Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data Collection Practices #1191

Merged
merged 4 commits into from Nov 20, 2020
Merged

Data Collection Practices #1191

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
da58ab9
Updated the README.md by adding a Data Collection Practices section -…
bpoplauschi Nov 16, 2020
c62e73d
Explicit categories of private data
bpoplauschi Nov 16, 2020
aa9e754
Updated the Data Collection Policy per review
bpoplauschi Nov 17, 2020
823acdc
Updates per code review
bpoplauschi Nov 19, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
38 changes: 38 additions & 0 deletions README.md
View file
Open in desktop
Expand Up @@ -213,7 +213,45 @@ The current version of Lumberjack requires:
- If you **have a feature request**, open an issue.
- If you **want to contribute**, submit a pull request.

### Data Collection Practices

Per [App privacy details on the App Store](https://developer.apple.com/app-store/app-privacy-details/), Apple is requesting app developers to provide info about their data collection, us SDK maintainers must provide them with the same data.
bpoplauschi marked this conversation as resolved.
Show resolved Hide resolved

#### Data collection by the framework

**By default, CocoaLumberjack does not collect any data on its own.**
bpoplauschi marked this conversation as resolved.
Show resolved Hide resolved
[See our updated list using the recommended format.](https://cocoalumberjack.github.io/DataCollection/index.html)

#### Indirect data collection through the framework

Considering CocoaLumberjack is a logging framework which makes it easy to send those logs to different platforms, collecting data might happen quite easily, if the app developers include any sensitive data into those logs.

Private data includes but isn't limited to:

- user info (name, email, address, ...)
- location info
- contacts
- identifiers (user id, device id, ...)
- app usage data
- performance data
- health and fitness info
- financial info
- sensitive info
- user content
- history (browsing, search, ...)
- purchases
- diagnostics
- ...

Example: `DDLogInfo("User: \(myUser)")` will add the `myUser` info to the logs, so if those are forwarded to a 3rd party or sent via email, that may qualify as data collection.

**The important thing is you app developers are fully responsible for adding sensitive data to the logs, thus documenting that via the Data Collection Practices info!**
bpoplauschi marked this conversation as resolved.
Show resolved Hide resolved

Since the number of scenarios where data might be indirectly collected through CocoaLumberjack is quite large, it's up to you, as app developers, to properly review your app's code and identify those cases.
What we can do to help is raise awareness about potential data collection through our framework.

### Author

- [Robbie Hanson](https://github.com/robbiehanson)
- Love the project? Wanna buy me a coffee? (or a beer :D) [![donation](http://www.paypal.com/en_US/i/btn/btn_donate_SM.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=UZRA26JPJB3DA)

Expand Down