@phil Understood, I'll look into it and see what I can change. Probably not much since I'm limited to what Mastodon can do, but I can definitely get the privacy policy updated to reflect it and how we use the data.

@phil what PII data am I currently processing and how are we processing it? I don't really understand this question because we don't require any PII data except from our users who provide an e-mail and IP address when they create an account, but nothing that identifies a user personally to my knowledge. If you can explain this in more detail I'll definitely take steps to purge all PII from out systems from non-members.

@phil understood, the default privacy policy included in Mastodon probably isn’t the best, so I’ll get a better version of it deployed soon with a list of our vendors that might have access to user data. I can’t think of any off hand, maybe Cloudflare depending on how things are configured. Probably Stripe, PayPal, and other payment processors.

I definitely considered dissolving the LLC, but that risk is too much for me to take on sadly.

I guess I’ll have to think more about the future and hope there’s a simple and cheap solution or just keep things the way they are with some minor tweaks.

@phil

No data is being shared with any 3rd parties unless it’s volunteered like donations and such, which are all optional.

I believe Mastodon has built in GPDR compliance for most of the requirements. I’m not a lawyer nor do I live in the EU so it’s best effort in that regards, I’m mostly at the mercy of the software so whatever it implements is what I can offer.

I don’t know what BCR, DTIA, or SCC are, but I don’t think they apply since the only network we’re responsible for is our connection to our data center and then we’re hands off. I don’t plan on investing too much effort beyond that, especially since our data center can change any day.

I answered the LLC questions here: https://mindly.social/@KuJoe/115644291661102808

Let me know if you have any other questions. 🙂