merchant: Swiss FADP privacy (PRIVACY_ETAG; was not configured)
This commit is contained in:
parent
495f35900d
commit
0b04d6b23c
1 changed files with 195 additions and 0 deletions
195
scripts/taler-merchant/install_swiss_privacy.sh
Normal file
195
scripts/taler-merchant/install_swiss_privacy.sh
Normal file
|
|
@ -0,0 +1,195 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Install Swiss FADP privacy policy for merchant backend (taler.hacktivism.ch).
|
||||||
|
# Run as root inside taler-hacktivism. Sets files for PRIVACY_ETAG=merchant-pp-swiss-v0
|
||||||
|
set -euo pipefail
|
||||||
|
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin${PATH:+:$PATH}"
|
||||||
|
|
||||||
|
ETAG="${PRIVACY_ETAG:-merchant-pp-swiss-v0}"
|
||||||
|
CONF="${TALER_MERCHANT_CONFIG:-/etc/taler-merchant/taler-merchant.conf}"
|
||||||
|
DATA_HOME=""
|
||||||
|
if command -v taler-config >/dev/null 2>&1; then
|
||||||
|
DATA_HOME=$(taler-config -c "$CONF" -f -s PATHS -o TALER_DATA_HOME 2>/dev/null || true)
|
||||||
|
fi
|
||||||
|
DATA_HOME="${DATA_HOME:-/var/lib/taler-merchant/}"
|
||||||
|
PRIVACY_DIR="${PRIVACY_DIR:-${DATA_HOME%/}/terms}"
|
||||||
|
LANG_DIR="$PRIVACY_DIR/en"
|
||||||
|
mkdir -p "$LANG_DIR"
|
||||||
|
|
||||||
|
TITLE="Privacy notice · GOA/CHF Merchant · Swiss FADP"
|
||||||
|
BODY_TXT='Privacy notice — taler.hacktivism.ch merchant backend (Swiss FADP / revDSG)
|
||||||
|
|
||||||
|
Controller: operators of the hacktivism.ch GNU Taler stack.
|
||||||
|
This dual-currency merchant backend accepts GOA (explorational) and CHF (via taler-ops exchange configuration).
|
||||||
|
|
||||||
|
Data retained (precise):
|
||||||
|
1) Merchant instances — merchant_id, serial, creation metadata, config flags: lifetime of instance + up to 12 months after delete or stack wipe.
|
||||||
|
2) Authentication — API tokens / login tokens (hashed or bearer secrets as stored by software): until expiry, revoke, or instance delete.
|
||||||
|
3) Contract terms / orders — order_id, amount (currency:amount), summary (free text), paid/wired flags, creation time: for service lifetime; public landing stats may show anonymised aggregates and recent amounts/summaries.
|
||||||
|
4) Deposits & refunds — deposit proofs, refund amounts/reasons, timestamps: for service lifetime or until operational wipe.
|
||||||
|
5) Settlement accounts — payto URIs / account labels configured on instances: while configured.
|
||||||
|
6) Exchange interaction metadata — which exchange (GOA/CHF) was used for deposits: with related order records.
|
||||||
|
7) Technical logs — HTTP/access and application logs (IP, path, status): typically days–weeks via rotation.
|
||||||
|
8) Public stats.json — aggregate counts and recent activity without full account credentials: overwritten minutely.
|
||||||
|
|
||||||
|
Not retained by this merchant backend: wallet private keys; full card PANs; unsolicited government ID documents unless an operator enables separate KYC tooling.
|
||||||
|
|
||||||
|
Purposes: accept GNU Taler payments, refunds, settlement, abuse prevention, operations.
|
||||||
|
Legal basis (FADP): performance of service requested by merchant operators/customers; proportionate operation of a public experimental stack.
|
||||||
|
Recipients: configured exchanges (exchange.hacktivism.ch for GOA; exchange.taler-ops.ch for CHF as configured); host operators. No sale of data.
|
||||||
|
Rights: access, rectification, deletion, objection under FADP; complaint to Swiss FDPIC (EDÖB).
|
||||||
|
Security: TLS; experimental — no certified ISMS. Do not put sensitive personal data in order summaries.
|
||||||
|
|
||||||
|
Related: https://taler.hacktivism.ch/terms · https://exchange.hacktivism.ch/privacy · https://bank.hacktivism.ch/intro/privacy.html
|
||||||
|
'
|
||||||
|
|
||||||
|
BODY_MD='# Privacy notice · Merchant · Swiss FADP
|
||||||
|
|
||||||
|
Controller: operators of the **hacktivism.ch** GNU Taler stack (`taler.hacktivism.ch`).
|
||||||
|
Dual currency: **GOA** (explorational) and **CHF** (taler-ops exchange path).
