Here at RadioSpiral, we’re mostly just a radio station; you connect to us anonymously and listen to the stream for as long or short a time as you choose. We have a mailing list (to which we only add you if you explicitly request it), our Slack chatroom, and our Slack bot, Spud.
Slack does store all of the conversation in the chatrooms on its servers; we are currently using a free plan, which means the following apply:
- If you want to export your data from private channels (including the “staff” channel) and direct/group messages, RadioSpiral must contact Slack and apply to export this content. Slack will reject applications, unless Workspace Owners (i.e., RadioSpiral) show in each instance (a) valid legal process, or (b) consent of members, or (c) a requirement or right under applicable laws in order to export data. In short, we can’t see it, and Slack makes it hard for us to give it to you because we’re not paying them for access to it, but it’s possible.
- For public channels, RadioSpiral may also use Standard Export to export content. Standard Exports will include links to files, but not files themselves. We have not tried this yet, so we can’t tell you if Standard Export goes back in history or simply exports what’s currently showing. Content includes messages, links to files (but not the files themselves), message edit and deletion logs, and archived public channels.
Slack now permits us to truly delete users from our Slack, which we will be happy to do on request if desired. If, because of code of conduct violations, you are permanently banned from our Slack, we will delete your data. Members of the staff who “retire” from active shows and performance may choose to be either removed or “demoted” to regular users.
Our Slack bot, Spud, monitors the stream and listens for messages in channels he’s been invited to: these include the “General” channel and the private “Staff” channel. Spud does see all messages, but discards any that are not addressed to him immediately, and only retains the ones that are for him long enough to respond to them. Spud does not store any data other than the login credentials to access Slack and the Firebase credentials to access the Slack ones. Spud’s logs temporarily contain the  messages sent, but these are deleted according to the Heroku Hobby dyno rules: it keeps the last 1,500 lines of consolidated logs and these expire after 1 week. RadioSpiral staff can fetch Spud’s logs if required, but we will reject applications unless requesting parties show in each instance (a) valid legal process, or (b) consent of members, or (c) a requirement or right under applicable laws in order to export data.. Access to the Staff channel logs is limited to members of the RadioSpiral staff; it is sometimes necessary to discuss security issues, conduct, planning, and the like there, so these logs are not available to the general public. Staff members can request the logs, but please have a really good reason, because it’s a lot of manual work.
The station broadcasting itself uses Icecast to provide our streaming services. Icecast needs to know the IP address of any listening device to be able to stream to it, and logs these incoming IP addresses. These logs are retained for six months and then deleted. If necessary, staff can remove IP addresses from the logs and/or supply filtered logs for a specific IP address, but the requester must be able to prove that the IP address in question is static and owned only by them. Dynamic IP addresses cannot be  specifically linked to a person and are therefore exempt from this requirement. We do not share listener IP address information with anyone; aggregate, anonymous listener counts are available from Spud.
Our main website uses WordPress, ActiveCampaign, and other data tools, which may share information from visitors to our website with various third parties, including certain service providers (including content delivery networks, security services, domain name services, and others), law enforcement officials and application developers. These data tools may keep this information for as long as our site is active, and longer as needed (for example, if they are legally obligated to keep it longer, or need it to protect their interests). If you wish to have your data downloaded or removed from the site, please contact RadioSpiral staff to have this done; WordPress and ActiveCampaign provide tools for this purpose.
RadioSpiral has a significant presence in Second Life. You may join the RadioSpiral group in Second Life to be notified of events related to RadioSpiral in Second life, including but not limited to live performances and DJ appearances. You may opt in or out at any time using Second Life’s group mechanisms. We do not record or share information related to membership in our Second Life group. Staff members of the radio station may be granted extra privileges in Second Life (access to restricted areas, access to the RadioSpiral “holodeck” to set upperformance spaces, access to rez stage props).
RadioSpiral does not transfer personally-identifying data to any other entity, other than as needed to permit access to Slack and to subscribe users who request it to our MailChimp newsletter. We do not sell the list or newsletter subscribers, nor do we otherwise provide it to anyone else. Signing up to use Slack logs nothing; it only passes the request on to Slack for account creation.
We are committed to securing your personal information, and use various security measures to better protect it. However, as we can’t guarantee absolute protection, we encourage you to be careful when posting sensitive or personal information, especially in chat.
Please see the MailChimp GDPR notices for details on their usage of subscription data, the Slack GDPR notices for more details on Slack’s own use of the chat and login data, and the Second Life GDPR notices for details on their use of personally-identifiable data.
Who we are
Our website address is: https://radiospiral.net.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If we provide you privileges to edit or publish articles on the site, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service to prevent data attacks and spam comments. These services check new comments against a database of known spam content, especially URLs and keywords, and may hold the comments for approval or rejection.
