Hopefully this question is not quite as scary as the title suggests, I just need a little help to understand what happens under the hood. It encompasses some questions that have already been asked in #1295 and #1296.
So, I have implemented redux-persist in my project and it works well. I am getting close to releasing to production and part of that is to check out GDPR compliance (I'm in the UK). I have run a website scan using Cookiebot, which has given me some good insights. The report tells me that I have a cookie called persist:root and that data is sent to the United States. The latter is an issue because of recent European rulings that have found that Google Analytics violate GDPR rules because the data ends up on US based servers. See this article for a few more details.
I was surprised by this result. I am using the plainest of plain vanilla implementations, most (all?) of the implementation code was cut and pasted from the Quickstart for a web based application.
In this implementation I understood I was using local storage and not a cookie. Have I misunderstood what:
import storage from 'redux-persist/lib/storage' // defaults to localStorage for web
actually does. Does this create and use a cookie?
Secondly, I was surprised to see that Cookiebot thought that data was being sent to the US, is there any reason why this might be the case? My servers are based in the UK.
Finally, in this link @VictorPulzz mentions encrypting data that is stored. Is there a standard way to do this? Is there an encrypting storage engine?
Sorry this is so long and thanks for any help or insights.
Hi,
Hopefully this question is not quite as scary as the title suggests, I just need a little help to understand what happens under the hood. It encompasses some questions that have already been asked in #1295 and #1296.
So, I have implemented redux-persist in my project and it works well. I am getting close to releasing to production and part of that is to check out GDPR compliance (I'm in the UK). I have run a website scan using Cookiebot, which has given me some good insights. The report tells me that I have a cookie called persist:root and that data is sent to the United States. The latter is an issue because of recent European rulings that have found that Google Analytics violate GDPR rules because the data ends up on US based servers. See this article for a few more details.
I was surprised by this result. I am using the plainest of plain vanilla implementations, most (all?) of the implementation code was cut and pasted from the Quickstart for a web based application.
In this implementation I understood I was using local storage and not a cookie. Have I misunderstood what:
actually does. Does this create and use a cookie?
Secondly, I was surprised to see that Cookiebot thought that data was being sent to the US, is there any reason why this might be the case? My servers are based in the UK.
Finally, in this link @VictorPulzz mentions encrypting data that is stored. Is there a standard way to do this? Is there an encrypting storage engine?
Sorry this is so long and thanks for any help or insights.