Privacy Questions and Answers

This notice describes how The CoreELEC open source Project collects and uses data about you.

Jump to:

What is CoreELEC?

CoreELEC is a free open source Project run by volunteers around the world. We create and bundle free open source software mainly to create a minimalistic Operating System to run an entertainment system based on Kodi™ technology.
In this policy “we”, “us” and “our”; refer to CoreELEC. Discourse is the forum software we use.

How does CoreELEC collect data about me?

CoreELEC collects data about you:

  • when you visit our website or any of our subdomains

  • when you browse the forum that we host

  • when you create and use an account on the forum that we host

  • when you post, send private messages, and otherwise participate in the forum that we host

CoreELEC collects data when you use the forum that we host, whether you use the forum using a web browser on your own computer, or use third-party apps for mobile devices.

CoreELEC does not buy or otherwise receive data about you from data brokers.

What data does CoreELEC collect about me, and why?

CoreELEC collects web server log files
CoreELEC follows a standard procedure of using log files.
These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics.

The information collected by log files include an anonymized version of the internet protocol (IP) addresses (the last octet is replaced with a “0”), browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks.
These are not linked to any information that is personally identifiable.

The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

These log files are kept for 7 days and completely deleted afterwards.

CoreELEC collects data about visits to forums.
When you visit our forum, whether you have an account or not, the forum uses cookies, server logs, and other methods to collect data about what pages you visit and when.

CoreELEC uses data about how you use the website to:

  • optimize the forum, so that it’s quick and easy to use

  • diagnose and debug technical errors

  • defend the forum from abuse and technical attacks

  • compile statistics on forum and topic popularity

  • compile statistics on the kinds of software and computers visitors use

CoreELEC usually stores data about how you use the forum in identifiable form for just a few weeks. In special circumstances, like extended investigations about technical attacks, CoreELEC may preserve log data longer, for analysis. CoreELEC stores aggregate statistics about use of the forum for as long as CoreELEC hosts the forum, but those statistics don’t include data identifiable to you personally.

CoreELEC collects account data.
Many features of the forum that CoreELEC hosts require a forum account. For example, you require an account to post and reply to topics.

To sign up for a forum account, Discourse requires a user name and an e-mail address.

CoreELEC uses your account data to identify you on the forum, and to create pages specific to you, like your profile page. The forum is access-restricted, CoreELEC makes your account data available to everyone who can access the forum.

CoreELEC uses your e-mail address to:

  • notify you about posts and other activity on the forum (optional)

  • reset your password and help keep your account secure

  • contact you in special circumstances related to your account

  • contact you about legal requests, like DMCA takedown requests

You may provide additional data for your account, like a short biography, your location, or your birthday, on the profile settings page for your account. CoreELEC makes that data available to others who can access the forum. You don’t have to provide this additional information, and you can erase it at any time.
CoreELEC stores your account data as long as your account remains open.

CoreELEC collects data about posts and other activity on the forum.
CoreELEC collects the content of your posts, plus data about bookmarks, likes, and links you follow in order to share that data with others, through the forum. The forum is access-restricted, CoreELEC makes your activity available only to registered users.
CoreELEC also collects data about private messages that you send through the forum. CoreELEC makes private messages available to senders and their recipients, and also to forum administrators.
CoreELEC stores your posts and other activity as long as your account remains open.

Cookies

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account. Cookies are either functional, for instance to remember that you are logged in and what your username is but there are also third party cookies that can track you across websites and used to show you ads.
When you visit our Websites we use login cookies which will store your encrypted credentials so you don’t have to type in your password again. We also have session cookies which are temporary cookies to store information about your current session and settings. Session cookies will be removed once you close your Browser. Third Party cookies are cookies that are set for instance by ads displayed on the website or if you follow a link for instance to social media or others. We listed the third party services in the section Does CoreELEC share data about me with others? of this privacy policy. Here is a list of cookies Discourse uses:

Name Essential Expires Description
email Y Session Used during account creation
destination_url Y Session Used during login to redirect to the requested page
fsl Y Session Full screen login client setting
theme_key Y Forever Client theme personalization. Only used when “Make this my default theme on all my devices” unselected.
cn Y Forever Client clear notifications. I’m counting this as user input instead of personalization because it doesn’t make sense to ‘undo’ or change cleared notifications.
_bypass_cache Y Session Used with ‘fsl’ for full screen login
_t Y 1440 hours User authentication token cookie. SiteSetting.maximum_session_age.hours.from_now
_forum_session Y Session Session cookie
__profilin N Session Developer only, used by rack-mini-profiler to bypass work
marketing N 90 days Users choice on the cookie control tool

What about data collected by CoreELEC’s Operating System?

