Here on Slipmat, security and privacy are not an afterthought but important design aspects. Your data is not our business so we have no interest in whatsoever selling it or in any way misusing it. In fact, quite the opposite, our aim is to be a secure and privacy-minded online community, serving as an example on how things should be done on the open Web.
Slipmat is built with security in mind. We’ll publish a separate post describing security practices in more detail but shortly, your passwords are not stored on the server but only a salted hash (nevermind the nerd talk, it means they are super safe), all the communication between Web clients and different servers is encrypted, the server environment is hardened and kept up to date, and the software tool stack is also up to date and (Python, Django, Vue) is known for having a good track record on security.
We outsource security-critical things like email sending and credit card handling so that professionals trained on that one specific thing are responsible for storing and handling those data. We also use third-party tools for logging errors and monitoring software vulnerabilities.
For you, the user, we try to draw the line between super secure and too cumbersome to use somewhere in the practical middle. You cannot for example assign yourself a too weak password but you can use a third-party login for smoother experience. More advanced features like two-factor authentication are planned.
One thing to be noted is that Slipmat chat is not encrypted, you should consider chat as a semi-public forum.
How and what data we store about you
We store tons of data for DJs but vast majority of it is anonymous. (Things like number of visitors in an event, number of new Facebook likes or Twitter followers during an event or amount of tips given.) Some, however, is not (like your chat messages, requests and feedback to DJ).
Your most private data like email, password and credit card details are handled extra carefully and shown to no one else. As a matter a fact even we don’t know your password or credit card details as the technical implementation 100% obfuscates the info from us. Even if we handed out the plain text hashes of those details from our database, they would be useless to anybody else. (Nerdtalk: instead of your password we only have a salted hash, and your credit card details are stored by Stripe, we only have a key to use with an API.)
Other personal information we have about you comes from your user profile and actions you’ve performed at events (like chat messages, DJ feedback, made requests etc.). Even though we do use this data for creating analytics for the DJ, we have absolutely no interest in your personal details. Our use case for the data is only for the benefit of the DJ, and even for them your data is mostly anonymized (except for things like feedback items which have been posted as non-anonymous) or only indirectly available for the DJ.
DJs cannot directly access your personal data like your chat messages but only anonymized distillations (like how many chat messages there were during an event, how many different users were seen and in the future maybe some natural language processing, for example an average positivity score of the messages of one event). At the moment we don’t delete this kind of data after distillation because having it for developing and testing purposes is very valuable. (Again, no one is seeing or using your personal data in its raw form but instead its used for analytics and processing purposes which always yields anonymized output.)
From Slipmat point of view, the less we have your personal data, the better. We aren’t interested in your data and we don’t want to collect it unnecessarily because storing it means that we are responsible for it. The less we have, the less worries we have. In the future, as we our features get more stable and we get out of beta phase, we will lock down our data structures and make our saved user content considerably smaller. (After that we’ll collect development data from volunteers who want to help with the development.)
If you have any questions about your personal data or anything related, feel free to post a question here on Backstage or email us.
Data for and about DJs
Exporting your personal data
You can export all of your personal data from your profile page. This export file is in JSON format which is (semi)human readable but also easily readable by a computer so if you want, you can export all your data off Slipmat.
If you want to just study your data, a better way might be our API. It’s intended purely for developers, but if you know how, or if you have a developer friend, you can use it freely. (Anyone can also build an open source tool that uses the data – it’s all open!) Again, all the data available from the API is anonymized for everyone else, but your personal data is readable for you.
If you have any questions about security, you can post them here on the Backstage or send us email.
Reporting Security Incidents
If you want to report a security incident, please do not post it here publicly but instead email us at firstname.lastname@example.org