|
||||||
|
|
||||||
|
Processing under the Swiss Federal Act on Data Protection (**FADP / revDSG**, since 1 Sep 2023).
|
||||||
|
|
||||||
|
## Data retained
|
||||||
|
|
||||||
|
| Data | Examples | Retention |
|
||||||
|
|------|----------|-----------|
|
||||||
|
| Instances | merchant_id, serial, config | Instance life + up to 12 months after delete/wipe |
|
||||||
|
| Auth | API / login tokens | Until expiry, revoke, or instance delete |
|
||||||
|
| Orders | order_id, amount, summary, paid/wired, time | Service life or wipe; public stats may show recent aggregates |
|
||||||
|
| Deposits / refunds | proofs, amounts, reasons | Service life or wipe |
|
||||||
|
| Settlement | payto / account labels | While configured |
|
||||||
|
| Exchange metadata | GOA/CHF exchange used | With related order records |
|
||||||
|
| Technical logs | IP, path, status | Days–weeks (rotation) |
|
||||||
|
| Public stats.json | Aggregates, recent activity | Overwritten continuously |
|
||||||
|
|
||||||
|
**Not retained:** wallet private keys; card PANs; government ID unless separate KYC is enabled.
|
||||||
|
|
||||||
|
## Purposes
|
||||||
|
|
||||||
|
Accept payments, refunds, settlement; security and operations of this experimental backend.
|
||||||
|
|
||||||
|
## Rights
|
||||||
|
|
||||||
|
Access, correction, deletion, objection (FADP). Complaint: Swiss **FDPIC / EDÖB**.
|
||||||
|
|
||||||
|
## Related
|
||||||
|
|
||||||
|
- [Merchant terms](https://taler.hacktivism.ch/terms)
|
||||||
|
- [Exchange privacy](https://exchange.hacktivism.ch/privacy)
|
||||||
|
- [Bank privacy](https://bank.hacktivism.ch/intro/privacy.html)
|
||||||
|
'
|
||||||
|
|
||||||
|
cat >"$LANG_DIR/${ETAG}.txt" <<EOF
|
||||||
|
$BODY_TXT
|
||||||
|
EOF
|
||||||
|
cat >"$LANG_DIR/${ETAG}.md" <<EOF
|
||||||
|
$BODY_MD
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat >"$LANG_DIR/${ETAG}.html" <<'HTML'
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8"/>
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1"/>
|
||||||
|
<title>Privacy notice · GOA/CHF Merchant · Swiss FADP</title>
|
||||||
|
<style>
|
||||||
|
:root { color-scheme: dark light; }
|
||||||
|
body {
|
||||||
|
font-family: system-ui, -apple-system, sans-serif;
|
||||||
|
max-width: 42rem; margin: 2rem auto; padding: 0 1.1rem 3rem;
|
||||||
|
line-height: 1.5; color: #e8e6e3; background: #1a1520;
|
||||||
|
}
|
||||||
|
h1 { font-size: 1.35rem; font-weight: 800; margin: 0 0 1rem; color: #f5f0ea; }
|
||||||
|
h2 { font-size: 1.05rem; margin: 1.5rem 0 0.5rem; color: #e8c878; }
|
||||||
|
p, li, td, th { font-size: 0.95rem; }
|
||||||
|
ul { padding-left: 1.2rem; }
|
||||||
|
code, a { color: #5eead4; }
|
||||||
|
a { text-decoration: none; }
|
||||||
|
a:hover { text-decoration: underline; }
|
||||||
|
.badge {
|
||||||
|
display: inline-block; font-size: 0.72rem; font-weight: 700;
|
||||||
|
letter-spacing: 0.06em; text-transform: uppercase;
|
||||||
|
color: #c4b5fd; border: 1px solid rgba(196,181,253,0.35);
|
||||||
|
border-radius: 999px; padding: 0.2rem 0.65rem; margin-bottom: 0.85rem;
|
||||||
|
}
|
||||||
|
.note {
|
||||||
|
border-radius: 12px; padding: 0.75rem 0.9rem; margin: 0.85rem 0 1rem;
|
||||||
|
border: 1px solid rgba(255,255,255,0.1); background: rgba(0,0,0,0.25);
|
||||||
|
font-size: 0.9rem; color: #c8c4bf;
|
||||||
|
}
|
||||||
|
table { width: 100%; border-collapse: collapse; margin: 0.6rem 0 1rem; font-size: 0.88rem; }
|
||||||
|
th, td { border: 1px solid rgba(255,255,255,0.12); padding: 0.45rem 0.55rem; text-align: left; vertical-align: top; }
|
||||||
|
th { background: rgba(0,0,0,0.35); color: #e8c878; font-weight: 700; }
|
||||||
|
.muted { color: #a39e98; font-size: 0.88rem; }
|
||||||
|
footer { margin-top: 2rem; font-size: 0.85rem; color: #a39e98; }
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div class="badge">taler.hacktivism.ch · privacy · CH</div>
|
||||||
|
<h1>Privacy notice · GOA/CHF Merchant</h1>
|
||||||
|
<p class="note">
|
||||||
|
Swiss Federal Act on Data Protection (<strong>FADP / revDSG</strong>, since 1 Sep 2023).
