Update Community Cloud trust and security policy (#900)

* Clarify data at rest

* Clarify authentication to access apps

* Describe deletion workflow and policy

* Use "teams" instead of "parnters" to refer to internal testing

* Add shared responsibility to Trust and security page

* Reword and clarify "customer data"

* Missing word from copy-paste

* Use "personnel" instead of "employees"

* Link to deletion policy

content/streamlit-cloud/get-started/security-model.md

@@ -3,7 +3,7 @@ title: Streamlit Trust and Security
 slug: /streamlit-community-cloud/get-started/trust-and-security
 ---
 
-# Streamlit Trust and Security
+# Streamlit trust and security
 
 Streamlit is a framework that turns Python scripts into interactive apps, giving data scientists the ability to quickly create data and model-based apps for the entire company.
 
@@ -17,47 +17,55 @@ st.text("Your number is " + str(number))
 
 When you `streamlit run my_app.py`, you start a web server that runs the interactive application on your local computer at `http://localhost:8501`. This is great for local development. When you want to share with your colleagues, Streamlit Community Cloud enables you to deploy and run these applications in the cloud. Streamlit Community Cloud handles the details of containerization and provides you an interface for easily managing your deployed apps.
 
-This document provides an overview of the security safeguards we've implemented to protect you and your data.
+This document provides an overview of the security safeguards we've implemented to protect you and your data. Security, however, is a shared responsibility and you are ultimately responsible for making appropriate use of Streamlit and the Streamlit Community Cloud, including implementation of appropriate user-configurable security safeguards and best practices.
 
-## Product Security
+## Product security
 
 ### Authentication
 
-You must authenticate through GitHub to deploy or administer an app. Authentication through Google or single-use emailed links are required to view a private app for which you are not an admin. These links are valid for 15 minutes once requested.
+You must authenticate through GitHub to deploy or administer an app. Authentication through Google or single-use emailed links are required to view a private app when you don't have push or admin permissions on the associated GitHub repository. The single-use emailed links are valid for 15 minutes once requested.
 
 ### Permissions
 
 Streamlit Community Cloud inherits the permissions you have assigned in GitHub. Users with write access to a GitHub repository for a given app will be able to make changes in the Streamlit administrative console. However, only users with _admin access_ to a repository are able to **deploy and delete apps**.
 
-## Network and Application Security
+## Network and application security
 
-### Data Hosting
+### Data hosting
 
 Our physical infrastructure is hosted and managed within secure data centers maintained by infrastructure-as-a-service cloud providers. Streamlit leverages many of these platforms' built-in security, privacy, and redundancy features. Our cloud providers continually monitor their data centers for risk and undergo assessments to ensure compliance with industry standards.
 
-### Virtual Private Cloud
+### Data deletion
+
+Community Cloud users have the option to delete any apps they’ve deployed as well as their entire account.
+
+When a user deletes their application from the admin console, we delete their source code, including any files copied from their GitHub repository or created within our system from the running app. However, we keep a record representing the application in our database. This record contains the coordinates of the application: the GitHub organization or user, the GitHub repository, the branch, and the path of the main module file.
+
+When a user deletes their account, we perform a hard deletion of their data and a hard deletion of all the apps that belong to the GitHub identity associated with their account. In this case, we do not maintain the records of application coordinates described above. When an account is deleted, we also delete any HubSpot contact associated with the Community Cloud account.
+
+### Virtual private cloud
 
 All of our servers are within a virtual private cloud (VPC) with firewalls and network access control lists (ACLs) to allow external access to a select few API endpoints; all other internal services are only accessible within the VPC.
 
 ### Encryption
 
 Streamlit apps are served entirely over HTTPS. We use only strong cipher suites and HTTP Strict Transport Security (HSTS) to ensure browsers interact with Streamlit apps over HTTPS.
 
-All data sent to or from Streamlit over the public internet is encrypted in transit using 256-bit encryption. Our API and application endpoints use Transport Layer Security (TLS) 1.2 (or better). We also encrypt data at rest using AES-256.
+All data sent to or from Streamlit over the public internet is encrypted in transit using 256-bit encryption. Our API and application endpoints use Transport Layer Security (TLS) 1.2 (or better). We also encrypt data at rest on disk using AES-256.
 
-### Permissions and Authentication
+### Permissions and authentication
 
-Access to customer data is limited to authorized employees. We run a zero-trust corporate network, utilize single sign-on and multi-factor authentication (MFA), and enforce strong password policies to ensure access to cloud-related services is protected.
+Access to Community Cloud user account data is limited to authorized personnel. We run a zero-trust corporate network, utilize single sign-on and multi-factor authentication (MFA), and enforce strong password policies to ensure access to cloud-related services is protected.
 
-### Incident Response
+### Incident response
 
-Our internal protocol for handling security events includes detection, analysis, response, escalation, and mitigation procedures. Security advisories are made available at [https://streamlit.io/advisories](https://streamlit.io/advisories).
+Our internal protocol for handling security events includes detection, analysis, response, escalation, and mitigation. Security advisories are made available at [https://streamlit.io/advisories](https://streamlit.io/advisories).
 
