GDPR.txt 2.74 KB
Newer Older
1
2
3
4
5
6
7
8
# This file lists processing purposes and the personal data gathered by
# Castopod.
# It is intended for hosting providers who want to provide a service
# based on Castopod, helping them to comply with GDPR requirements. Note
# that the services powered by Castopod may collect more data, HTTP logs
# in particular. As a hosting provider, you must inform your users of their
# rights and how their data are used and protected.

9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
purpose:
    Deduplicate number of audio file downloads made by the same listener
    for analytics purposes
lawfulness: legitimate interest

data: (User IP address + Browser User Agent)
required: yes
visibility: none
description:
    In order to produce analytics data comparable to the podcasting
    ecosystem standards, the User IP address (REMOTE_ADDR) with the
    browser User Agent (HTTP_USER_AGENT) are stored when an audio file
    is downloaded.
mitigation:
    The data (User IP address + Browser User Agent) is never stored in plain
    format.
    The data is concatenated with a cryptographic salt, the current date,
    and the podcast or episode IDs.
    The data is hashed (using sha1) after being concatenated and before
    being stored.
    The data is stored in a cache database (eg. Redis).
    The data expires every day at midnight (server time).

32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
purpose: Connect users to their accounts
lawfulness: legitimate interest

data: username
required: yes
visibility: authenticated users
description:
    The username is used to identify users during the login process.
    The username is only required for users accessing the admin area.
mitigation:
    The username does not have to be a real or known identity.

data: user e-mail address
required: yes
visibility: administrators
description:
    The e-mail address is used for administrative purposes, to identify users
    during the login process and in case of forgotten password.

data: password
required: yes
visibility: private
description:
    The password is used to check the identity of users during the login
    process.
mitigation:
    Only hashes (using the Argon2 key derivation function) of the passwords
    are stored in the database (but they transit over the network).

purpose: Claim ownership of a podcast
lawfulness: legitimate interest

data: Podcast e-mail address
required: yes
visibility: public
description:
    The podcast e-mail address is used to claim podcast ownership on other
    platforms (such as Apple Podcasts).
mitigation:
    The e-mail can be generic.
72
73
74
75
76
77
78
79
80
81
82
83

purpose: Grant access to premium content
lawfulness: legitimate interest

data: Subscriber's email address
required: yes
visibility: administrators
description:
    The subscriber's e-mail address is used to provide credentials for
    listening to premium content.
mitigation:
    The e-mail can be generic.