Ghost/PRIVACY.md
Rishabh Garg 099afffbec
Updated third-party service readme for frontend apps (#15091)
- We've changed which CDN we use, we need to document the right one!

Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
2022-07-27 11:04:37 +01:00

2.8 KiB

Privacy

This is a plain English summary of all of the components within Ghost which may affect your privacy in some way. Please keep in mind that if you use third party Themes or Apps with Ghost, there may be additional things not listed here.

Each of the items listed in this document can be disabled via Ghost's config.[env].json file. Check out the configuration guide for details.

Official Services

Some official services for Ghost are enabled by default. These services connect to Ghost.org and are managed by the Ghost Foundation: the Non-Profit organisation which runs the Ghost project.

Automatic Update Checks

When a new session is started, Ghost pings a Ghost.org service to check if the current version of Ghost is the latest version of Ghost. If an update is available, a notification on the About Page appears to let you know.

Ghost will collect basic anonymised usage statistics from your blog before sending the request to the service. You can disable collecting statistics using the privacy configuration. You will still receive notifications from the service.

All of the information and code related to this service is available in the update-check.js file.

Third Party Services

Ghost uses a number of third party services for specific functionality within Ghost.

JSDELIVR

To easily load functionality for membership features & search, Ghost leverages JSDELIVR to provide a CDN for drop-in scripts.

Gravatar

To automatically populate your profile picture, Ghost pings Gravatar to see if your email address is associated with a profile there. If it is, we pull in your profile picture. If not: nothing happens.

RPC Pings

When you publish a new post, Ghost sends out an RPC ping to let third party services know that new content is available on your blog. This enables search engines and other services to discover and index content on your blog more quickly. At present Ghost sends an RPC ping to the following service when you publish a new post:

RPC pings only happen when Ghost is running in the production environment.

Structured Data

Ghost outputs basic meta tags to allow rich snippets of your content to be recognised by popular social networks. Currently there are 3 supported rich data protocols which are output in {{ghost_head}}:

Default Theme

The default theme which comes with Ghost loads a copy of jQuery from the jQuery Foundation's public CDN.