Privacy when using this plugin

All the content a user edits locally is rendered locally. Some exceptions apply.

This is the best effort approach and work in progress, not a legal document. To improve this document and the plugin’s privacy functionality, some more work would be required.

You can help by asking the right questions, engaging in a discussion or by sponsoring the plugin’s development. Maybe you are able to pull in experts from your employer or company that could help in one way or another.

Still, this is a spare time project that is happy to accept contributions of any kind.

The good news

  • The plugin does not use tracking and will not collect statistical information about the users or content they edit.

  • The plugin has been designed in a way that the user can edit content on their local PC, and the preview will be rendered locally as well using an embedded instance of Asciidoctor.

  • If the user changes the Safe mode in the plugin’s settings from UNSAFE to any other mode, the preview in JCEF and JavaFX mode will restrict all content to the local project and will prohibit loading of external content using a content security policy (CSP). Starting with plugin version 0.36.6, all untrusted projects will default to the SECURE mode. The IDE shows a “Safe mode, limited functionality” notification once the user opens an AsciiDoc file.

Things to consider

The following list is probably incomplete, but should cover the major points:

  • If the content includes a remote image, the preview will pull that image from the internet and will reveal their IP address. The same applies if they choose to include a remote style sheet for the preview. I am not a lawyer, but usually people consider IP addresses as personal information in the EU.

  • If the user chooses to use the Kroki diagram preview instead of Asciidoctor Diagram, the contents of the diagrams will be transmitted to a Kroki server and rendered there. They can choose to host their own Kroki server. Enabling Kroki also enables the attribute allow-uri-read if the Safe mode is set to UNSAFE. This allows Asciidoctor to read contents from remote locations when converting the AsciiDoc content.

  • In general, users should only edit trusted content in their IDE. If they choose to check out and open an untrusted project, the code of that project might contain malicious snippets as part of the AsciiDoc content and other scripts. These can violate the user’s privacy and can compromise their machine.

  • When the user accesses the plugin’s user’s guide on the web, the web hoster will receive the user’s router’s IP address and browser details and will store it for up to 30 days.

  • If an exception occurs in the user’s IDE and IntelliJ attributes the exception to the AsciiDoc plugin, the user can choose to send information about the exception to the plugin’s Sentry service. All anonymized attachments will be sent unless the user unchecks the checkbox. The user can (and should) review the information before submitting it. It may contain personal information if it is part of the exception’s message, or if the user chooses to enter personal information in the error description. It also contains information about the IDE version, the OS version, a list of other plugins installed in the IDE and standard information Sentry adds.