From 6b904164c3f2921d870f4a12d8724349c75feb11 Mon Sep 17 00:00:00 2001
From: overflowerror <mail@overflowerror.com>
Date: Sun, 4 Aug 2024 20:56:55 +0200
Subject: [PATCH] feat: Add privacy notice page

---
 config.templ.php       |   5 +-
 core.php               |   2 +
 html/about/index.php   |   2 +
 html/privacy/index.php |  10 ++++
 lib/database.php       |   2 -
 lib/request.php        |   4 +-
 view/pages/about.php   |   9 ++--
 view/pages/privacy.php | 112 +++++++++++++++++++++++++++++++++++++++++
 8 files changed, 135 insertions(+), 11 deletions(-)
 create mode 100644 html/privacy/index.php
 create mode 100644 view/pages/privacy.php

diff --git a/config.templ.php b/config.templ.php
index 5df7c7d..694fca2 100644
--- a/config.templ.php
+++ b/config.templ.php
@@ -7,4 +7,7 @@ const POSTGRES_USER = "%DBUSER%";
 const POSTGRES_PASSWORD = "%DBPASSWORD%";
 
 
-const CONTACT_EMAIL = "%EMAIL%";
\ No newline at end of file
+const UPDATER_CONTACT_EMAIL = "%UPDATER_EMAIL%";
+
+const PRIVACY_CONTACT = "%PRIVACY_CONTACT%";
+const PRIVACY_CONTACT_EMAIL = "%PRIVACY_EMAIL%";
\ No newline at end of file
diff --git a/core.php b/core.php
index 64266fc..d2ea572 100644
--- a/core.php
+++ b/core.php
@@ -1,5 +1,7 @@
 <?php
 
+require_once __DIR__ . "/config.php";
+
 require_once __DIR__ . "/version.php";
 
 require_once __DIR__ . "/lib/migrate.php";
diff --git a/html/about/index.php b/html/about/index.php
index 9cfa192..69fef24 100644
--- a/html/about/index.php
+++ b/html/about/index.php
@@ -1,5 +1,7 @@
 <?php
 
+require_once __DIR__ . '/../../core.php';
+
 $title = "MobMash - About";
 $content = function () {
     require __DIR__ . '/../../view/pages/about.php';
diff --git a/html/privacy/index.php b/html/privacy/index.php
new file mode 100644
index 0000000..302831c
--- /dev/null
+++ b/html/privacy/index.php
@@ -0,0 +1,10 @@
+<?php
+
+require_once __DIR__ . '/../../core.php';
+
+$title = "MobMash - Privacy Notice";
+$content = function () {
+    require __DIR__ . '/../../view/pages/privacy.php';
+};
+
+require_once __DIR__ . '/../../view/layout.php';
\ No newline at end of file
diff --git a/lib/database.php b/lib/database.php
index bd66d9f..117b322 100644
--- a/lib/database.php
+++ b/lib/database.php
@@ -1,7 +1,5 @@
 <?php
 
-require_once __DIR__ . "/../config.php";
-
 $dsn = "pgsql:host=" . POSTGRES_HOST . ";dbname=" . POSTGRES_DBNAME . ";port=" . POSTGRES_PORT;
 
 $pdo = new PDO($dsn, POSTGRES_USER, POSTGRES_PASSWORD);
\ No newline at end of file
diff --git a/lib/request.php b/lib/request.php
index 462492b..e15e2e3 100644
--- a/lib/request.php
+++ b/lib/request.php
@@ -1,8 +1,6 @@
 <?php
 
-require_once __DIR__ . "/../config.php";
-
-const USER_AGENT = "MobMash Updater/" . VERSION . " (+https://github.com/overflowerror/mobmash.click; contact: " . CONTACT_EMAIL . ")";
+const USER_AGENT = "MobMash Updater/" . VERSION . " (+https://github.com/overflowerror/mobmash.click; contact: " . UPDATER_CONTACT_EMAIL . ")";
 
 function get(string $url): string {
     $curl = curl_init($url);
diff --git a/view/pages/about.php b/view/pages/about.php
index a7dd428..dd39b90 100644
--- a/view/pages/about.php
+++ b/view/pages/about.php
@@ -1,8 +1,7 @@
 <h1>About</h1>
 
 <div class="text-container">
-
-    <h2>The Story</h2>
+    <h2 id="story">The Story</h2>
 
     <p>
         Back when I was in school I watched <a href="https://en.wikipedia.org/wiki/The_Social_Network">
@@ -20,7 +19,7 @@
         - the previous version really was quite bad from a technical perspective.
     </p>
 
-    <h2>Implementation</h2>
+    <h2 id="implementation">Implementation</h2>
 
     <p>
         The basic idea is to give the users the choice between mobs. The better one is selected and its internal
@@ -64,7 +63,7 @@
         <a href="https://github.com/overflowerror/mobmash.click">Github</a>. Pull Requests are welcome!
     </p>
 
