benoitc
commented
3 years ago this a must have actually. maybe we should hire a professional for it ? cc @ahw59
Open benoitc opened 3 years ago
benoitc
commented
3 years ago this a must have actually. maybe we should hire a professional for it ? cc @ahw59
benoitc
commented
3 years ago we need to clarify for our members what is processed/keept from our members. This is a legal requirements.
I am starting here a list of items we should have to build a policy compliant with the GRPD or CA law.
Anything else?
starbelly
commented
3 years ago If we want some kind of certification of compliance, then yes we need to hire a professional.
benoitc
commented
3 years ago @starbelly what third party tools/services are used for the website? What data are shared with them?
So far I see:
what is missing?
Also what data do we collect from members? Do we have a way to easily remove or extract all the data for a member if requested?
starbelly
commented
3 years ago There is also plausible for analytics and honeybadger for error reporting. I believe that covers it.
Also what data do we collect from members? Do we have a way to easily remove or extract all the data for a member if requested?
Data to plausible is completely anonymized, anything that might end up in honeybadger is retained for 15 days.
In the website itself we do not store anything more than an email address and name, the rest are system settings if you will.
we need to clarify for our members what is processed/keept from our members. This is a legal requirements.