mailtrain icon indicating copy to clipboard operation
mailtrain copied to clipboard

Published 20 hours ago verified publisher icon Mailtrain-org

Mailtrain v2 - What are your requirements for GDPR compliance?

Open bures opened this issue 6 years ago • 5 comments

I'm now started implementing some basic GDPR support. At this point, I foresee the following features:

  • When a subscriber unsubscribes, his/her data are deleted from the subscription table, only an entry with hashed email remains. This helps prevent resubscription upon import.
  • After defined time (e.g. 60 days), even the hashed emails are deleted.
  • Both the options above can be enabled/disabled in config
  • Additional custom form "Privacy Policy"

Anything else?

bures avatar Nov 21 '18 06:11 bures

I guess GPDR implementation should also be visible from the form registration side ? or is that up to the mailtrain instance admin to configure ? I guess some defaults could be built-in ?

rmdes avatar Nov 22 '18 12:11 rmdes

I'm not sure if that is what you mean. I added a new page under custom forms where privacy policy can be described. This is the GDPR's "how we use your data". The admin that sets up custom forms in Mailtrain should write such a statement and link to it from the subscription form.

bures avatar Nov 22 '18 13:11 bures

All requests to other services like fonts.googleapis.com, premailer.dialect.ca, etc. should be removed.

jfqd avatar Feb 11 '19 13:02 jfqd

All requests to other services like fonts.googleapis.com, premailer.dialect.ca, etc. should be removed.

Seems to be that premailer.dialect.ca is not used anymore (https://github.com/Mailtrain-org/mailtrain/pull/950) with this https://github.com/Mailtrain-org/mailtrain/pull/1219 google fonts accessed should also be removed.

I propose a task list update, I would start at what I found out

jonathanmmm avatar Apr 01 '22 22:04 jonathanmmm

  • [ ] Remove connections to all other services (If not possible the user has to be asked in advance and only after the user explicitly accepts this, is extra content loaded) - seems to be done by the most part, can't find any other connections (when google fonts are also removed)
  • [ ] Custom Form Privacy Policy (maybe document better how to link this, if List is private) - but feature is done
  • [ ] Make tracking disabled by default (instead of right now enabled by default)
  • [ ] Make tracking only part of IP address and make anonymous tracking (create id for every user that is deleted from database upon opening, but id is after creation not tied to user, so even with access to database no user can be identified that way)

Next three things are done, right?

  • [ ] When a subscriber unsubscribes, his/her data are deleted from the subscription table, only an entry with hashed email remains. This helps prevent resubscription upon import.
  • [ ] After defined time (e.g. 60 days), even the hashed emails are deleted.
  • [ ] Both the options above can be enabled/disabled in config

jonathanmmm avatar Apr 01 '22 22:04 jonathanmmm

We are going to start with the development and testing of mailtrain v3 in the next weeks.

You are welcome to help us with the testing as soon as the first release candidate is available.

forge0ne avatar Mar 16 '24 08:03 forge0ne