From 3592c44798b2d416a74f7702b82aec5c2f998075 Mon Sep 17 00:00:00 2001 From: jkrumm Date: Thu, 16 May 2024 12:51:18 +0200 Subject: [PATCH] feat: scrub user data in Sentry config and update imprint --- sentry.client.config.ts | 13 ++++++++ sentry.edge.config.ts | 16 +++++++++- sentry.server.config.ts | 16 +++++++++- src/pages/imprint.tsx | 67 +++++++++++++++++++++++++++++++++++++++-- 4 files changed, 107 insertions(+), 5 deletions(-) diff --git a/sentry.client.config.ts b/sentry.client.config.ts index f3a1787..171c35f 100644 --- a/sentry.client.config.ts +++ b/sentry.client.config.ts @@ -18,6 +18,19 @@ Sentry.init({ // Setting this option to true will print useful information to the console while you're setting up Sentry. debug: env.NEXT_PUBLIC_NODE_ENV === 'development', + // Removes personal data from the event to ensure privacy regulations from GDPR + beforeSend(event) { + if (event.user) { + delete event.user.email; + delete event.user.ip_address; + delete event.user.geo; + } + if (event.request?.headers) { + delete event.request.headers; + } + return event; + }, + // TODO: think about Session Replay // replaysOnErrorSampleRate: 1.0, diff --git a/sentry.edge.config.ts b/sentry.edge.config.ts index 19b4060..11c22e6 100644 --- a/sentry.edge.config.ts +++ b/sentry.edge.config.ts @@ -2,9 +2,10 @@ // The config you add here will be used whenever one of the edge features is loaded. // Note that this config is unrelated to the Vercel Edge Runtime and is also required when running locally. // https://docs.sentry.io/platforms/javascript/guides/nextjs/ -import * as Sentry from '@sentry/nextjs'; import { env } from 'fpp/env'; +import * as Sentry from '@sentry/nextjs'; + Sentry.init({ enabled: env.NEXT_PUBLIC_NODE_ENV !== 'development', @@ -17,4 +18,17 @@ Sentry.init({ // Setting this option to true will print useful information to the console while you're setting up Sentry. debug: false, + + // Removes personal data from the event to ensure privacy regulations from GDPR + beforeSend(event) { + if (event.user) { + delete event.user.email; + delete event.user.ip_address; + delete event.user.geo; + } + if (event.request?.headers) { + delete event.request.headers; + } + return event; + }, }); diff --git a/sentry.server.config.ts b/sentry.server.config.ts index fba1fe0..e727d58 100644 --- a/sentry.server.config.ts +++ b/sentry.server.config.ts @@ -1,9 +1,10 @@ // This file configures the initialization of Sentry on the server. // The config you add here will be used whenever the server handles a request. // https://docs.sentry.io/platforms/javascript/guides/nextjs/ -import * as Sentry from '@sentry/nextjs'; import { env } from 'fpp/env'; +import * as Sentry from '@sentry/nextjs'; + Sentry.init({ enabled: env.NEXT_PUBLIC_NODE_ENV !== 'development', @@ -16,4 +17,17 @@ Sentry.init({ // Setting this option to true will print useful information to the console while you're setting up Sentry. debug: false, + + // Removes personal data from the event to ensure privacy regulations from GDPR + beforeSend(event) { + if (event.user) { + delete event.user.email; + delete event.user.ip_address; + delete event.user.geo; + } + if (event.request?.headers) { + delete event.request.headers; + } + return event; + }, }); diff --git a/src/pages/imprint.tsx b/src/pages/imprint.tsx index f80f00d..b2b914e 100644 --- a/src/pages/imprint.tsx +++ b/src/pages/imprint.tsx @@ -42,10 +42,25 @@ const Imprint: NextPage = () => {

Privacy Policy

+

Summary (TL;DR)

+ We are highly committed to protecting your privacy. We collect + anonymized website usage analytics to improve our services and + ensure compliance with the General Data Protection Regulation + (GDPR). We do not use cookies or store any personally identifiable + information (PII). Any data collected by us or third-party systems + is scrubbed, encrypted, and anonymized. Detailed policies are + provided below. +
+ As an open-source project, we are transparent about our practices + and welcome any questions or concerns. Please use our contact form + to reach out. We are happy to provide further information. +
+
+

Detailed Privacy Policy

We collect anonymized website usage analytics to enhance our services and user experience, ensuring our full - compliance with the General Data Protection Regulation (GDPR), - without employing cookies or other continuous tracking technologies. + compliance with the GDPR, without employing cookies or other + continuous tracking technologies.
The data we accumulate includes{' '} generic device details (such as type, OS, browser), @@ -100,6 +115,31 @@ const Imprint: NextPage = () => { in the room.

+ We utilize Sentry for error tracking to improve our + services.{' '} + + We configured Sentry + {' '} + to be fully GDPR compliant and ensuring the security and privacy of + data. You can read more about their privacy practices here:{' '} + + {/* eslint-disable-next-line react/no-unescaped-entities */} + Sentry's Privacy Policy + + . In our implementation, we ensure that no PII is sent to Sentry. + Our configuration and implementation removes user details (request + headers, user context and ip address) before sending an error event + to Sentry to maintain our commitment to GDPR compliance. +
+
Personal details offered through our contact form {' '} @@ -107,7 +147,8 @@ const Imprint: NextPage = () => { with utmost confidentiality and used solely for responding to your inquiries. We will seek your consent prior to using this data for any unrelated purpose. Moreover, we do not use any third-party - services for our contact form, which could store your data. + services for our contact form, which could access or store your + data.

Our website runs on a proprietary database system @@ -127,6 +168,26 @@ const Imprint: NextPage = () => { compliance.

+

Data Retention

+ We ensure that all Ably channels are automatically closed and + deleted after 5 minutes of inactivity or when the last user leaves. + Our analytics are fully GDPR compliant and are anonymized in such a + {/* eslint-disable-next-line react/no-unescaped-entities */} + way that they cannot be linked back to any individual's identity, IP + address, email, or username. Therefore, we typically do not aim to + delete the analytics data since it is already anonymized and poses + no risk to user privacy. +
+
+

User Rights Under GDPR

+ You have the right to access, rectify, or delete any data we hold + about you. Since we do not store any personally identifiable + information, we or third-party tools do not hold any data in this + regard. However, we are open to deleting even the anonymized data if + requested. Please reach out to us using our contact form for such + requests. +
+

Project License

The project is licensed under the GNU Affero General Public License v3.0 (AGPLv3). This license ensures that derivative work will be