Skip to content
Snippets Groups Projects
Normal view Permalink
GDPR.txt 2.74 KiB
Newer Older
Benjamin Bellamy's avatar
docs(gdpr): add GDPR.txt file following the gdpr-txt.org spec
Benjamin Bellamy committed
1 2 3 4 5 6 7 8 
# This file lists processing purposes and the personal data gathered by
# Castopod.
# It is intended for hosting providers who want to provide a service
# based on Castopod, helping them to comply with GDPR requirements. Note
# that the services powered by Castopod may collect more data, HTTP logs
# in particular. As a hosting provider, you must inform your users of their
# rights and how their data are used and protected.
Benjamin Bellamy's avatar
docs(gdpr.txt): add purpose block for analytics data  
Benjamin Bellamy committed
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 
purpose:
    Deduplicate number of audio file downloads made by the same listener
    for analytics purposes
lawfulness: legitimate interest

data: (User IP address + Browser User Agent)
required: yes
visibility: none
description:
    In order to produce analytics data comparable to the podcasting
    ecosystem standards, the User IP address (REMOTE_ADDR) with the
    browser User Agent (HTTP_USER_AGENT) are stored when an audio file
    is downloaded.
mitigation:
    The data (User IP address + Browser User Agent) is never stored in plain
    format.
    The data is concatenated with a cryptographic salt, the current date,
    and the podcast or episode IDs.
    The data is hashed (using sha1) after being concatenated and before
    being stored.
    The data is stored in a cache database (eg. Redis).
    The data expires every day at midnight (server time).
Benjamin Bellamy's avatar
docs(gdpr): add GDPR.txt file following the gdpr-txt.org spec
Benjamin Bellamy committed
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 
purpose: Connect users to their accounts
lawfulness: legitimate interest

data: username
required: yes
visibility: authenticated users
description:
    The username is used to identify users during the login process.
    The username is only required for users accessing the admin area.
mitigation:
    The username does not have to be a real or known identity.

data: user e-mail address
required: yes
visibility: administrators
description:
    The e-mail address is used for administrative purposes, to identify users
    during the login process and in case of forgotten password.

data: password
required: yes
visibility: private
description:
    The password is used to check the identity of users during the login
    process.
mitigation:
    Only hashes (using the Argon2 key derivation function) of the passwords
    are stored in the database (but they transit over the network).

purpose: Claim ownership of a podcast
lawfulness: legitimate interest

data: Podcast e-mail address
required: yes
visibility: public
description:
    The podcast e-mail address is used to claim podcast ownership on other
    platforms (such as Apple Podcasts).
mitigation:
    The e-mail can be generic.
Yassine Doghri's avatar
feat(gdpr): add purpose for granting access to premium content  
Yassine Doghri committed
72 73 74 75 76 77 78 79 80 81 82 83 

purpose: Grant access to premium content
lawfulness: legitimate interest

data: Subscriber's email address
required: yes
visibility: administrators
description:
    The subscriber's e-mail address is used to provide credentials for
    listening to premium content.
mitigation:
    The e-mail can be generic.