GRPD & privacy policy compliant to CA

[benoitc]

we need to clarify for our members what is processed/keept from our members. This is a legal requirements.

[benoitc]

this a must have actually. maybe we should hire a professional for it ? cc @ahw59

[benoitc]

we need to clarify for our members what is processed/keept from our members. This is a legal requirements.

I am starting here a list of items we should have to build a policy compliant with the GRPD or CA law.

• what third-party services are we using
• what data do we have
• what personal data do we keep. How long?
• what data do we share with third party services
• who have access to the data provided by our members, sponsors and others. in which way
• how do we ensure the right to be forgotten

Anything else?

[starbelly]

If we want some kind of certification of compliance, then yes we need to hire a professional.

[benoitc]

@starbelly what third party tools/services are used for the website? What data are shared with them?

So far I see:

• wildapricot
• vultr
• dns ?
• fastmail

what is missing?

Also what data do we collect from members? Do we have a way to easily remove or extract all the data for a member if requested?

[starbelly]

There is also plausible for analytics and honeybadger for error reporting. I believe that covers it.

Also what data do we collect from members? Do we have a way to easily remove or extract all the data for a member if requested?

Data to plausible is completely anonymized, anything that might end up in honeybadger is retained for 15 days.

In the website itself we do not store anything more than an email address and name, the rest are system settings if you will.