Do inbound emails (i.e. not member-to-member) need a privacy policy?

[bnb]

This repo enables a path for Node.js community members to engage with individuals in the project privately.

I think we need to asses the possibility of a privacy policy around inbound emails that AREN'T for member <> member discussions. This would likely need to include something around confidentiality of private info (like name, email address, etc.) and ensuring that the usage of any inbound emails is not used for anything outside of work in the Node.js project.

Here's a list of email aliases that are relatively obviously for inbound emails:

• report@
• security@
• admin@
• accounts@
• moderation@
• user-feedback@

[mhdawson]

It is probably a good idea to document the expectations on the use of info received through this channel. @bnb you want to take a first cut at what that might look like ?

[bnb]

@mhdawson yes, I'd be happy to attempt to take a crack at this - I'm not really sure where to even start, though. I will reach out to a few individuals who might be able to point me in the right direction and move from there.

[mhdawson]

I think it might be something along the first paragraph in https://github.com/nodejs/security-wg/blob/master/processes/security_team_members.md

[bnb]

Yeah, that's definitely a good starting place - thanks!