When you install our Operating System the first time a random non personal 32 character long id is generated and saved in:
/storage/.cache/systemd-machine-id

Every time you turn on your device, the Operating System will ask our update server if there is an update for your device type. Your system will provide us with the current installed Version, CPU Architecture, device type, device tree, country, unixtime and this unique but random identifier.
Example request we see: 8.95.0, arm, S905, gxl_p281_2g, United Kingdom, 1535529273, e15a2a08f81aa0912f5b10b55b850c6a,
We store this data to determine how many active installations of our Operating system we have. Additionally determine and store the Country of each request using a local GeoIP database and the current date and time (unixtime). We do not store any other data especially no personal data nor data that could identify you for example IP or MAC addresses along with it.

Machine-ID’s that didn’t check updates for 7 days will be removed from our database automatically. You can change or delete that ID whenever you want. Or you can disable it in the Operating System’s settings:
Settings -> CoreELEC -> System -> Submit Statistics.

Machine-ID will become NOSTATS and our server will automatically discard the data.
Example Request we see: 8.95.0, arm, S905, gxl_p281_2g, United Kingdom, 1535529273, NOSTATS
Our binary builds including updates and also Addons are hosted on GitHub and downloaded from there. Please refer to their privacy policy: https://help.github.com/articles/github-privacy-statement/

How can I make choices about data collection?

You can make choices about how data about you is used on the settings page for your account.
CoreELEC does not respond to the Do Not Track HTTP header.

Where does CoreELEC store data about me?

CoreELEC hosts all data on servers in Germany.

Does CoreELEC comply with the EU General Data Protection Regulation?

CoreELEC respects privacy rights under Regulation (EU) 2016/679, the European Union’s General Data Protection Regulation (GDPR). Information that GDPR requires CoreELEC to give can be found throughout this privacy notice. So can information about specific rights, like access, rectification, erasure, data portability, and objection to automated decision-making.

Where can I access data about me?

You can see your account data at any time by visiting your account page on the forum. Your account page also lists your posts and other activity on the forum.
Your account activity page also includes a link to download all of your activity in standard comma-separated values format.

How can I change or erase data about me?

You can change your account data at any time by visiting the profile settings page for your account. You can also contact us by email: team@coreelec.org or by private message in this forum to one of the moderators or administrators to close, anonymize and delete your Account. Closing your account starts a process of erasing or anonymizing CoreELEC’s records of data you provided for your account.
You are also able to edit, anonymize, or erase your own posts. When you edit posts, CoreELEC will keep all versions of your posts. Forum administrators can view old versions of posts, and optionally make them visible to other forum visitors. You can always request that we remove, anonymize or correct your personal data.

Does CoreELEC make automated decisions based on data about me?

The forum uses data about your posts and activity to award you badges and calculate a trust level for your account. Your trust level may affect how you can participate in the forum, such as whether you can upload images, as well as give you access to moderation and management powers in the forum. Your trust level therefore reflects forum administrators’ confidence in you, and their willingness to delegate community management functions, like moderation.
If you think your trust level has been set incorrectly, contact an administrator of your forum. They can manually adjust the trust level of your account.

Does CoreELEC share data about me with others?

CoreELEC shares account data with others as mentioned in the section about account data.
CoreELEC shares data about your posts and other forum activity with others as mentioned in the section about account data.

CoreELEC does not sell or give information about you to other companies or services. However, CoreELEC does use services from other companies. The companies behind those services may collect data about you on their own, for their own purposes. Some of these services may be used to collect information about your online activities across different websites. All of these services are based in the United States:

Google AdSense https://policies.google.com/privacy : This service is used for advertisements. Google will track your behaviour on our website and on others on the Internet to determine your interests. Adsense can use cookies, JavaScript, or Web Beacons (small hidden graphics), which are sent directly to users’ browser. AdSense automatically receives your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.
You can edit those interest categories associated with you here: adssettings.google.com/authenticated. You can opt out of the AdSense partner cookie using those settings or using the YourAdChoices multi-cookie opt-out mechanism at: optout.aboutads.info/?c=2#!/ for US or http://www.youronlinechoices.com/ for EU. This opt-out mechanism use cookies themselves, and if you clear the cookies from your browser your opt-out wish will will be lost until set again.

Note that CoreELEC has no access to or control over these cookies that are used by third-party advertisers.

GitHub https://help.github.com/articles/github-privacy-statement/ : We store our software builds and Addons on GitHub. If you choose to download our software or use the automatic updates in our software you will be redirected to their servers.

Other individuals and companies may also reuse data about you that CoreELEC publishes, such as your posts to public forums.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.

Request that a business delete any personal data about the consumer that a business has collected.

Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Children’s Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

CoreELEC does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

How can I contact CoreELEC about privacy?

You can send questions and complaints to: team@coreelec.org

For complaints under GDPR more generally, European Union users may lodge complaints with their local data protection supervisory authorities.

How can I find out about changes?

This version of CoreELEC’s privacy questions and answers took effect June 5, 2020.

CoreELEC will post the next version at https://discourse.coreelec.org/privacy. CoreELEC may change how it announces changes in future versions.

In the meantime, CoreELEC may update its contact information without announcing a change. Please refer to https://discourse.coreelec.org/privacy for the latest contact information at any time.