Add privacy policy (#131)

Fixes #32.
dbrgn · Dec 21, 2023 · 73f8f6f · 73f8f6f
1 parent 5dab258
commit 73f8f6f
Show file tree

Hide file tree

Showing 3 changed files with 183 additions and 2 deletions.
diff --git a/src/main.rs b/src/main.rs
@@ -31,7 +31,7 @@ use rocket::{
     request::{FlashMessage, Request},
     routes,
 };
-use rocket_dyn_templates::Template;
+use rocket_dyn_templates::{context, Template};
 use serde::{Deserialize, Serialize};
 
 pub const MAX_UPLOAD_BYTES: u64 = 50 * 1024 * 1024;
@@ -89,6 +89,11 @@ async fn index(
     Template::render("index", &context)
 }
 
+#[get("/privacy-policy")]
+async fn privacy_policy() -> Template {
+    Template::render("privacy_policy", context! {})
+}
+
 // Handle missing DB
 
 #[catch(503)]
@@ -151,6 +156,7 @@ async fn main() -> Result<()> {
             "/",
             routes![
                 index,
+                privacy_policy,
                 flights::list,
                 flights::list_nologin,
                 flights::flight,

diff --git a/templates/base.html.tera b/templates/base.html.tera
@@ -82,7 +82,7 @@
         <!-- Footer -->
         <footer class="section">
             <div class="container">
-                &copy; 2019&ndash;2023 Danilo Bargen | <a href="https://github.com/dbrgn/flugbuech">Source Code</a> | <a href="https://github.com/dbrgn/flugbuech/issues">Bug reports and feature requests</a> | <a href="mailto:flugbuech@bargen.dev">Contact</a>
+                &copy; 2019&ndash;2023 Danilo Bargen | <a href="https://github.com/dbrgn/flugbuech">Source Code</a> | <a href="https://github.com/dbrgn/flugbuech/issues">Bug reports and feature requests</a> | <a href="/privacy-policy">Privacy Policy</a> | <a href="mailto:flugbuech@bargen.dev">Contact</a>
             </div>
         </footer>
 

