tractatus

john/tractatus

Fork 0

Commit graph

Author	SHA1	Message	Date
TheFlow	867d211f4e	docs(privacy): add comprehensive Umami Analytics disclosure GDPR Compliance Update - Added complete section on privacy-first analytics Changes: - Updated Section 6 of privacy policy with detailed Umami Analytics information - Documented what data is collected (page views, referrers, browser, device, country) - Documented what is NOT collected (IP addresses, personal info, cookies, precise location) - Added Do Not Track (DNT) support documentation - Provided opt-out instructions (browser console method, DNT setting) - Explained cookie-free tracking and EU data storage - Updated last modified date to October 29, 2025 - Created DeepL translation script for privacy.json - Translated all new content to German (DE) and French (FR) Rationale: - GDPR requires disclosure of all data collection practices - Umami was deployed in previous session but privacy policy not updated - This is a mandatory compliance requirement before further work Testing: - Verified English HTML updates render correctly - Confirmed German translation quality (Analytik und Rückverfolgung) - Validated French translations via DeepL Pro API - All i18n keys properly mapped Files Modified: - public/privacy.html (Section 6 expanded from 13 to 84 lines) - public/locales/en/privacy.json (added comprehensive section_6 object) - public/locales/de/privacy.json (DeepL translated section_6) - public/locales/fr/privacy.json (DeepL translated section_6) - scripts/translate-privacy-deepl.js (new translation automation script) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-29 11:30:41 +13:00
TheFlow	503cd6767b	fix(privacy): correct hosting location and enhance EU data protection disclosure CRITICAL FIX: Section 9 incorrectly stated data "may be transferred to and processed in New Zealand" - this is factually incorrect. Data is hosted in the EU (OVHCloud France, MongoDB Atlas Frankfurt) and NEVER transferred to NZ. Changes: - Section 9: Complete rewrite for accuracy * Clarified: NZ administration vs. EU hosting * Added explicit hosting providers and regions * Confirmed NO data transfer to New Zealand * Expanded GDPR compliance details (Articles 5, 6, 15-22, 25, 32) - Section 4: Updated retention periods to match GDPR page (7 years donations, 14 months analytics anonymization) - Section 7: Enhanced security specifications (TLS 1.3, AES-256, bcrypt) - Section 3: Clarified MongoDB hosting is in EU Translations: - German (DE): 99/99 professional translations via DeepL ✓ - French (FR): 99/99 professional translations via DeepL ✓ This correction strengthens GDPR compliance messaging and provides accurate transparency about data residency. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-28 10:46:51 +13:00

Author

SHA1

Message

Date

TheFlow

867d211f4e

docs(privacy): add comprehensive Umami Analytics disclosure

GDPR Compliance Update - Added complete section on privacy-first analytics

Changes:
- Updated Section 6 of privacy policy with detailed Umami Analytics information
- Documented what data is collected (page views, referrers, browser, device, country)
- Documented what is NOT collected (IP addresses, personal info, cookies, precise location)
- Added Do Not Track (DNT) support documentation
- Provided opt-out instructions (browser console method, DNT setting)
- Explained cookie-free tracking and EU data storage
- Updated last modified date to October 29, 2025
- Created DeepL translation script for privacy.json
- Translated all new content to German (DE) and French (FR)

Rationale:
- GDPR requires disclosure of all data collection practices
- Umami was deployed in previous session but privacy policy not updated
- This is a mandatory compliance requirement before further work

Testing:
- Verified English HTML updates render correctly
- Confirmed German translation quality (Analytik und Rückverfolgung)
- Validated French translations via DeepL Pro API
- All i18n keys properly mapped

Files Modified:
- public/privacy.html (Section 6 expanded from 13 to 84 lines)
- public/locales/en/privacy.json (added comprehensive section_6 object)
- public/locales/de/privacy.json (DeepL translated section_6)
- public/locales/fr/privacy.json (DeepL translated section_6)
- scripts/translate-privacy-deepl.js (new translation automation script)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-29 11:30:41 +13:00

TheFlow

503cd6767b

fix(privacy): correct hosting location and enhance EU data protection disclosure

CRITICAL FIX: Section 9 incorrectly stated data "may be transferred to and
processed in New Zealand" - this is factually incorrect. Data is hosted in
the EU (OVHCloud France, MongoDB Atlas Frankfurt) and NEVER transferred to NZ.

Changes:
- Section 9: Complete rewrite for accuracy
  * Clarified: NZ administration vs. EU hosting
  * Added explicit hosting providers and regions
  * Confirmed NO data transfer to New Zealand
  * Expanded GDPR compliance details (Articles 5, 6, 15-22, 25, 32)
- Section 4: Updated retention periods to match GDPR page (7 years donations,
  14 months analytics anonymization)
- Section 7: Enhanced security specifications (TLS 1.3, AES-256, bcrypt)
- Section 3: Clarified MongoDB hosting is in EU

Translations:
- German (DE): 99/99 professional translations via DeepL ✓
- French (FR): 99/99 professional translations via DeepL ✓

This correction strengthens GDPR compliance messaging and provides accurate
transparency about data residency.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-28 10:46:51 +13:00

2 commits