sigmasternchen/mobmash.click
1
0
Fork 0
mirror of https://github.com/sigmasternchen/mobmash.click synced 2025-03-14 23:59:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: Add privacy notice page

Browse source
This commit is contained in:
overflowerror 2024-08-04 20:56:55 +02:00
parent 3ab09190c8
commit 6b904164c3
8 changed files with 135 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config.templ.php
View file

@ -7,4 +7,7 @@ const POSTGRES_USER = "%DBUSER%";
const POSTGRES_PASSWORD = "%DBPASSWORD%"; const POSTGRES_PASSWORD = "%DBPASSWORD%";
const CONTACT_EMAIL = "%EMAIL%"; const UPDATER_CONTACT_EMAIL = "%UPDATER_EMAIL%";
const PRIVACY_CONTACT = "%PRIVACY_CONTACT%";
const PRIVACY_CONTACT_EMAIL = "%PRIVACY_EMAIL%";

2
core.php
View file

@ -1,5 +1,7 @@
<?php <?php
require_once __DIR__ . "/config.php";
require_once __DIR__ . "/version.php"; require_once __DIR__ . "/version.php";
require_once __DIR__ . "/lib/migrate.php"; require_once __DIR__ . "/lib/migrate.php";

2
html/about/index.php
View file

@ -1,5 +1,7 @@
<?php <?php
require_once __DIR__ . '/../../core.php';
$title = "MobMash - About"; $title = "MobMash - About";
$content = function () { $content = function () {
require __DIR__ . '/../../view/pages/about.php'; require __DIR__ . '/../../view/pages/about.php';

10
html/privacy/index.php Normal file
View file

@ -0,0 +1,10 @@
<?php
require_once __DIR__ . '/../../core.php';
$title = "MobMash - Privacy Notice";
$content = function () {
require __DIR__ . '/../../view/pages/privacy.php';
};
require_once __DIR__ . '/../../view/layout.php';

2
lib/database.php
View file

@ -1,7 +1,5 @@
<?php <?php
require_once __DIR__ . "/../config.php";
$dsn = "pgsql:host=" . POSTGRES_HOST . ";dbname=" . POSTGRES_DBNAME . ";port=" . POSTGRES_PORT; $dsn = "pgsql:host=" . POSTGRES_HOST . ";dbname=" . POSTGRES_DBNAME . ";port=" . POSTGRES_PORT;
$pdo = new PDO($dsn, POSTGRES_USER, POSTGRES_PASSWORD); $pdo = new PDO($dsn, POSTGRES_USER, POSTGRES_PASSWORD);

4
lib/request.php
View file

@ -1,8 +1,6 @@
<?php <?php
require_once __DIR__ . "/../config.php"; const USER_AGENT = "MobMash Updater/" . VERSION . " (+https://github.com/overflowerror/mobmash.click; contact: " . UPDATER_CONTACT_EMAIL . ")";
const USER_AGENT = "MobMash Updater/" . VERSION . " (+https://github.com/overflowerror/mobmash.click; contact: " . CONTACT_EMAIL . ")";
function get(string $url): string { function get(string $url): string {
$curl = curl_init($url); $curl = curl_init($url);

9
view/pages/about.php
View file

@ -1,8 +1,7 @@
<h1>About</h1> <h1>About</h1>
<div class="text-container"> <div class="text-container">
<h2 id="story">The Story</h2>
<h2>The Story</h2>
<p> <p>
Back when I was in school I watched <a href="https://en.wikipedia.org/wiki/The_Social_Network"> Back when I was in school I watched <a href="https://en.wikipedia.org/wiki/The_Social_Network">
@ -20,7 +19,7 @@
- the previous version really was quite bad from a technical perspective. - the previous version really was quite bad from a technical perspective.
</p> </p>
<h2>Implementation</h2> <h2 id="implementation">Implementation</h2>
<p> <p>
The basic idea is to give the users the choice between mobs. The better one is selected and its internal The basic idea is to give the users the choice between mobs. The better one is selected and its internal
@ -64,7 +63,7 @@
<a href="https://github.com/overflowerror/mobmash.click">Github</a>. Pull Requests are welcome! <a href="https://github.com/overflowerror/mobmash.click">Github</a>. Pull Requests are welcome!
</p> </p>
<h2>Credits & Tech Stack</h2> <h2 id="credits">Credits & Tech Stack</h2>
<h3>Minecraft Related Content</h3> <h3>Minecraft Related Content</h3>
@ -94,7 +93,7 @@
<li><a href="https://www.postgresql.org/">PostgreSQL</a></li> <li><a href="https://www.postgresql.org/">PostgreSQL</a></li>
</ul> </ul>
<h2>Special Thanks</h2> <h2 id="thanks">Special Thanks</h2>
<p> <p>
I'd like to thank the <a href="https://minecraft.wiki/">Minecraft Wiki</a> for letting me let use their API to I'd like to thank the <a href="https://minecraft.wiki/">Minecraft Wiki</a> for letting me let use their API to