-### Penetration Testing
+### Penetration testing
 
-Streamlit uses third-party security tools to scan for vulnerabilities on a regular basis. Our security partners conduct periodic, intensive penetration tests on the Streamlit platform. Our product development team responds to any identified issues or potential vulnerabilities to ensure the quality, security, and availability of Streamlit applications.
+Streamlit uses third-party security tools to scan for vulnerabilities on a regular basis. Our security teams conduct periodic, intensive penetration tests on the Streamlit platform. Our product development team responds to any identified issues or potential vulnerabilities to ensure the quality, security, and availability of Streamlit applications.
 
-### Vulnerability Management
+### Vulnerability management
 
 We keep our systems up-to-date with the latest security patches and continuously monitor for new vulnerabilities. This includes automated scanning of our code repositories for vulnerable dependencies.
 

content/streamlit-cloud/manage-your-account/delete-your-account.md

@@ -5,7 +5,7 @@ slug: /streamlit-community-cloud/manage-your-account/delete-your-account
 
 # Delete your account
 
-Deleting your Streamlit Community Cloud account is just as easy as creating it. When you delete your account, your information, account, and all your hosted apps are deleted as well.
+Deleting your Streamlit Community Cloud account is just as easy as creating it. When you delete your account, your information, account, and all your hosted apps are deleted as well. Read more about data deletion in [Streamlit trust and security](/streamlit-community-cloud/get-started/trust-and-security#data-deletion).
 
 <Warning>
 

content/streamlit-cloud/manage-your-app/delete-your-app.md

@@ -7,40 +7,41 @@ slug: /streamlit-community-cloud/manage-your-app/delete-your-app
 
 If you need to delete your app, it's simple and easy. There are several cases where you may need to delete your app:
 
-* You have finished playing around with an example app.
-* You want to deploy from a private repository but already have a private app.
-* You want to change the Python version for your app or otherwise redeploy your app.
+- You have finished playing around with an example app.
+- You want to deploy from a private repository but already have a private app.
+- You want to change the Python version for your app or otherwise redeploy your app.
 
-If you delete your app and intend to immediately redploy it, your custom subdomain should be immediately available for reuse.
+If you delete your app and intend to immediately redploy it, your custom subdomain should be immediately available for reuse. Read more about data deletion in [Streamlit trust and security](/streamlit-community-cloud/get-started/trust-and-security#data-deletion).
 
 You can delete your app:
-* [From your workspace](#delete-your-app-from-your-workspace).
-* [From your Cloud logs](#delete-your-app-from-your-cloud-logs).
+
+- [From your workspace](#delete-your-app-from-your-workspace).
+- [From your Cloud logs](#delete-your-app-from-your-cloud-logs).
 
 ### Delete your app from your workspace
 
 1. From your workspace at <a href="https://share.streamlit.io" target="_blank">share.streamlit.io</a>, click the overflow icon (<i style={{ verticalAlign: "-.25em" }} className={{ class: "material-icons-sharp" }}>more_vert</i>) next to your app. Click "**Delete**".
 
-    ![Delete your app from your workspace](/images/streamlit-community-cloud/workspace-app-delete.png)
+   ![Delete your app from your workspace](/images/streamlit-community-cloud/workspace-app-delete.png)
 
 2. A confirmation will display. Enter the required confirmation string and click "**Delete**".
 
-    <div style={{ maxWidth: '50%', margin: 'auto' }}>
-    <Image alt="Confirm deleting your app from Streamlit Community Cloud" src="/images/streamlit-community-cloud/workspace-app-delete-confirm.png" clean />
-    </div>
+<div style={{ maxWidth: '50%', margin: 'auto' }}>
+<Image alt="Confirm deleting your app from Streamlit Community Cloud" src="/images/streamlit-community-cloud/workspace-app-delete-confirm.png" clean />
+</div>
 
 ### Delete your app from your Cloud logs
 
 1. From your app at `<your-custom-subdomain>.streamlit.app`, click "**Manage app**" in the lower-right corner.
 
-    ![Access Streamlit Community Cloud logs from your app](/images/streamlit-community-cloud/cloud-logs-open.png)
+   ![Access Streamlit Community Cloud logs from your app](/images/streamlit-community-cloud/cloud-logs-open.png)
 
 2. Click the overflow menu icon (<i style={{ verticalAlign: "-.25em" }} className={{ class: "material-icons-sharp" }}>more_vert</i>) and click "**Delete app**".
 
-    ![Delete your app from your Cloud logs](/images/streamlit-community-cloud/cloud-logs-menu-delete.png)
+   ![Delete your app from your Cloud logs](/images/streamlit-community-cloud/cloud-logs-menu-delete.png)
 
 3. A confirmation will display. Enter the required confirmation string and click "**Delete**".
 
-    <div style={{ maxWidth: '50%', margin: 'auto' }}>
-    <Image alt="Confirm deleting your app from Streamlit Community Cloud" src="/images/streamlit-community-cloud/workspace-app-delete-confirm.png" clean />
-    </div>
+<div style={{ maxWidth: '50%', margin: 'auto' }}>
+<Image alt="Confirm deleting your app from Streamlit Community Cloud" src="/images/streamlit-community-cloud/workspace-app-delete-confirm.png" clean />
+</div>