-    <h2>Credits & Tech Stack</h2>
+    <h2 id="credits">Credits & Tech Stack</h2>
 
     <h3>Minecraft Related Content</h3>
 
@@ -94,7 +93,7 @@
         <li><a href="https://www.postgresql.org/">PostgreSQL</a></li>
     </ul>
 
-    <h2>Special Thanks</h2>
+    <h2 id="thanks">Special Thanks</h2>
 
     <p>
         I'd like to thank the <a href="https://minecraft.wiki/">Minecraft Wiki</a> for letting me let use their API to
diff --git a/view/pages/privacy.php b/view/pages/privacy.php
new file mode 100644
index 0000000..e1940c3
--- /dev/null
+++ b/view/pages/privacy.php
@@ -0,0 +1,112 @@
+<h1>Privacy Notice</h1>
+
+<div class="text-container">
+
+    <h2>General</h2>
+
+    <p>
+        We generally try to be as privacy aware as possible. Our system is build in a way that minimizes the amount
+        of personal data needed. As a rule of thumb we use psydonymization if possible. The complete source code is
+        available for auditing on <a href="https://github.com/overflowerror/mobmash.click">Github</a>.
+    </p>
+    <p>
+        All data collection and processing is done in accordance with relevant regulations, particularly the GDPR
+        (General Data Protection Regulation - (EU) 2016/679). We will never share any personal information with
+        3rd parties.
+    </p>
+
+    <h2>Data We Collect</h2>
+
+    <h3>Votes (Session IDs)</h3>
+
+    <p data-hx-boost="true">
+        In order to be able to provide the websites functionality, we store which mob was chosen by the user, in
+        combination with the timestamp and the <a href="#cookies">session</a> IDs. The reason we store the raw data
+        instead of aggregated data is that we want to be able to remove votes in case we determine that they are
+        spam. The details of the implementation are explained on the <a href="/about#implementation">About</a> page.
+    </p>
+    <p>
+        The data processing is necessary to provide the basic functionality of this website.
+    </p>
+    <p>
+        The association between votes and sessions is deleted after 6 months.
+    </p>
+
+    <h3>Audit Log (Session IDs)</h3>
+
+    <p>
+        Actions on the website that are relevant for determining whether votes are spam (e.g. when a new session
+        was created, when a vote was cast, ...) are logged. The log entries contain the
+        <a href="#cookies">session</a> IDs, the timestamp, the event type and some details about the event (e.g.
+        the ID of the vote).
+    </p>
+    <p>
+        Processing of security relevant data is a legitimate interest.
+    </p>
+    <p>
+        Audit logs are automatically deleted after 6 months.
+    </p>
+
+    <h3>Access Log (IP Addresses, User Agent)</h3>
+
+    <p>
+        For security purposes (e.g. fail2ban) we temporarily store the client IP address and user agent string.
+        The IP addresses are stored in anonymized form.
+    </p>
+    <p>
+        Processing of security relevant data is a legitimate interest.
+    </p>
+    <p>
+        Access logs are automatically deleted after 6 months.
+    </p>
+
+    <h2>Hosting</h2>
+
+    <p>
+        This website is hosted in Germany. No data is stored outside the EU.
+    </p>
+
+    <h2 id="cookies">Cookies</h2>
+
+    <p>
+        We use session cookies. There are multiple reasons for that:
+    </p>
+    <ul>
+        <li>
+            Functional: The votes are associated with the session ID. This way we can provide a better experience for
+            the users. For example, as long as the session is active, the user will not be shown the same pairing twice.
+        </li>
+        <li>
+            Web Security: We store security-related data in the session that we use to prevent CSRF and
+            similar attacks on our website.
+        </li>
+        <li>
+            Spam Protection: We use the session ID in our audit log, so we can find and undo votes by spammers or bots.
+        </li>
+    </ul>
+
+    <p>
+        We do not use 3rd party tracking cookies or advertising cookies of any kind.
+    </p>
+
+    <h2>Your Rights</h2>
+
+    <p>
+        The GDPR grants you the right to access, rectify, erase or transfer your data, as well as restrict and
+        object to processing of your data.
+    </p>
+    <p>
+        However, due to the fact that we only ever store psydonymized data, we are generally not able relate
+        specific data sets to a user. In any case, if you do want to exercise your rights, please contact us
+        so we can take a look at your specific case.
+    </p>
+
+    <h2>Responsibility</h2>
+
+    <p>
+        In case you have any question regarding our privacy notice, please reach out via the following email address:
+    </p>
+    <p>
+        Data Controller: <?= PRIVACY_CONTACT ?> (<a href="mailto:<?= PRIVACY_CONTACT_EMAIL ?>"><?= PRIVACY_CONTACT_EMAIL ?></a>)
+    </p>
+</div>
\ No newline at end of file