blank" rel="noopener">Vercel AI Gateway</a>.
This is a cost-effective model suitable for MVP testing.
</p>
<h3>Why This Model?</h3>
<ul>
<li><strong>Free tier:</strong> Available on Vercel AI Gateway free tier</li>
<li><strong>Fast response times:</strong> Optimized for real-time dialogue</li>
<li><strong>Open-source roadmap:</strong> We're committed to migrating to open-weights or self-hosted models</li>
</ul>
<h3>Long-term Vision</h3>
<p>
<span class="warning">Note:</span> Some models used in MVP are proprietary APIs.
Our long-term roadmap includes migration to <strong>open-weights or self-hosted models</strong>
to align with open commons principles.
</p>
</div>
<div class="privacy-section">
<h2>Data Tracking & Privacy</h2>
<h3>What We Track</h3>
<ul>
<li><strong>Server logs:</strong> Basic request metadata (method, timestamp, message count) for debugging and monitoring</li>
<li><strong>Shared ideas:</strong> If you choose to share an idea or conversation to GitHub, it becomes part of the public repository</li>
</ul>
<h3>What We Do NOT Save</h3>
<ul>
<li><strong>We do NOT save conversations:</strong> Your dialogue with the game master is processed temporarily to generate responses, but we do not store conversations in any database or persistent storage</li>
<li><strong>We do NOT track conversations:</strong> Conversations exist only in your browser session and are not saved by us</li>
</ul>
<h3>AI Provider Tracking</h3>
<p>
<span class="warning">Important:</span> While <strong>we do not save your conversations</strong>, the AI provider
(Mistral via Vercel AI Gateway) may track conversations according to their own privacy policy.
We have no control over their data collection practices. For details, see
<a href="https://mistral.ai/legal/privacy-policy/" target="_blank" rel="noopener">Mistral's Privacy Policy</a>
and <a href="https://vercel.com/legal/privacy-policy" target="_blank" rel="noopener">Vercel's Privacy Policy</a>.
</p>
<h3>What We Do NOT Track</h3>
<ul>
<li><strong>No user accounts:</strong> No registration, no login, no personal profiles</li>
<li><strong>No cookies:</strong> No tracking cookies, no analytics cookies, no advertising trackers</li>
<li><strong>No IP logging:</strong> IP addresses are not stored or logged</li>
<li><strong>No third-party analytics:</strong> No Google Analytics, no Facebook Pixel, no tracking scripts</li>
<li><strong>No email collection:</strong> The game interface does not collect email addresses</li>
</ul>
<h3>Conversation Handling</h3>
<p>
<strong>We do not save conversations.</strong> Conversations exist only in your browser session.
Messages are sent to the server for AI processing but are <strong>not stored persistently by us</strong>.
Each conversation is ephemeral and exists only during your active session. When you close your browser,
the conversation is gone from our systems.
</p>
<h3>When Conversations Are Saved</h3>
<p>
Conversations are <strong>only saved</strong> when you explicitly choose to share them to GitHub using
the "Share to GitHub" feature. This is an opt-in action that you control. Once shared, the conversation
becomes part of the public repository at <code>build_game/conversations/</code>.
</p>
<h3>Server-Side Processing</h3>
<p>
Messages are processed through Vercel serverless functions. Our server logs may contain:
</p>
<ul>
<li>Request metadata (timestamp, method)</li>
<li>Message count and length (for debugging)</li>
<li>First/last message previews (first 100 characters, for debugging only)</li>
</ul>
<p>
These logs are <strong>not publicly accessible</strong> and are used only for system monitoring and debugging.
They do not contain full conversation content and are automatically rotated by Vercel.
</p>
</div>
<div class="privacy-section">
<h2>What Is Verifiable on GitHub</h2>
<h3>Open Source Repository</h3>
<p>
Our entire codebase is open source and available at
<a href="https://github.com/understories/votc" target="_blank" rel="noopener">github.com/understories/votc</a>.
</p>
<h3>You Can Verify:</h3>
<ul>
<li><strong>All client-side code:</strong> HTML, CSS, JavaScript - everything runs in your browser</li>
<li><strong>Serverless function code:</strong> All API endpoints are open source and auditable</li>
<li><strong>No hidden tracking:</strong> Review the code yourself - no analytics, no trackers, no data collection</li>
<li><strong>Data handling logic:</strong> See exactly how messages are processed, sanitized, and sent to AI</li>
<li><strong>Security measures:</strong> Input sanitization, role whitelisting, turn limits - all visible in code</li>
<li><strong>Shared ideas:</strong> Ideas shared to GitHub are publicly visible in <code>build_game/ideas/</code></li>
</ul>
<h3>What's Not in the Repository</h3>
<ul>
<li><strong>API keys:</strong> Stored securely in Vercel environment variables (never in code)</li>
<li><strong>Internal thoughts:</strong> Game design notes are in the repo but don't contain user data</li>
<li><strong>Server logs:</strong> Not committed to the repository</li>
</ul>
</div>
<div class="privacy-section">
<h2>Open Source & Open Commons Best Practices</h2>
<h3>Our Commitment</h3>
<p>
Valley of the Commons follows <strong>open commons</strong> principles:
</p>
<ul>
<li><strong>Transparency:</strong> All code is open source and auditable</li>
<li><strong>No vendor lock-in:</strong> Using open standards and protocols</li>
<li><strong>Community ownership:</strong> Ideas shared become part of the public commons</li>
<li><strong>Minimal data collection:</strong> Only what's necessary for functionality</li>
<li><strong>User control:</strong> You choose what to share, when to share it</li>
</ul>
<h3>Open Source License</h3>
<p>
The codebase is open source. Check the repository for the specific license terms.
</p>
<h3>Contributing</h3>
<p>
Contributions, improvements, and audits are welcome. The repository is public and open for
community participation.
</p>
<h3>Future Improvements</h3>
<ul>
<li>Migration to self-hosted or open-weights models</li>
<li>Enhanced privacy controls</li>
<li>Optional conversation export (user-controlled)</li>
<li>Local-first architecture where possible</li>
</ul>
</div>
<div class="privacy-section">
<h2>Security Measures</h2>
<h3>Input Sanitization</h3>
<ul>
<li>Message content is limited to 500 characters per message</li>
<li>Only 'user' and 'assistant' roles are allowed (prevents system prompt injection)</li>
<li>Empty messages are filtered out</li>
</ul>
<h3>Rate Limiting</h3>
<ul>
<li>Maximum 12 user turns per conversation</li>
<li>Server-side turn counting (prevents client-side manipulation)</li>
</ul>
<h3>API Security</h3>
<ul>
<li>API keys stored in environment variables (never exposed to client)</li>
<li>Serverless functions handle all sensitive operations</li>
<li>No CORS for game chat (same-origin only)</li>
</ul>
</div>
<div class="privacy-section">
<h2>Your Rights & Control</h2>
<h3>You Control:</h3>
<ul>
<li><strong>What you share:</strong> Only share ideas you want to make public</li>
<li><strong>When you share:</strong> Sharing is opt-in, not automatic</li>
<li><strong>Your conversation:</strong> Conversations are ephemeral - close the browser to end the session</li>
</ul>
<h3>No Account Required</h3>
<p>
You can use the game interface without creating an account, providing an email, or any personal information.
</p>
<h3>Questions or Concerns?</h3>
<p>
If you have questions about privacy, data handling, or want to report a concern,
please open an issue on <a href="https://github.com/understories/votc" target="_blank" rel="noopener">GitHub</a>
or contact the project maintainers.
</p>
</div>
<a href="game.html" class="back-link">← Back to Game</a>
</div>
</body>
</html>