GDPR compliance #862

[CeciliaHinga]

COGECO, a $30k deal, wants to be sure we are GDPR compliant. We need to complete this by May when they want to start using the app.

• [x] Update Privacy policy to reflect GDPR compliance including SMS Gateways
• [ ] Delete user and org avatars from storage if user or org is deleted
• [ ] Delete chargebee accounts if organisation is deleted
• [x] Delete csv files an hour after upload is done
• [ ] Document how we are to give data to users - for the sake of the right to download/ get data

[CeciliaHinga]

There is one thing that came up on discussion with Linda, if I recall correctly. It would be to discard the CSV files uploaded to the private S3bucket, once they have been processed.

We could implement this easily with a lifecycle rule that would discard files X seconds after their creation (i.e. the following day).

Shall I apply such rule to the private bucket, but only to the "contacts" folder?

[CeciliaHinga]

@tuxpiper Yes. Ok to discard files in contacts folder after 24 hours.

[CeciliaHinga]

@tuxpiper can you confirm if the first part is done? Thanks

[CeciliaHinga]

Files with contacts (csv) are removed about a day after their upload . One more item of the list down.

[CeciliaHinga]

Great! Thanks David.