diff --git a/templates/privacy_policy.html.tera b/templates/privacy_policy.html.tera
@@ -0,0 +1,175 @@
+{% extends 'base' %}
+
+{% block content %}
+
+<h2 class="title is-size-2">Privacy Policy</h2>
+
+<h3 class="title is-size-3">Who is responsible for this website?</h3>
+
+<p class="content is-italic">Bargen Software, Danilo Bargen<br>
+8732 Neuhaus SG, Switzerland<br>
+E-mail: <a href="mailto:flugbuech@bargen.dev">flugbuech@bargen.dev</a></p>
+
+<h3 class="title is-size-3">General</h3>
+
+<p class="content">This page explains what happens to your data when using this website, in
+accordance with article 13 of the Swiss Federal Constitution and the data protection provisions of
+the Swiss Confederation (Data Protection Act, DSG).</p>
+
+<p class="content has-text-weight-bold">This website does not integrate <em>any</em> third party
+services. There are no third party trackers, no ads, no externally loaded fonts, or anything like
+that. Everything loaded comes from the Flugbuech webserver.</p>
+
+<h3 class="title is-size-3">What data is being processed or collected?</h3>
+
+<p class="content">When accessing this website, the following information is being collected by the
+web server and stored for 14 days in order to properly operate and optimize the website:</p>
+
+<table class="table is-hoverable">
+<thead>
+    <tr>
+        <th>Data point</th>
+        <th>Example</th>
+        <th>Comment</th>
+    </tr>
+</thead>
+<tbody>
+    <tr>
+        <td>Anonymized IP Address</td>
+        <td class="is-italic">178.197.222.0</td>
+        <td>IP addresses are anonymized (by discarding the last octet) and stored in web server
+        access logs for 14 days. After this period, the access logs are deleted.</td>
+    </tr>
+    <tr>
+        <td>HTTP User Agent</td>
+        <td class="is-italic">Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0</td>
+        <td>The browser's HTTP user agent is stored in web server access logs for 14 days. After
+        this period, the access logs are deleted.</td>
+    </tr>
+</tbody>
+</table>
+
+<p class="content">For keeping track of usage statistics, a self-hosted instance of <a
+href="https://plausible.io/">Plausible</a> is being used. The data is only used because I am curious
+how Flugbuech is being used, and want to be able to optimize the website. It is not being shared
+with any third party. Plausible does not collect any personal data or personal identifiable
+information.</p>
+
+<p class="content">When accessing this website, the following information is being collected by the
+access statistics tool (Plausible) and stored indefinitely:</p>
+
+<table class="table is-hoverable">
+<thead>
+    <tr>
+        <th>Data point</th>
+        <th>Example</th>
+        <th>Comment</th>
+    </tr>
+</thead>
+<tbody>
+    <tr>
+        <td>Page URL</td>
+        <td class="is-italic">https://flugbuech.bargen.dev/stats/</td>
+        <td>We track the page URL of each page view on our website, in order to determine how many
+        times a specific pages has been viewed.</td>
+    </tr>
+    <tr>
+        <td>HTTP Referer</td>
+        <td class="is-italic">https://duckduckgo.com/</td>
+        <td>We use the referrer string to find the number of visitors referred to our website from
+        links on other sites.</td>
+    </tr>
+    <tr>
+        <td>Browser</td>
+        <td class="is-italic">Firefox 120.0.1</td>
+        <td>We use this to find out what browsers and browser version numbers people use when
+        visiting our website. This is derived from the User-Agent HTTP header. The full User-Agent
+        is discarded.</td>
+    </tr>
+    <tr>
+        <td>Operating System</td>
+        <td class="is-italic">macOS 10.15</td>
+        <td>We use this to find out what operating systems people use when visiting our website. We
+        store the brand of the operating system and the version number. This is derived from the
+        User-Agent HTTP header. The full User-Agent is discarded.</td>
+    </tr>
+    <tr>
+        <td>Device Type</td>
+        <td class="is-italic">Desktop</td>
+        <td>We use this to find out what devices people use when visiting your website. Devices are
+        categorized into desktop, mobile or tablet. This is derived from the User-Agent HTTP header.
+        The full User-Agent is discarded.</td>
+    </tr>
+    <tr>
+        <td>Country, Region, City</td>
+        <td class="is-italic">Switzerland, St. Gallen, Rapperswil</td>
+        <td>We look up the visitor's location using their IP address. We do not track anything more
+        granular than the city level and the IP address of the visitor is discarded.</td>
+    </tr>
+</tbody>
+</table>
+
+<p class="content">More information about Plausible can be found at
+<a href="https://plausible.io/data-policy#first-thing-first-what-we-collect-and-what-we-use-it-for">plausible.io/data-policy</a>.</p>
+
+<p class="content">When submitting flights to this website as a registered user, the following
+information is being collected and stored (until deleted by you), because that is the whole purpose
+of this website:</p>
+
+<table class="table is-hoverable">
+<thead>
+    <tr>
+        <th>Data point</th>
+        <th>Comment</th>
+    </tr>
+</thead>
+<tbody>
+    <tr>
+        <td>Information about Flight</td>
+        <td>Launch location, landing location, glider, flight duration, distance, etc. This
+        information is manually entered or imported from an IGC file.</td>
+    </tr>
+    <tr>
+        <td>IGC Flight Recording</td>
+        <td>The IGC file (optional) includes timestamps and location information from the flight. It
+        might also include the pilot's name.</td>
+    </tr>
+    <tr>
+        <td>Flight Comment</td>
+        <td>Optionally you can enter a comment about the flight.</td>
+    </tr>
+</tbody>
+</table>
+
+<h3 class="title is-size-3">Cookies</h3>
+
+<p class="content">The website uses a temporary cookie for security reasons (CSRF cookie) as well as
+a persistent cookie for keeping you logged in (expiring after 1 year).</p>
+
+<h3 class="title is-size-3">Who is this data shared with?</h3>
+
+<p class="content">The processed data is not being shared with any third party.</p>
+
+<h3 class="title is-size-3">Where is the data stored / transferred to?</h3>
+
+<p class="content">The data is stored on a virtual server located in Germany hosted by <a
+href="https://www.netcup.de/">Netcup</a> and operated by us.</p>
+
+<h3 class="title is-size-3">Your Rights</h3>
+
+<div class="content">
+    <ul>
+        <li>You have the <strong>right of access</strong>: Send an e-mail to <a
+        href="mailto:flugbuech@bargen.dev">flugbuech@bargen.dev</a> requesting your data, and I will
+        send it to you.</li>
+        <li>You have the <strong>right to erasure</strong>: Send an e-mail to <a
+        href="mailto:flugbuech@bargen.dev">flugbuech@bargen.dev</a> requesting the deletion of your
+        account and all your data, and I will comply (after a verification).</li>
+    </ul>
+</div>
+
+<h3 class="title is-size-3">Last Update</h3>
+
+<p class="content">This page was last updated on December 21, 2023.</p>
+
+{% endblock %}