A couple of users on the genzedong matrix chat expressed concern over Lemmygrad’s lack of privacy policy. Lemmy already supports setting legal information in the site admin settings (although it’s hard to find the legal page if you don’t already know about it since there are no links to there).
It could also be worth letting admins on other instances know about this feature, as I’m sure many of them would want to add privacy policies to their instances as well.
looking into it
lol more seriously, we’ll look at writing one but overall Lemmygrad doesn’t collect anything beyond what is necessary for the site and federation to function, it runs the stock Lemmy code (which I know isn’t saying much because I can’t read that code like most everyone lol) without adding any additional tracking.
The only thing I could see being relevant (since Lemmygrad doesn’t collect data) would be letting users know that Lemmy may still be missing some privacy features/have some existing privacy issues. This is a pretty big example.
I know out of the box Lemmy doesn’t provide any real analytics like Google Analytics or anything similar.
Other then that, only your account actions are logged, which is necessary for the site/service to function.
It should be noted that the use of any native apps that are not FOSS in origin could offer your data up too the app vendor. Jerboa requires no permissions to install, and is maintained by one of the Lemmy devs. From what I can tell it also doesn’t collect anything other than your account actions.
But that is separate from Lemmygrad.
I think what can be good is to know to what extend lemmy instances can follow through with users asking to apply GDPR rules like right to be forgotten, and to what extend lemmy instances naturally respect GDPR laws of any European countries