86 lines
2.2 KiB
HTML
86 lines
2.2 KiB
HTML
{% extends 'base.html' %}
|
|
{% load i18n %}
|
|
{% load bootstrap_tags %}
|
|
{% load humanize %}
|
|
{% block content %}
|
|
<br>
|
|
<h2>
|
|
Privacy Policy
|
|
</h2>
|
|
<p>
|
|
This service section is not ready yet; here is a draft of what it'll be:
|
|
</p>
|
|
<p>
|
|
We do store some user data.
|
|
In this document, we explain what, why and how.
|
|
</p>
|
|
<h4>
|
|
Convention/event attendee (app user)
|
|
</h4>
|
|
<h5>
|
|
What?
|
|
</h5>
|
|
<p>
|
|
<ol>
|
|
<li>Random device identifier</li>
|
|
<li>All convention-provided events that got a star</li>
|
|
<li>A count of how many stars were given</li>
|
|
</ol>
|
|
Emphasis: room parties are kept only in the device and are shared only through QRCodes and URLs.
|
|
</p>
|
|
<h5>
|
|
Why?
|
|
</h5>
|
|
<p>
|
|
Give the event organizers an estimate on how many people are going to attend each room and tell if attendees are
|
|
using the app.
|
|
</p>
|
|
<h5>
|
|
How?
|
|
</h5>
|
|
<p>
|
|
On every database syncronization, the newest database is retrieved and the 3 informations listed in "What?" section
|
|
are sent, identified by the unique name given in the conbook.
|
|
For your own privacy, the app itself provides no way to see your random device identifier.
|
|
</p>
|
|
<h4>
|
|
Convention/event organizers
|
|
</h4>
|
|
<h5>
|
|
What?
|
|
</h5>
|
|
<p>
|
|
<ol>
|
|
<li>Username, email and hashed password</li>
|
|
<li>All the convention data that is shown in the app</li>
|
|
<li>Payment status (paid/unpaid)</li>
|
|
</ol>
|
|
</p>
|
|
<h5>
|
|
Why?
|
|
</h5>
|
|
<p>
|
|
<ol>
|
|
<li>Ensuring only authorized staff can change the data in attendee's app and password recovery</li>
|
|
<li>Send the latest data for all devices anytime attendees' devices requests</li>
|
|
<li>Billing</li>
|
|
</ol>
|
|
</p>
|
|
<h5>
|
|
How?
|
|
</h5>
|
|
<p>
|
|
<ol>
|
|
<li>
|
|
<ul>
|
|
<li>Username is stored in plain text</li>
|
|
<li>Email is stored in plain text</li>
|
|
<li>Password is processed through PBKDF2 and it's hash is stored for later checking</li>
|
|
</ul>
|
|
</li>
|
|
<li>Tables in a PostgreSQL database</li>
|
|
<li>A set of anonymous but timestamped records registered on every request that can, after the event, serve as a way
|
|
to estimate how many users per event day is going to be charged. An empty list means no debt.</li>
|
|
</ol>
|
|
</p>
|
|
{% endblock content %} |