49 lines
1.6 KiB
Plaintext
49 lines
1.6 KiB
Plaintext
# This file lists processing purposes and the personal data gathered by
|
|
# Castopod.
|
|
# It is intended for hosting providers who want to provide a service
|
|
# based on Castopod, helping them to comply with GDPR requirements. Note
|
|
# that the services powered by Castopod may collect more data, HTTP logs
|
|
# in particular. As a hosting provider, you must inform your users of their
|
|
# rights and how their data are used and protected.
|
|
|
|
purpose: Connect users to their accounts
|
|
lawfulness: legitimate interest
|
|
|
|
data: username
|
|
required: yes
|
|
visibility: authenticated users
|
|
description:
|
|
The username is used to identify users during the login process.
|
|
The username is only required for users accessing the admin area.
|
|
mitigation:
|
|
The username does not have to be a real or known identity.
|
|
|
|
data: user e-mail address
|
|
required: yes
|
|
visibility: administrators
|
|
description:
|
|
The e-mail address is used for administrative purposes, to identify users
|
|
during the login process and in case of forgotten password.
|
|
|
|
data: password
|
|
required: yes
|
|
visibility: private
|
|
description:
|
|
The password is used to check the identity of users during the login
|
|
process.
|
|
mitigation:
|
|
Only hashes (using the Argon2 key derivation function) of the passwords
|
|
are stored in the database (but they transit over the network).
|
|
|
|
purpose: Claim ownership of a podcast
|
|
lawfulness: legitimate interest
|
|
|
|
data: Podcast e-mail address
|
|
required: yes
|
|
visibility: public
|
|
description:
|
|
The podcast e-mail address is used to claim podcast ownership on other
|
|
platforms (such as Apple Podcasts).
|
|
mitigation:
|
|
The e-mail can be generic.
|