Updated August 15, 2016
- When, as a Public User, you visit a web site secured with HTTPS that uses a certificate from Let’s Encrypt,
- When you are a Subscriber, i.e., when you request and use certificates from Let’s Encrypt,
- When you are a Visitor to the Let’s Encrypt web site, community discussion forum, other web pages under letsencrypt.org, and third-party social media sites on which Let’s Encrypt operates an account.
When you use an HTTPS web site or other TLS service with a Let’s Encrypt certificate, your browser (or TLS client) may make an OCSP request to Let’s Encrypt. This OCSP request is used to check whether the certificate has been revoked. OCSP requests convey your IP address and the User Agent string for your browser, which may be unique. We do not use data from OCSP requests to build profiles or identify individuals. Logs are temporarily collected by our CDN provider for operational purposes but are normally deleted in less than seven days. We may retain a subset of OCSP request logs for longer periods in order to investigate software failures or abuse. If we do so, we will delete any stored logs when we are done investigating. We may also compute, retain and publish aggregate information from OCSP request logs, such as which certificates generate the largest volume of requests. We will always strive to ensure that such datasets do not contain information about the activities of identifiable users or devices.
Additionally, we may use third-party analytics services like Google Analytics to gauge traffic and popular pages on our web site. Third party analytics services will set and receive first-party cookies. These cookies do not contain personal information, but uniquely identify your browser software over time on our site. We respect the Do Not Track header by strictly limiting the information our analytics services can collect and share for all Visitors.
We may use analytics services provided by third party social media vendors including, but not limited to, Twitter. Your participation and interaction with Let’s Encrypt on third party social media sites will be governed by the relevant vendor’s privacy policies.
What We Share
To the extent we possess it, we may disclose personally identifiable information about you to third parties in limited circumstances. Such circumstances include when we have your consent or when we have a good faith belief it is required by law, such as pursuant to a subpoena or other judicial or administrative order. We may also disclose account recovery information when we have a good faith belief it is necessary to prevent loss of life, personal injury, damage to property, or significant financial harm.
If we are required by law to disclose the information that you have submitted, we will attempt to provide you with prior notice (unless we are prohibited or it would be futile) that a request for your information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by whatever means is reasonably practical. If you do not challenge the disclosure request, we may be legally required to turn over your information.
In addition, we reserve the right, solely at our discretion, to independently object to certain requests (for access to information about users of our products and technologies) that we believe to be improper.
For more information, or to report a privacy issue, please contact: firstname.lastname@example.org