© Liquid Investigations
Liquid Investigations is a self-hosted knowledge production platform, allowing users full control over their data.
The Administrators are responsible for ensuring compliance with relevant local and international laws and regulations: GDPR, Data Protection Act, California Consumer Privacy Act, etc.
Liquid Investigations components are generally provided under the terms of the MIT Open Source software license.
Some components are made available using different software licenses, including the MIT Expat License, the Apache License Version 2.0, the GNU Affero General Public License Version 3.0, and others.
See the full list of licenses on GitHub: View Licenses
The Administrators are responsible for ensuring compliance with the licenses of the software components enabled on their servers.
The Administrator, who is self-hosting Liquid Investigations, takes full responsibility for their own data security and retention policies and for ensuring compliance with relevant local and international laws and regulations.
In the European Union, the GDPR guarantees your right to information about your personal data, as well as your rights to rectification, erasure, and portability (e.g. for transferring data). Furthermore, you have a right to restriction and objection of processing your data.
The following sections explain data handling policies for the default production configuration of Liquid Investigations; the Administrators may change some of these settings.
Liquid Investigations software only retains data necessary for running the services. The data is stored only on the servers running the software. This includes:
Liquid Investigations software does not share any data with third parties (including the Liquid Investigations project). No telemetry, tracking, or analytics data ever leaves your servers.
To obtain exports of your data, as mandated by GDPR or other relevant legislation, contact the Administrator that provided you with your account.
To request deletion or correction of your data, as mandated by GDPR or other relevant legislation, contact the Administrator that provided you with your account.
This section describes who has access to each type of data hosted on the Liquid Investigations software.
NO ACCESS. Liquid Investigations requires all users to be invited by the Administrators and to own a valid account.
LIMITED ACCESS. User accounts have limited access to data, based on the access control settings configured by the Administrators.
ACCESS TO ALL APPLICATION ADMINISTRATION INTERFACES. User accounts marked as “Staff” and “Administrator” have access to all the administration zones for the different apps. This means they can edit access control settings, register new user accounts, and terminate accounts. On some of the apps, they can also directly access all user data.
Hoover: Hoover Administrators can access all data uploaded into all collections but cannot access User Search Queries or Private Tags.
COMPLETE ACCESS TO ALL DATA. As all data is hosted on servers under their control, the System Administrators have the ability to query all internal databases and access, backup, restore, modify, correct, or delete user data.
The System Administrator is responsible for the security of their data and servers when hosting the Liquid Investigations software. We provide documentation for securing systems: Security Recommendations.
In the case of a security breach, System Administrators must take the actions required by them under local and international laws and regulations, including informing authorities, notifying users, and isolating affected machines.
If a security breach event is related to a security defect (vulnerability) in Liquid Investigations, please disclose the details at rcij@riseup.net (pgp: 0x8234F8D4A624D9F4).
Liquid Investigations makes use of public services, such as GitHub and Docker Hub, to host and distribute the software. All such services are listed below:
© Liquid Investigations