Open benoitc opened 3 years ago
this a must have actually. maybe we should hire a professional for it ? cc @ahw59
we need to clarify for our members what is processed/keept from our members. This is a legal requirements.
I am starting here a list of items we should have to build a policy compliant with the GRPD or CA law.
Anything else?
If we want some kind of certification of compliance, then yes we need to hire a professional.
@starbelly what third party tools/services are used for the website? What data are shared with them?
So far I see:
what is missing?
Also what data do we collect from members? Do we have a way to easily remove or extract all the data for a member if requested?
There is also plausible for analytics and honeybadger for error reporting. I believe that covers it.
Also what data do we collect from members? Do we have a way to easily remove or extract all the data for a member if requested?
Data to plausible is completely anonymized, anything that might end up in honeybadger is retained for 15 days.
In the website itself we do not store anything more than an email address and name, the rest are system settings if you will.
we need to clarify for our members what is processed/keept from our members. This is a legal requirements.