From 0b04d6b23cd1b2e08039f80e5f47e51520ed9922 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hern=C3=A2ni=20Marques?= Date: Thu, 9 Jul 2026 21:27:13 +0200 Subject: [PATCH] merchant: Swiss FADP privacy (PRIVACY_ETAG; was not configured) --- .../taler-merchant/install_swiss_privacy.sh | 195 ++++++++++++++++++ 1 file changed, 195 insertions(+) create mode 100644 scripts/taler-merchant/install_swiss_privacy.sh diff --git a/scripts/taler-merchant/install_swiss_privacy.sh b/scripts/taler-merchant/install_swiss_privacy.sh new file mode 100644 index 0000000..f2ca0d7 --- /dev/null +++ b/scripts/taler-merchant/install_swiss_privacy.sh @@ -0,0 +1,195 @@ +#!/bin/bash +# Install Swiss FADP privacy policy for merchant backend (taler.hacktivism.ch). +# Run as root inside taler-hacktivism. Sets files for PRIVACY_ETAG=merchant-pp-swiss-v0 +set -euo pipefail +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin${PATH:+:$PATH}" + +ETAG="${PRIVACY_ETAG:-merchant-pp-swiss-v0}" +CONF="${TALER_MERCHANT_CONFIG:-/etc/taler-merchant/taler-merchant.conf}" +DATA_HOME="" +if command -v taler-config >/dev/null 2>&1; then + DATA_HOME=$(taler-config -c "$CONF" -f -s PATHS -o TALER_DATA_HOME 2>/dev/null || true) +fi +DATA_HOME="${DATA_HOME:-/var/lib/taler-merchant/}" +PRIVACY_DIR="${PRIVACY_DIR:-${DATA_HOME%/}/terms}" +LANG_DIR="$PRIVACY_DIR/en" +mkdir -p "$LANG_DIR" + +TITLE="Privacy notice · GOA/CHF Merchant · Swiss FADP" +BODY_TXT='Privacy notice — taler.hacktivism.ch merchant backend (Swiss FADP / revDSG) + +Controller: operators of the hacktivism.ch GNU Taler stack. +This dual-currency merchant backend accepts GOA (explorational) and CHF (via taler-ops exchange configuration). + +Data retained (precise): +1) Merchant instances — merchant_id, serial, creation metadata, config flags: lifetime of instance + up to 12 months after delete or stack wipe. +2) Authentication — API tokens / login tokens (hashed or bearer secrets as stored by software): until expiry, revoke, or instance delete. +3) Contract terms / orders — order_id, amount (currency:amount), summary (free text), paid/wired flags, creation time: for service lifetime; public landing stats may show anonymised aggregates and recent amounts/summaries. +4) Deposits & refunds — deposit proofs, refund amounts/reasons, timestamps: for service lifetime or until operational wipe. +5) Settlement accounts — payto URIs / account labels configured on instances: while configured. +6) Exchange interaction metadata — which exchange (GOA/CHF) was used for deposits: with related order records. +7) Technical logs — HTTP/access and application logs (IP, path, status): typically days–weeks via rotation. +8) Public stats.json — aggregate counts and recent activity without full account credentials: overwritten minutely. + +Not retained by this merchant backend: wallet private keys; full card PANs; unsolicited government ID documents unless an operator enables separate KYC tooling. + +Purposes: accept GNU Taler payments, refunds, settlement, abuse prevention, operations. +Legal basis (FADP): performance of service requested by merchant operators/customers; proportionate operation of a public experimental stack. +Recipients: configured exchanges (exchange.hacktivism.ch for GOA; exchange.taler-ops.ch for CHF as configured); host operators. No sale of data. +Rights: access, rectification, deletion, objection under FADP; complaint to Swiss FDPIC (EDÖB). +Security: TLS; experimental — no certified ISMS. Do not put sensitive personal data in order summaries. + +Related: https://taler.hacktivism.ch/terms · https://exchange.hacktivism.ch/privacy · https://bank.hacktivism.ch/intro/privacy.html +' + +BODY_MD='# Privacy notice · Merchant · Swiss FADP + +Controller: operators of the **hacktivism.ch** GNU Taler stack (`taler.hacktivism.ch`). +Dual currency: **GOA** (explorational) and **CHF** (taler-ops exchange path). + +Processing under the Swiss Federal Act on Data Protection (**FADP / revDSG**, since 1 Sep 2023). + +## Data retained + +| Data | Examples | Retention | +|------|----------|-----------| +| Instances | merchant_id, serial, config | Instance life + up to 12 months after delete/wipe | +| Auth | API / login tokens | Until expiry, revoke, or instance delete | +| Orders | order_id, amount, summary, paid/wired, time | Service life or wipe; public stats may show recent aggregates | +| Deposits / refunds | proofs, amounts, reasons | Service life or wipe | +| Settlement | payto / account labels | While configured | +| Exchange metadata | GOA/CHF exchange used | With related order records | +| Technical logs | IP, path, status | Days–weeks (rotation) | +| Public stats.json | Aggregates, recent activity | Overwritten continuously | + +**Not retained:** wallet private keys; card PANs; government ID unless separate KYC is enabled. + +## Purposes + +Accept payments, refunds, settlement; security and operations of this experimental backend. + +## Rights + +Access, correction, deletion, objection (FADP). Complaint: Swiss **FDPIC / EDÖB**. + +## Related + +- [Merchant terms](https://taler.hacktivism.ch/terms) +- [Exchange privacy](https://exchange.hacktivism.ch/privacy) +- [Bank privacy](https://bank.hacktivism.ch/intro/privacy.html) +' + +cat >"$LANG_DIR/${ETAG}.txt" <"$LANG_DIR/${ETAG}.md" <"$LANG_DIR/${ETAG}.html" <<'HTML' + + + + + + Privacy notice · GOA/CHF Merchant · Swiss FADP + + + +
taler.hacktivism.ch · privacy · CH
+

