Privacy Policy

Overview

Dazah is a login and social messaging platform. It functions as a backend technology to third-party apps ("Dazapps"). Users connect to Dazapps through a single sign-on with their Dazah profile. Users may create profiles by connecting via LinkedIn, Facebook, or Google, or by creating new login credentials and completing a profile.

User Information

The minimum amount of data we require for a user registration record is a user's first name, last name, and email address. Users who don't opt to build their accounts by connecting via LinkedIn, Facebook, or Google will additionally be prompted for a password. At some point after registration, we may prompt for the completion of a match profile, which surveys the user for their professional goals for the purposes of seeding our matching algorithm.

Throughout normal interaction with Dazah, or with Dazapps that utilize the Dazah API, we record behavior that may be used to help us further improve our matching algorithm and deliver the best matches. For example, we take into consideration data points such as degrees of separation between two users, and we look for patterns to help us further gauge and deliver on a user's needs.

Data Collected from LinkedIn, Facebook, and Google

When signing up or logging in via LinkedIn, Facebook, or Google, we request access to a user's basic profile data for the purposes of creating or updating their registration record. The data retrieved and stored by us may include, but is not limited to, their full name, email address, profile picture, headline, industry, professional summary, birthday, gender, education history, career history, and website. With the exception of a user's email address (which we request a separate permission for), only data that the user has specified as visible on their public LinkedIn, Facebook or Google profile is accessible to us.

Profile Access

Because Dazah functions as a lead generation platform designed to introduce users to each other, the majority of a user's profile information is made public programatically through the API to the Dazapps that they choose to use. Additionally, profile information may be set by any Dazapp that is granted the permission to do so. Public information currently available includes a user's full name, generalized location, profile picture, headline, industry, pitch, website, last activity timestamp, and online status. If access to an end-user's profile is explicitely granted, the Dazapp may additionally see their last used IP address, geographic coordinates, matching preferences, birthday, gender, email address, and user settings. The current end-user's CV may be set (if profile write permissions are granted) and retrieved. A Dazapp may additionally access the CV of any user that the end-user is in a conversation with. As a reminder, all user information is only accessible to Dazapps of a user's choosing, and access may be revoked at any time.

Dazah Metadata

One of the features of our API is the ability for any third-party Dazapp to assign and retrieve arbitrary metadata that can be attached to any individual user record or chat message. When attaching the metadata, the Dazapp has the ability to specify its privacy setting. The metadata gets stored on the Dazah servers where it may be retrieved either only by the Dazapp that set it, or by all Dazapps that the user who the data is relevant to has previously logged into (and has not subsequently deauthorized access to). Metadata are in the form of freeform text and it is the discretion of the Dazapps that set them to use judgement when choosing to store Dazah metadata.

API Access

The Dazah API exclusively uses the OAuth 2.0 authorization framework to authenticate requests. Users may log into any third-party Dazapp with a single set of login credentials. As part of the login flow, they must grant permission to the Dazapp to gain access to their account. Depending on the permissions the Dazapp requests, and the user grants, the Dazapp may gain the ability to access the user's Dazah profile, make changes to their user profile, read their conversations, write messages on their behalf, access their groups, and/or write group messages on their behalf. Dazapps are granted API access tokens for a specific user which must be sent with every API request they make. The tokens allow the Dazapp to authenticate itself as the end-user, and retrieve information and perform operations from the perspective of the end-user. Access tokens have a shelf life of 24 hours. Every 24 hours, the Dazapp must programatically request a new access token from the API by authenticating themselves along with the token they received from the API during the first time the user granted them access. A user may deauthorize a Dazapp at any time. Doing so will immediately invalidate all tokens associated with the Dazapp for that user.

Message Privacy

Conversations follow a user across the multiple Dazapps that they associate with. There is one single conversation for each pair of users. Therefore, if User A and User B are both using Dazapp 1 and Dazapp 2, both Dazapps will be able to gain access to the entire conversation. Additionally, User A and User B may simultaneously engage in the conversation across multiple Dazapps. The Dazapp is required to only have the user it is currently authenticated against to grant permission to view their conversations. The conversation will be accessible even if the other user has not granted access to the Dazapp to access their conversations.

The Dazah API offers the ability for users to engage in group conversations. Groups have a privacy setting which must be specified when they are created. By making a group private, the group may only be joined via a passphrase.

All messages are permanently stored in the Dazah servers as plain text.

Our Promise

Our promise to you is that security is our top priority. Dazah stores two cookies in your web browser: one to manage your user session, and another to prevent against cross-site request forgery (CSRF) attacks. Both cookies are accessible only over an SSL connection to www.dazah.com and are not accessible via javascript. Neither cookie stores any user-identifying information.

A user may configure their User Settings to deactivate their account. Deactivating an account will immediately invalidate any API tokens that a Dazapp may use to authenticate against the user's Dazah account, prevent any Dazapps from retrieving access to the user's profile, and prevent the user from further authorizing access to any Dazapps. However, deactivating an account will not affect any user data that has been sent to a third-party Dazapp in the past, which the Dazapp chose to store in their own database. Additionally, deactivating an account will not erase any data pertaining to the user from the Dazah servers.

Rights & Ownership

Dazah is owned by DaniWeb® LLC, headquartered in Bayside, Queens, New York. DaniWeb® LLC is the exclusive owner of the DaniWeb online discussion forum that has been in operation for over 15 years. As a result, we take security very seriously. All data submitted to Dazah may reside on our servers indefinitely.

Any questions or concerns may be directed to bizdev@daniwebmail.com

© 2017 DaniWeb® LLC | www.dazah.com
Privacy Policy | Terms of Service | API Terms of Service