docs(gdpr.txt): add purpose block for analytics data

2022-04-01 13:42:17 +00:00 · 2022-04-01 13:42:17 +00:00 · 4274cb5d21
parent 0188b67354
commit 4274cb5d21
2 changed files with 47 additions and 0 deletions
--- a/GDPR.txt
+++ b/GDPR.txt
@ -6,6 +6,29 @@
 # in particular. As a hosting provider, you must inform your users of their
 # rights and how their data are used and protected.

+purpose:
+    Deduplicate number of audio file downloads made by the same listener
+    for analytics purposes
+lawfulness: legitimate interest
+
+data: (User IP address + Browser User Agent)
+required: yes
+visibility: none
+description:
+    In order to produce analytics data comparable to the podcasting
+    ecosystem standards, the User IP address (REMOTE_ADDR) with the
+    browser User Agent (HTTP_USER_AGENT) are stored when an audio file
+    is downloaded.
+mitigation:
+    The data (User IP address + Browser User Agent) is never stored in plain
+    format.
+    The data is concatenated with a cryptographic salt, the current date,
+    and the podcast or episode IDs.
+    The data is hashed (using sha1) after being concatenated and before
+    being stored.
+    The data is stored in a cache database (eg. Redis).
+    The data expires every day at midnight (server time).
+
 purpose: Connect users to their accounts
 lawfulness: legitimate interest

--- a/public/.well-known/GDPR.yml
+++ b/public/.well-known/GDPR.yml
@ -7,6 +7,30 @@
 # rights and how their data are used and protected.

 purposes:
+  - description: |
+      Deduplicate number of audio file downloads made by the same listener for
+      analytics purposes
+    lawfulness: legitimate interest
+    data:
+      - field: (User IP address + Browser User Agent)
+        required: yes
+        visibility: none
+        description: |
+          In order to produce analytics data comparable to the podcasting
+          ecosystem standards, the User IP address (REMOTE_ADDR) with the
+          browser User Agent (HTTP_USER_AGENT) are stored when an audio file
+          is downloaded.
+        mitigation: |
+          The data (User IP address + Browser User Agent) is never stored in
+          plain format.
+          The data is concatenated with a cryptographic salt, the current date,
+          and the podcast or episode IDs.
+          The data is hashed (using sha1) after being concatenated and before
+          being stored.
+          The data is stored in a cache database (eg. Redis).
+          The data expires every day at midnight (server time).
+        retention: 24 hours maximum
+
  - description: Connect users to their accounts
    lawfulness: legitimate interest
    data: