87 lines
3.4 KiB
YAML
87 lines
3.4 KiB
YAML
# This file lists processing purposes and the personal data gathered by
|
|
# Castopod.
|
|
# It is intended for hosting providers who want to provide a service
|
|
# based on Castopod, helping them to comply with GDPR requirements. Note
|
|
# that the services powered by Castopod may collect more data, HTTP logs
|
|
# in particular. As a hosting provider, you must inform your users of their
|
|
# rights and how their data are used and protected.
|
|
|
|
purposes:
|
|
- description: |
|
|
Deduplicate number of audio file downloads made by the same listener for
|
|
analytics purposes
|
|
lawfulness: legitimate interest
|
|
data:
|
|
- field: (User IP address + Browser User Agent)
|
|
required: yes
|
|
visibility: none
|
|
description: |
|
|
In order to produce analytics data comparable to the podcasting
|
|
ecosystem standards, the User IP address (REMOTE_ADDR) with the
|
|
browser User Agent (HTTP_USER_AGENT) are stored when an audio file
|
|
is downloaded.
|
|
mitigation: |
|
|
The data (User IP address + Browser User Agent) is never stored in
|
|
plain format.
|
|
The data is concatenated with a cryptographic salt, the current date,
|
|
and the podcast or episode IDs.
|
|
The data is hashed (using sha1) after being concatenated and before
|
|
being stored.
|
|
The data is stored in a cache database (eg. Redis).
|
|
The data expires every day at midnight (server time).
|
|
retention: 24 hours maximum
|
|
|
|
- description: Connect users to their accounts
|
|
lawfulness: legitimate interest
|
|
data:
|
|
- field: username
|
|
required: yes
|
|
visibility: authenticated users
|
|
description: |
|
|
The username is used to identify users during the login process.
|
|
The username is only required for users accessing the admin area.
|
|
mitigation: The username does not have to be a real or known identity.
|
|
retention: forever
|
|
|
|
- field: user e-mail address
|
|
required: yes
|
|
visibility: administrators
|
|
description: |
|
|
The e-mail address is used for administrative purposes, to identify users
|
|
during the login process and in case of forgotten password.
|
|
retention: forever
|
|
|
|
- field: password
|
|
required: yes
|
|
visibility: private
|
|
description: |
|
|
The password is used to check the identity of users during the login
|
|
process.
|
|
mitigation: |
|
|
Only hashes (using the Argon2 key derivation function) of the passwords
|
|
are stored in the database (but they transit over the network).
|
|
retention: forever
|
|
|
|
- description: Claim ownership of a podcast
|
|
lawfulness: legitimate interest
|
|
data:
|
|
- field: Podcast e-mail address
|
|
required: yes
|
|
visibility: public
|
|
description: |
|
|
The podcast e-mail address is used to claim podcast ownership on other
|
|
platforms (such as Apple Podcasts).
|
|
mitigation: The e-mail can be generic.
|
|
retention: forever
|
|
- description: Grant access to premium content
|
|
lawfulness: legitimate interest
|
|
data:
|
|
- field: Subscriber's email address
|
|
required: yes
|
|
visibility: administrators
|
|
description: |
|
|
The subscriber's e-mail address is used to provide credentials for
|
|
listening to premium content.
|
|
mitigation: The e-mail can be generic.
|
|
retention: until the subscription ends
|