Overview

DaniWeb Connect is a login and social messaging platform. It functions as a backend technology to third-party apps ("Daniapps"). Users connect to Daniapps through a single sign-on with their DaniWeb Connect profile. Users may create profiles by connecting via LinkedIn, Facebook, or Google, or by creating new login credentials and completing a profile.

User Information

The minimum amount of data we require for a user registration record is a username and email address. Users who don't opt to build their accounts by connecting via LinkedIn, Facebook, or Google will additionally be prompted for a password. At some point after registration, we may prompt for the completion of a profile, which surveys the user for their professional goals for the purposes of seeding our matching algorithm.

Throughout normal interaction with DaniWeb Connect, or with Daniapps that utilize the DaniWeb Connect API, we record behavior that may be used to help us further improve our matching algorithm and deliver the best matches. For example, we take into consideration data points such as degrees of separation between two users, and we look for patterns to help us further gauge and deliver on a user's needs.

Data Collected from LinkedIn, Facebook, and Google

When signing up or logging in via LinkedIn, Facebook, or Google, we request access to a user's basic profile data for the purposes of creating or updating their registration record. The data retrieved and stored by us may include, but is not limited to, their full name, email address, profile picture, headline, industry, professional summary, birthday, gender, education history, career history, and website. With the exception of a user's email address (which we request a separate permission for), only data that the user has specified as visible on their public LinkedIn, Facebook or Google profile is accessible to us.

Profile Access

Because DaniWeb Connect functions as a lead generation platform designed to introduce users to each other, the majority of a user's profile information is made public programatically through the API to the Daniapps that they choose to use. Additionally, profile information may be set by any Daniapp that is granted the permission to do so. Public information currently available includes a user's full name, generalized location, profile picture, headline, industry, pitch, website, last activity timestamp, and online status. If access to an end-user's profile is explicitely granted, the Daniapp may additionally see their last used IP address, geographic coordinates, matching preferences, birthday, gender, email address, and user settings. The current end-user's CV may be set (if profile write permissions are granted) and retrieved. A Daniapp may additionally access the CV of any user that the end-user is in a conversation with. As a reminder, all user information is only accessible to Daniapps of a user's choosing, and access may be revoked at any time.

DaniWeb Connect Metadata

One of the features of our API is the ability for any third-party Daniapp to assign and retrieve arbitrary metadata that can be attached to any individual user record or chat message. When attaching the metadata, the Daniapp has the ability to specify its privacy setting. The metadata gets stored on the DaniWeb Connect servers where it may be retrieved either only by the Daniapp that set it, or by all Daniapps that the user who the data is relevant to has previously logged into (and has not subsequently deauthorized access to). Metadata are in the form of freeform text and it is the discretion of the Daniapps that set them to use judgement when choosing to store DaniWeb Connect metadata.

API Access

The DaniWeb Connect API exclusively uses the OAuth 2.0 authorization framework to authenticate requests. Users may log into any third-party Daniapp with a single set of login credentials. As part of the login flow, they must grant permission to the Daniapp to gain access to their account. Depending on the permissions the Daniapp requests, and the user grants, the Daniapp may gain the ability to access the user's DaniWeb Connect profile, make changes to their user profile, read their conversations, write messages on their behalf, access their groups, and/or write group messages on their behalf. Daniapps are granted API access tokens for a specific user which must be sent with every API request they make. The tokens allow the Daniapp to authenticate itself as the end-user, and retrieve information and perform operations from the perspective of the end-user. Access tokens have a shelf life of 24 hours. Every 24 hours, the Daniapp must programatically request a new access token from the API by authenticating themselves along with the token they received from the API during the first time the user granted them access. A user may deauthorize a Daniapp at any time. Doing so will immediately invalidate all tokens associated with the Daniapp for that user.

Message Privacy

Conversations follow a user across the multiple Daniapps that they associate with. There is one single conversation for each pair of users. Therefore, if User A and User B are both using Daniapp 1 and Daniapp 2, both Daniapps will be able to gain access to the entire conversation. Additionally, User A and User B may simultaneously engage in the conversation across multiple Daniapps. The Daniapp is required to only have the user it is currently authenticated against to grant permission to view their conversations. The conversation will be accessible even if the other user has not granted access to the Daniapp to access their conversations.

The DaniWeb Connect API offers the ability for users to engage in group conversations. Groups have a privacy setting which must be specified when they are created. By making a group private, the group may only be joined via a passphrase.

All messages are permanently stored in the DaniWeb Connect servers as plain text.

Our Promise

Our promise to you is that security is our top priority. DaniWeb Connect stores two cookies in your web browser: one to manage your user session, and another to prevent against cross-site request forgery (CSRF) attacks. Both cookies are accessible only over an SSL connection to www.daniweb.com and are not accessible via javascript. Neither cookie stores any user-identifying information.

A user may configure their User Settings to deactivate their account. Deactivating an account will immediately invalidate any API tokens that a Daniapp may use to authenticate against the user's DaniWeb Connect account, prevent any Daniapps from retrieving access to the user's profile, and prevent the user from further authorizing access to any Daniapps. However, deactivating an account will not affect any user data that has been sent to a third-party Daniapp in the past, which the Daniapp chose to store in their own database. Additionally, deactivating an account will not erase any data pertaining to the user from the DaniWeb Connect servers.

Rights & Ownership

DaniWeb Connect is owned by DaniWeb® LLC, headquartered in Bayside, Queens, New York. DaniWeb® LLC is the exclusive owner of the DaniWeb online discussion forum that has been in operation for over 15 years. As a result, we take security very seriously. All data submitted to DaniWeb Connect may reside on our servers indefinitely.

Any questions or concerns may be directed to bizdev@daniwebmail.com