Update privacy policy default text

[cryptix]

Needs #213.

Should Include use of HIBP. here is a draft:

External service to check for leaked passwords

We use the external service of haveibeenpwned.com (HIBP) to check if a member's login password is contained in a known data leak, making them susceptible to a credential stuffing attack. Since we only send a subset of the hashed password to HIBP, the actual password is not sent to HIBP, nor is any other member information. The technique is explained in more detail in this blog article. We list this here in the interests of transparency, since an error message indicating the use of the HIBP service will be displayed if there is an attempt to use a leaked password. The HIBP service is not used for any member who solely uses Sign-In with SSB and not the password-based login.