Privacy guidelines

From Cyclos4 Wiki
Jump to: navigation, search

The privacy of all Cyclos users is very important to us! So if you run your own Cyclos instance or if you are an administrator of an Cyclos instance we ask you to respect the privacy of your users and implement the rules stated in the General Data Protection Regulation (GDPR) if you have users from Europe. We do never sell any of our user data to third parties and we really encourage you to do the same. To help you with your privacy we have some useful tips for you below:

Define the data that you save and how the user can access it

Please make sure that your users are aware what personal data of them you stored in Cyclos. A good practice is to put this in a privacy policy and in the registration agreements.

  • Make sure to explain for all custom fields that you created in Cyclos what personal data you store in them and why you keep track of this.
  • Make sure to explain for all user records that you created in Cyclos what personal data you store in them and why you keep track of this data.
  • Explain that all payment data (transactions) will be kept and can never be deleted, because the bookkeeping should be correct.
  • For security reasons Cyclos also tracks the ip address on each login and we may create a device fingerprint to prevent unauthorized access to a users his account. We only use cookies to track the user sessions and do not use cookies for any other reasons!

Please also explain how the user can access or request the data above.

The right of users to be forgotten

Currently Cyclos does not allow to remove individual user data permanently in a single action. The reason for this is that accountability and traceability are of the highest importance in a payment system and payment institutions are often by law required to keep customer data even after the customer has stopped using the services. The next update of the Cyclos 4 communities and the next release of Cyclos (version 4.11) will allow admins to remove all personal user data and history. In this case only the display name of the user and the transactions will be kept, all other personal data will be removed:

  • Custom profile fields
  • E-mail
  • Phones
  • Addresses
  • Images
  • Login history
  • Profile history

For Cyclos providers that need this function urgently we made a script available that can be used to permanently remove private data from users that have the removed status. It can be executed directly in System > Tools > Run script. Please test the script in a testing environment before running it on a live system.

import org.cyclos.entities.system.QEntityLog
import org.cyclos.entities.system.QEntityPropertyLog
import org.cyclos.entities.users.BasicUser
import org.cyclos.entities.users.QBasicUser
import org.cyclos.entities.users.QLoginHistoryLog
import org.cyclos.entities.users.QPhone
import org.cyclos.entities.users.QUserAddress
import org.cyclos.model.system.entitylogs.EntityLogType
import org.cyclos.model.users.users.UserStatus

import com.querydsl.jpa.impl.JPAQuery

def u = QBasicUser.basicUser
def p = QPhone.phone
def a = QUserAddress.userAddress
def lhl = QLoginHistoryLog.loginHistoryLog
def el = QEntityLog.entityLog
def epl = QEntityPropertyLog.entityPropertyLog

def sb = new StringBuilder()

def users = entityManagerHandler.from(u).where(u.status.eq(UserStatus.REMOVED)).iterate(u)
try {
    users.each { BasicUser user ->
        // Clear the e-mail
        user.email = null
        user.newEmail = null
        // Delete the custom fields
        customFieldValueHandler.removeAll(false, user)
        // Delete the phones, addresses, login history and profile history
        entityManagerHandler.delete(p).where(p.user().eq(user)).execute()
        entityManagerHandler.delete(a).where(a.user().eq(user)).execute()
        entityManagerHandler.delete(lhl).where(lhl.user().eq(user)).execute()
        def logPredicate = el.entityId.eq(user.id).and(el.@type.in(EntityLogType.USER)).or(
            el.ownerEntityId.eq(user.id).and(el.@type.in(EntityLogType.PHONE, EntityLogType.ADDRESS)))
        entityManagerHandler.delete(epl).where(epl.entityLog().id.in(
            new JPAQuery().from(el).where(logPredicate).select(el.id))).execute()
        entityManagerHandler.delete(el).where(logPredicate).execute()
        sb.append(user.display).append('\n')
    }
} finally {
    users.close()
}
return sb.toString()

In case you are a community admin and want the whole community to be removed you can send an email to privacy@cyclos.org.

Visibility control

From Cyclos 4.11 onwards it is also possible for the user to change his privacy settings. In these settings the user can determine which admins are allowed to view his personal data.