We offer this private information removal process as an exceptional service only for high-risk content that violates the Block Protocol Terms of Service, such as when your security is at risk from exposed access credentials. This guide describes the information the Block Protocol needs from you in order to process a request to remove private information from a project.
For the purposes of this document, “private information” refers to content that (i) should have been kept confidential, and (ii) whose public availability poses a specific or targeted security risk to you or your organization.
"Security risk" refers to a situation involving exposure to physical danger, identity theft, or increased likelihood of unauthorized access to physical or network facilities.
Ask Nicely First. A great first step before sending us a request to remove data is to try contacting the user directly. They may have listed contact information on their public profile page or in a project's README, or you could get in touch by creating a discussion or comment-thread on the project. This is not strictly required, but it is appreciated.
No Bots. You should have a trained professional evaluate the facts of every request you send. If you're outsourcing your efforts to a third party, make sure you know how they operate, and make sure they are not using automated bots to submit complaints in bulk. These complaints often include data that does not pose any security threats, and they do not include sufficient explanations, requiring additional back-and-forth and resulting in delays, even when the complaint is valid.
Send In The Correct Request. As noted above, we offer this private information removal process as an exceptional service only for high-risk content. We are not able to use this process to remove other kinds of content, such as potentially infringing content, and we are not able to process any other kinds of removal requests simultaneously while processing private information removal requests. We will be able to help you more quickly if you send in your private information removal requests separately from any requests to remove potentially infringing content. If you are unsure whether your request involves only private information or also involves other legal matters, please consult legal counsel.
Processing Time. While we do process private information removal requests as quickly as possible, due to the volume of requests we process, it may take some time for your request to be reviewed. Additional requests, or multiple requests from additional points of contact, may result in delays.
Complainant Investigates. It is up to the requesting party to conduct their own investigation and to provide us with the details we require — most importantly, an explanation of how the data poses a security risk. The Block Protocol is not in a position to search for or make initial determinations about private information on any individual's or organization's behalf.
Complainant Sends a Private Information Removal Request. After conducting an investigation, the complainant prepares and sends a private information removal request to the Block Protocol. If the request is not sufficiently detailed to demonstrate the security risk and for the Block Protocol to locate the data, we will reply and ask for more information.
The Block Protocol Asks User to Make Changes. In most cases, we will contact the user who created the project and give them an opportunity to delete or modify the private information specified in the request or to dispute the claim.
User Notifies the Block Protocol of Changes. If the user chooses to make the specified changes, they must tell us so within the window of time they've been allowed. If they don't, we will disable the project. If the user notifies us that they made changes, we will verify that the changes have been made and notify the complainant.
User May Dispute the Request. If a user believes the content in question is not private information subject to this Policy, they may dispute it. If they do, we will generally leave it up to the complainant to contact the user and work things out with them directly, within reason.
Complainant Reviews Changes. If the user makes changes, the complainant must review them. If the changes are insufficient, the complainant must provide the Block Protocol with details explaining why. The Block Protocol may disable the project or give the user an additional chance to make the changes.
User May Request an Additional Window to Make Changes. If the user missed their opportunity to remove the private information specified in the notice, we may allow them an additional window of approximately 1 business day, upon request, to make those changes. In that event, the Block Protocol will notify the complainant.
The Block Protocol allows users to "fork" one another's projects. In essence, this means that users can make a copy of a project such as a type or a block in the Block Protocol Hub into their own namespace. As the license or the law allows, users can then make changes to that fork to either push back to the main project or just keep as their own variation of a project. Each of these copies is a "fork" of the original project, which in turn may also be called the "parent" of the fork.
The Block Protocol will not automatically disable forks when disabling a parent project. This is because forks belong to different users and may have been altered in significant ways. The Block Protocol does not conduct any independent investigation into forks. We expect those sending private information removal requests to conduct that investigation and, if they believe that the forks also contain private information, expressly include forks in their request.
If at the time that you submitted your notice, you identified all existing forks of that projects, we would process a valid claim against all forks in that network at the time we process the notice. We would do this given the likelihood that all newly created forks would contain the same content. In addition, if the reported network that contains the reported content is larger than one hundred (100) projects and thus would be difficult to review in its entirety, we may consider disabling the entire network if you state in your notice that, based on the representative number of forks you have reviewed, you believe that all or most of the forks contain the content reported in the parent project.
Make your request specific. Due to the type of content the Block Protocol hosts (mostly software code) and the way that content is managed (with Git), we need complaints to be as specific as possible. In order for us to verify that a user has removed reported private information completely, we need to know exactly where to look.
These guidelines are designed to make the processing of requests to remove private information as straightforward as possible.
You can submit your request to remove private information via our contact form. Please include a plain-text version of your request in the body of your message. Sending your request in an attachment may result in processing delays.
If you received a private information removal request from us, you can dispute it by replying to our email and letting us know — in as much detail as possible — why you think the content in question is not private information subject to this Policy.