====== Personal Data and Privacy ======

When a user registers with the wiki, the following information is stored:
  * A user name (which must be their [[:public:membership number]])
  * An email address
  * A "real name" (which need not be their actual name)
  * [[:reps network|Reps]] and [[public:branch_committee]] members have their status recorded.
**The fact of your registration with the wiki indicates that you are a member of Prospect.** We understand and respect that this makes our user data highly sensitive information. If you would like to remain anonymous, you can use an email address which does not contain your name and set your "real name" to something like "Anonymous Member".

User data is not publicised on the wiki if you are only reading it. If you edit a page, then your username and "real name" will be associated with that edit. If you create a [[:user:start|user page]] then the title of this page will default to your "real name". We ask that those editing the wiki genuinely use their real name, for reasons of accountability. Email addresses are never publicised on the wiki.

User data is stored in one plain-text file on the server. Only the wiki admins ([[user>cmacmackin|Chris MacMackin]] and [[user>tjames|Toby James]]) can get access to this information through the web admin interface. Currently, both of these admins would also have access to this information via the central Prospect website. Admin access will be restricted to a special account, separate from the ones normally used by the individual mentioned above. This will reduce the likelihood of someone finding the account logged in on an unattended computer.

Beyond the wiki's own web interface, the user data can also be accessed by the webmaster ([[user>cmacmackin|Chris macMackin]]) by logging into the control panel of the webhosting provider, via FTP, or WebDAV. All of these are protected by the webmaster's password. Again, currently the webmaster would be able to access this information anyway via the central Prospect website. The sysadmin of the hosting provider would also unavoidably be able to access the data. The only way to avoid that would be to self-host the server and that likely carries even greater risk of failing to keep the server secure. The server is located in the United States and there is no reason the host providers would be interested in this information.