under GDPR we need to declare for how long we retain personal data.
we also need to justify keeping it if there is no specific timeframe.
we may need a mechanism where entirely dormant trees are deleted after x years. and some kind of reminder email notification is sent to everyone in the tree.
and a bit in the privacy policy where we define this.
note: x is undefined.... 5 years? 7 years? lifetime of this site?
this is a bit of a grey area we need to think about.
under GDPR we need to declare for how long we retain personal data. we also need to justify keeping it if there is no specific timeframe.
we may need a mechanism where entirely dormant trees are deleted after x years. and some kind of reminder email notification is sent to everyone in the tree. and a bit in the privacy policy where we define this.
note: x is undefined.... 5 years? 7 years? lifetime of this site? this is a bit of a grey area we need to think about.