saulteafarmer/castopod
1
0
Fork 0
mirror of https://code.castopod.org/adaures/castopod synced 2025-09-03 18:29:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(gdpr.txt): add purpose block for analytics data

Browse Source
This commit is contained in:
Benjamin Bellamy 2022-04-01 13:42:17 +00:00 committed by Yassine Doghri
parent 0188b67354
commit 4274cb5d21
2 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
GDPR.txt
View File

@ -6,6 +6,29 @@
# in particular. As a hosting provider, you must inform your users of their # in particular. As a hosting provider, you must inform your users of their
# rights and how their data are used and protected. # rights and how their data are used and protected.
purpose:
Deduplicate number of audio file downloads made by the same listener
for analytics purposes
lawfulness: legitimate interest
data: (User IP address + Browser User Agent)
required: yes
visibility: none
description:
In order to produce analytics data comparable to the podcasting
ecosystem standards, the User IP address (REMOTE_ADDR) with the
browser User Agent (HTTP_USER_AGENT) are stored when an audio file
is downloaded.
mitigation:
The data (User IP address + Browser User Agent) is never stored in plain
format.
The data is concatenated with a cryptographic salt, the current date,
and the podcast or episode IDs.
The data is hashed (using sha1) after being concatenated and before
being stored.
The data is stored in a cache database (eg. Redis).
The data expires every day at midnight (server time).
purpose: Connect users to their accounts purpose: Connect users to their accounts
lawfulness: legitimate interest lawfulness: legitimate interest

24
public/.well-known/GDPR.yml
View File

@ -7,6 +7,30 @@
# rights and how their data are used and protected. # rights and how their data are used and protected.
purposes: purposes:
- description: |
Deduplicate number of audio file downloads made by the same listener for
analytics purposes
lawfulness: legitimate interest
data:
- field: (User IP address + Browser User Agent)
required: yes
visibility: none
description: |
In order to produce analytics data comparable to the podcasting
ecosystem standards, the User IP address (REMOTE_ADDR) with the
browser User Agent (HTTP_USER_AGENT) are stored when an audio file
is downloaded.
mitigation: |
The data (User IP address + Browser User Agent) is never stored in
plain format.
The data is concatenated with a cryptographic salt, the current date,
and the podcast or episode IDs.
The data is hashed (using sha1) after being concatenated and before
being stored.
The data is stored in a cache database (eg. Redis).
The data expires every day at midnight (server time).
retention: 24 hours maximum
- description: Connect users to their accounts - description: Connect users to their accounts
lawfulness: legitimate interest lawfulness: legitimate interest
data: data: