From 3fa5ea996606570617e3ffbec50f882ca6e181d9 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Sun, 21 Apr 2024 21:14:43 -0400
Subject: [PATCH] update privacy policy for reduced log retention

Network services keep logs for at most 4 days, not 10. Certain services
have persistent access logs disabled (DNS and NTP).
---
 static/faq.html | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/static/faq.html b/static/faq.html
index 18f8599c..78988c07 100644
--- a/static/faq.html
+++ b/static/faq.html
@@ -1179,10 +1179,10 @@
                     <h3><a href="#privacy-policy">What is the privacy policy for GrapheneOS services?</a></h3>
 
                     <p>GrapheneOS services follow the <a href="https://www.eff.org/dnt-policy">EFF's
-                    privacy-friendly Do Not Track (DNT) policy</a> for all users of our publicly available
-                    services, not just those opting out of tracking via Do Not Track. Our policy is the
-                    same with "DNT User" redefined as "user" to cover any user. This serves as a standard
-                    privacy policy across all of our public services:</p>
+                    privacy-friendly Do Not Track (DNT) policy</a> for all users of our publicly
+                    available services, not just those opting out of tracking via Do Not Track. Our
+                    policy is the same with "DNT User" redefined as "user" to cover any user. This
+                    serves as a standard privacy policy across all of our public services:</p>
 
                     <ul>
                         <li>attestation.app</li>
@@ -1206,17 +1206,18 @@
                         <li>dl.vanadium.app</li>
                     </ul>
 
-                    <p>Our implementation of the policy primarily consists of making sure our servers only
-                    retain logs for 10 days. In practice, we follow much stricter privacy guidelines
-                    than the rules laid out in the EFF policy. However, we don't want to define our own
-                    complex, ad-hoc privacy policy rather than reusing a sensible one with serious thought
-                    put into it by experts.</p>
+                    <p>Our implementation of the policy primarily consists of making sure our
+                    servers only retain logs for at most 10 days with a lower limit or no persistent
+                    logs for certain services. In practice, we follow much stricter privacy
+                    guidelines than the rules laid out in the EFF policy. However, we don't want to
+                    define our own complex, ad-hoc privacy policy rather than reusing a sensible one
+                    with serious thought put into it by experts.</p>
 
-                    <p>Our mail server (mail.grapheneos.org), Matrix server
-                    (matrix.grapheneos.org), Element instance (element.grapheneos.org) and
-                    Mastodon server (grapheneos.social) only provide accounts for GrapheneOS
-                    project members so most functionality is outside the scope of what's relevant
-                    to a public privacy policy.</p>
+                    <p>Our mail server (mail.grapheneos.org), Matrix server (matrix.grapheneos.org),
+                    Element instance (element.grapheneos.org) and Mastodon server
+                    (grapheneos.social) only provide accounts for GrapheneOS project members so most
+                    functionality is outside the scope of what's relevant to a public privacy
+                    policy.</p>
                 </article>
 
                 <article id="default-dns">