We store information about access to and users on the hex.pm and hexdocs.pm website, the hex.pm API and repository. This data is stored in the US on Heroku and Amazon AWS servers.
All requests to the hex.pm and hexdocs.pm websites are logged. The logs include information about the time the request was made and to which URL, the IP address it was from and browser user agent.
The logged data is only available to hex.pm’s administrative team, but may be made available in aggregate and anonymized forms.
The websites uses Google Analytics to monitor and analyze user behavior. This service provides hex.pm with information on users’ demographics, age, location, and interest categories, when such information is available. This information is not used to identify individual users, but can in some cases be very specific. You can learn more about the information gathered and retained by this service at the Google Analytics privacy policy. You can opt out of Google Analytics entirely with the Google Analytics opt-out browser addon.
A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns.
The websites uses cookies to help identify logged in users. Website visitors who do not wish to have cookies placed on their computers should not log in to the websites.
A registered user is required to publish packages, to otherwise consume the API a user is not required. See the “User information” section below for more information about what user information is stored and is public.
Requests to the API is logged and the same information is stored as for the websites.
Packages published to hex.pm are public. Package metadata will be displayed on the hex.pm website and the full contents of the package will be available on the repository, as such care needs to be taken to not include private or confidential information in the package. Additionally, documentation that has been published to hex.pm will be displayed to the public on hexdocs.pm. Anything published to hex.pm should be seen as public immediately and forever, if credentials are accidentally published they should be changed immediately.
Requests to the repository is logged and the same information is stored as for the websites.
For registered users their username, email address, and cryptographically hashed password is stored and is required to be provided by users. In addition to this profile information, such as user’s full name and social media handles, may be stored of the user if the user chooses to provide it.
Profile information is public and accessible to anyone including the user’s username, email address, and full name with the ability to opt-out of showing the email address and full name. Packages owned and published by the user is also public. No other information, including the user’s password, is public and will not be shared with other parties.
Hex.pm may disclose personally identifiable information under special circumstances, such as to comply with subpoenas or when your actions violate the Terms of Service.
The hex.pm service is hosted in the United States. This Privacy Policy is intended to comply with privacy laws in the United States and may not comply with all privacy laws in other countries.
If you are a non-US user of the service, by using our service and providing us with data, you acknowledge, agree and provide your consent that your personal information may be processed in the United States for the purposes identified in this Privacy Policy. In addition, such data may be stored on servers located outside your resident jurisdiction, which may have less stringent privacy practices than your own. By using the hex.pm service and providing us with your data, you consent to the transfer of such data and any less stringent privacy practices.
All emails to ***@hex.pm
are stored, including the email address of the sender and the contents of the email. This information is available internally to hex.pm but will not be disclosed to the outside. See the “Disclosure” section for exceptions to this.
Any questions about this Privacy Policy should be addressed to support@hex.pm.
Although most changes are likely to be minor, hex.pm may change its Privacy Policy from time to time, and at hex.pm’s sole discretion. The detailed history of changes can be found in the git repository history for this document.
Hex.pm encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of the hex.pm websites and the repository after any change in this Privacy Policy will constitute your acceptance of such change.
Parts of this policy document is based on npm’s Privacy Policy which in turn is partly based on the WordPress.org privacy policy.
This document may be reused under a Creative Commons Attribution-ShareAlike License.