|
||||||
|
Dual-currency merchant backend at <code>taler.hacktivism.ch</code>:
|
||||||
|
<strong>GOA</strong> (explorational) and <strong>CHF</strong> (taler-ops path).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h2>1. Controller</h2>
|
||||||
|
<p>Operators of the hacktivism.ch GNU Taler stack. Experimental public deployment;
|
||||||
|
no separate DPO appointed.</p>
|
||||||
|
|
||||||
|
<h2>2. Data retained</h2>
|
||||||
|
<table>
|
||||||
|
<thead><tr><th>Data</th><th>Examples</th><th>Typical retention</th></tr></thead>
|
||||||
|
<tbody>
|
||||||
|
<tr><td>Instances</td><td>merchant_id, serial, config</td><td>Instance life + up to 12 months after delete/wipe</td></tr>
|
||||||
|
<tr><td>Authentication</td><td>API / login tokens</td><td>Until expiry, revoke, or instance delete</td></tr>
|
||||||
|
<tr><td>Orders</td><td>order_id, amount, summary, paid/wired, time</td><td>Service life or wipe; public stats may list recent amounts/summaries</td></tr>
|
||||||
|
<tr><td>Deposits / refunds</td><td>proofs, amounts, reasons</td><td>Service life or wipe</td></tr>
|
||||||
|
<tr><td>Settlement accounts</td><td>payto / account labels</td><td>While configured</td></tr>
|
||||||
|
<tr><td>Exchange metadata</td><td>GOA/CHF exchange used</td><td>With related order records</td></tr>
|
||||||
|
<tr><td>Technical logs</td><td>IP, path, status</td><td>Days–weeks (rotation)</td></tr>
|
||||||
|
<tr><td>Public stats.json</td><td>Aggregates, recent activity</td><td>Overwritten continuously</td></tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<p><strong>Not retained:</strong> wallet private keys; payment card PANs; government ID documents
|
||||||
|
unless a separate KYC feature is enabled by operators.</p>
|
||||||
|
|
||||||
|
<h2>3. Purposes</h2>
|
||||||
|
<ul>
|
||||||
|
<li>Accept GNU Taler payments (GOA and/or CHF), refunds, and settlement</li>
|
||||||
|
<li>Authenticate instance operators</li>
|
||||||
|
<li>Security, abuse prevention, debugging</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h2>4. Recipients</h2>
|
||||||
|
<ul>
|
||||||
|
<li>Local GOA exchange (<code>exchange.hacktivism.ch</code>)</li>
|
||||||
|
<li>CHF exchange as configured (e.g. <code>exchange.taler-ops.ch</code>)</li>
|
||||||
|
<li>Host/infrastructure operators under this deployment</li>
|
||||||
|
</ul>
|
||||||
|
<p>No sale of personal data.</p>
|
||||||
|
|
||||||
|
<h2>5. Your rights</h2>
|
||||||
|
<p>Access, rectification, deletion, and objection under the FADP (within legal limits).
|
||||||
|
Complaint: Swiss Federal Data Protection and Information Commissioner
|
||||||
|
(<strong>FDPIC / EDÖB</strong>).</p>
|
||||||
|
|
||||||
|
<h2>Related</h2>
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://taler.hacktivism.ch/terms">Merchant terms</a></li>
|
||||||
|
<li><a href="https://exchange.hacktivism.ch/privacy">Exchange privacy</a></li>
|
||||||
|
<li><a href="https://bank.hacktivism.ch/intro/privacy.html">Bank privacy</a></li>
|
||||||
|
</ul>
|
||||||
|
<footer class="muted">merchant-pp-swiss-v0 · Swiss FADP (revDSG)</footer>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
HTML
|
||||||
|
|
||||||
|
chmod -R a+rX "$PRIVACY_DIR"
|
||||||
|
if id taler-merchant-httpd >/dev/null 2>&1; then
|
||||||
|
chown -R taler-merchant-httpd: "$PRIVACY_DIR" 2>/dev/null \
|
||||||
|
|| chown -R taler-merchant-httpd:www-data "$PRIVACY_DIR" 2>/dev/null || true
|
||||||
|
fi
|
||||||
|
echo "ok privacy $ETAG -> $LANG_DIR"
|
||||||
|
ls -la "$LANG_DIR"/${ETAG}.*
|
||||||
Loading…
Add table
Add a link
Reference in a new issue