112
view/pages/privacy.php Normal file
View file

@ -0,0 +1,112 @@
<h1>Privacy Notice</h1>
<div class="text-container">
<h2>General</h2>
<p>
We generally try to be as privacy aware as possible. Our system is build in a way that minimizes the amount
of personal data needed. As a rule of thumb we use psydonymization if possible. The complete source code is
available for auditing on <a href="https://github.com/overflowerror/mobmash.click">Github</a>.
</p>
<p>
All data collection and processing is done in accordance with relevant regulations, particularly the GDPR
(General Data Protection Regulation - (EU) 2016/679). We will never share any personal information with
3rd parties.
</p>
<h2>Data We Collect</h2>
<h3>Votes (Session IDs)</h3>
<p data-hx-boost="true">
In order to be able to provide the websites functionality, we store which mob was chosen by the user, in
combination with the timestamp and the <a href="#cookies">session</a> IDs. The reason we store the raw data
instead of aggregated data is that we want to be able to remove votes in case we determine that they are
spam. The details of the implementation are explained on the <a href="/about#implementation">About</a> page.
</p>
<p>
The data processing is necessary to provide the basic functionality of this website.
</p>
<p>
The association between votes and sessions is deleted after 6 months.
</p>
<h3>Audit Log (Session IDs)</h3>
<p>
Actions on the website that are relevant for determining whether votes are spam (e.g. when a new session
was created, when a vote was cast, ...) are logged. The log entries contain the
<a href="#cookies">session</a> IDs, the timestamp, the event type and some details about the event (e.g.
the ID of the vote).
</p>
<p>
Processing of security relevant data is a legitimate interest.
</p>
<p>
Audit logs are automatically deleted after 6 months.
</p>
<h3>Access Log (IP Addresses, User Agent)</h3>
<p>
For security purposes (e.g. fail2ban) we temporarily store the client IP address and user agent string.
The IP addresses are stored in anonymized form.
</p>
<p>
Processing of security relevant data is a legitimate interest.
</p>
<p>
Access logs are automatically deleted after 6 months.
</p>
<h2>Hosting</h2>
<p>
This website is hosted in Germany. No data is stored outside the EU.
</p>
<h2 id="cookies">Cookies</h2>
<p>
We use session cookies. There are multiple reasons for that:
</p>
<ul>
<li>
Functional: The votes are associated with the session ID. This way we can provide a better experience for
the users. For example, as long as the session is active, the user will not be shown the same pairing twice.
</li>
<li>
Web Security: We store security-related data in the session that we use to prevent CSRF and
similar attacks on our website.
</li>
<li>
Spam Protection: We use the session ID in our audit log, so we can find and undo votes by spammers or bots.
</li>
</ul>
<p>
We do not use 3rd party tracking cookies or advertising cookies of any kind.
</p>
<h2>Your Rights</h2>
<p>
The GDPR grants you the right to access, rectify, erase or transfer your data, as well as restrict and
object to processing of your data.
</p>
<p>
However, due to the fact that we only ever store psydonymized data, we are generally not able relate
specific data sets to a user. In any case, if you do want to exercise your rights, please contact us
so we can take a look at your specific case.
</p>
<h2>Responsibility</h2>
<p>
In case you have any question regarding our privacy notice, please reach out via the following email address:
</p>
<p>
Data Controller: <?= PRIVACY_CONTACT ?> (<a href="mailto:<?= PRIVACY_CONTACT_EMAIL ?>"><?= PRIVACY_CONTACT_EMAIL ?></a>)
</p>
</div>