The Scala Center (hereinafter "We" or "Us") is a Switzerland-based not-for-profit organization within the École Polytechnique Fédérale de Lausanne, hereafter referred to as EPFL. This privacy policy complements the EPFL Privacy Policy.
Our address is EPFL IC SCALA SCALA-GE, INR 319 (Bâtiment INR), Station 14, CH-1015 Lausanne. For any concerns about your data, please contact us at scala.center@epfl.ch.
Scastie (hereinafter "Scastie" or "the Service") is the Web-based application served at https://scastie.scala-lang.org/.
You (hereinafter "You" or "the User") are a user the Service accessing it through its HTTPS endpoints.
The personal data we collect are used solely for the following purposes:
- To identify a User on Scastie and authorize them access to their data, and
- For security, anti-fraud and other detection of harmful behavior by external actors,
- For detection of the Scala compiler crashes,
The data we store is linked to personal data only if a User decides to log in to the Service. It is accessible by the public when Users take an explicit action of compiling and running the snippet. All stored data consists of:
- Code snippets along with their configuration,
- Code snippet result,
- Snippet ID,
- Optional GitHub username if the User is logged in.
For security reasons, we store logs about accesses to the Scastie servers. These logs are necessary to properly detect exploits and attacks on our infrastructure. They also reduce the risk of data breaches that could be the result of such incidents. Logs contain:
- Snippet ID,
- the User IP address, and
- the User GitHub login.
All logs are separated from the running application and will never be shared, sold, rented or traded. We store them in the legitimate interest of providing security for the Service. We reserve the right to identify and report any exploit or breach attempt.
Logs are stored for a duration of one year and can only be accessed by authorities defined at Information protection and disclosure.
We use only cookies that are necessary for login purposes. To that end, we are using session tokens provided by GitHub OAuth services. We do not transfer any data, nor act on behalf of GitHub. See the GitHub privacy policy.
To make sure that Your data is safe, we implement a variety of measures:
- Confidentiality – Your data and the logs can only be accessed by server administrators with the exception of code snippets along with their configuration, which may be visible to any user. No data will ever be shared, sold, rented or traded with third parties.
- Integrity – all of Your data is encrypted and requires proper credentials to be accessed.
- Availability – Your data is regularly backed up.
All connections between Your computer and Our servers are encrypted using Secure Sockets Layers (SSL) to guarantee data safety.
We store Your data for a maximum period of one year after last data access on Our servers at EPFL. They can be accessed or removed upon Your request by contacting Us at scala.center@epfl.ch.
Scastie uses Plausible for web analytics. It is fully compliant with GDPR, CCPA and PECR and is locally hosted on Our servers at EPFL, in Lausanne. See the Plausible privacy policy.
Github.com - we are using GitHub login as an authentication provider and to fetch GitHub avatars. See the GitHub privacy policy.
Sentry.io - we are using Sentry (error monitoring service) as a utility to help us discover and fix problems during application run-time. When an error occurs, a request is made to Sentry containing the error message, the actions that caused it and information about the device on which it happened. The IP address is also sent to Sentry, but it is configured not to store it. See the Sentry privacy policy.