Privacy notice · GOA/CHF Merchant

+

+ Swiss Federal Act on Data Protection (FADP / revDSG, since 1 Sep 2023). + Dual-currency merchant backend at taler.hacktivism.ch: + GOA (explorational) and CHF (taler-ops path). +

+ +

1. Controller

+

Operators of the hacktivism.ch GNU Taler stack. Experimental public deployment; + no separate DPO appointed.

+ +

2. Data retained

+ + + + + + + + + + + + +
DataExamplesTypical retention
Instancesmerchant_id, serial, configInstance life + up to 12 months after delete/wipe
AuthenticationAPI / login tokensUntil expiry, revoke, or instance delete
Ordersorder_id, amount, summary, paid/wired, timeService life or wipe; public stats may list recent amounts/summaries
Deposits / refundsproofs, amounts, reasonsService life or wipe
Settlement accountspayto / account labelsWhile configured
Exchange metadataGOA/CHF exchange usedWith related order records
Technical logsIP, path, statusDays–weeks (rotation)
Public stats.jsonAggregates, recent activityOverwritten continuously
+

Not retained: wallet private keys; payment card PANs; government ID documents + unless a separate KYC feature is enabled by operators.

+ +

3. Purposes

+
    +
  • Accept GNU Taler payments (GOA and/or CHF), refunds, and settlement
  • +
  • Authenticate instance operators
  • +
  • Security, abuse prevention, debugging
  • +
+ +

4. Recipients

+
    +
  • Local GOA exchange (exchange.hacktivism.ch)
  • +
  • CHF exchange as configured (e.g. exchange.taler-ops.ch)
  • +
  • Host/infrastructure operators under this deployment
  • +
+

No sale of personal data.

+ +

5. Your rights

+

Access, rectification, deletion, and objection under the FADP (within legal limits). + Complaint: Swiss Federal Data Protection and Information Commissioner + (FDPIC / EDÖB).

+ +

Related

+ + + + +HTML + +chmod -R a+rX "$PRIVACY_DIR" +if id taler-merchant-httpd >/dev/null 2>&1; then + chown -R taler-merchant-httpd: "$PRIVACY_DIR" 2>/dev/null \ + || chown -R taler-merchant-httpd:www-data "$PRIVACY_DIR" 2>/dev/null || true +fi +echo "ok privacy $ETAG -> $LANG_DIR" +ls -la "$LANG_DIR"/${ETAG}.*