diff --git a/configs/bank-landing/nginx-cors-stats.conf b/configs/bank-landing/nginx-cors-stats.conf new file mode 100644 index 0000000..6442861 --- /dev/null +++ b/configs/bank-landing/nginx-cors-stats.conf @@ -0,0 +1,6 @@ +# Snippet: CORS so exchange/merchant landings can fetch stats.json +# Include inside bank landing server { } or merge into bank-landing site. +# location for stats only: +# include /etc/nginx/snippets/goa-stats-cors.conf; (if placed as snippet) + +# Applied as extra location on :9013 bank-landing: diff --git a/configs/bank-landing/nginx-landing.conf b/configs/bank-landing/nginx-landing.conf new file mode 100644 index 0000000..a921dfb --- /dev/null +++ b/configs/bank-landing/nginx-landing.conf @@ -0,0 +1,55 @@ +# Bank landing — :9013 (behind Caddy :443 — never put 9013 in redirects) +server { + listen 9013; + listen [::]:9013; + server_name bank.hacktivism.ch _; + root /var/www/bank-landing; + index index.html; + + # Critical behind reverse_proxy: no :9013 in Location headers + absolute_redirect off; + port_in_redirect off; + + location = / { + return 302 /intro/; + } + location = /intro { + return 302 /intro/; + } + # Terms (same dark palette as merchant/exchange terms pages) + location = /terms { + alias /var/www/bank-landing/terms.html; + default_type text/html; + add_header Cache-Control "no-store" always; + } + location = /terms/ { + return 302 /terms; + } + location = /privacy { + alias /var/www/bank-landing/privacy.html; + default_type text/html; + add_header Cache-Control "no-store" always; + } + location = /privacy/ { + return 302 /privacy; + } + location /intro/ { + alias /var/www/bank-landing/; + } + location = /intro/stats.json { + alias /var/www/bank-landing/stats.json; + default_type application/json; + add_header Access-Control-Allow-Origin * always; + add_header Access-Control-Allow-Methods "GET, OPTIONS" always; + add_header Cache-Control "no-store" always; + } + location = /stats.json { + alias /var/www/bank-landing/stats.json; + default_type application/json; + add_header Access-Control-Allow-Origin * always; + add_header Cache-Control "no-store" always; + } + location / { + try_files $uri $uri/ =404; + } +} diff --git a/configs/bank-landing/privacy.html b/configs/bank-landing/privacy.html new file mode 100644 index 0000000..a7a3ae5 --- /dev/null +++ b/configs/bank-landing/privacy.html @@ -0,0 +1,137 @@ + + +
+ + +
+ This notice describes personal data processing for the self-hosted bank at
+ bank.hacktivism.ch under the Swiss Federal Act on Data Protection
+ (FADP / revDSG, in force since 1 Sep 2023). It is an
+ explorational service, not a licensed Swiss bank.
+
Operators of the hacktivism.ch GNU Taler stack (GOA exploration deployment). + Contact via the operational channels published for this host. No separate DPO + is appointed for this experimental service.
+ +| Data | Examples | Typical retention |
|---|---|---|
| Account identifiers | +Username, account serial, registration timestamp | +For account lifetime + up to 12 months after deletion or archive wipe | +
| Authentication secrets | +Password hashes / tokens (not plaintext passwords) | +While account exists; tokens until expiry or revoke | +
| Ledger / transactions | +Credits, debits, amounts (GOA), subjects, counterparty account names, timestamps | +Operational retention for the service lifetime; may be wiped on stack reset | +
| Balances & limits | +Account balance, debt limit, conversion flags | +While account exists | +
| Withdrawal operations | +Withdrawal IDs, amounts, status (pending/selected/confirmed), reserve pub when known | +Until completed/aborted + short operational logs (days–weeks) | +
| Technical logs | +HTTP access logs (IP, User-Agent, path, status), application logs | +Typically days to a few weeks (rotation); not used for marketing | +
| Landing / demo artefacts | +Public stats.json aggregates, demo withdraw URI state |
+ Stats overwritten continuously; demo URI until used or rotated | +
Not retained as payment content: wallet coin private keys (never sent to the bank). + Full browser history or device contacts are not collected by this bank service.
+ +Processing is necessary to provide the service requested by the user (account / withdraw) + and for overriding private interests of secure operation of an experimental public stack + (Art. 6 and 31 FADP principles: lawfulness, proportionality, purpose limitation).
+ +exchange.hacktivism.ch): reserve/wire-related data required by the protocolSubject to legal limits: right to information/access, rectification, deletion, and to object + to processing. Contact the operators. You may lodge a complaint with the Swiss Federal Data + Protection and Information Commissioner (FDPIC / EDÖB).
+ +TLS in transit; access control on bank API; experimental service — no certified ISMS. + Do not store sensitive personal data in transaction subjects.
+ +This is a self-hosted GNU Taler regional bank at
+ bank.hacktivism.ch (hacktivism.ch) for the explorational currency
+ GOA.
No formal terms of service apply beyond this short notice.
+ +If you do not agree, do not use this bank.
+ +Processing under Swiss FADP (revDSG). What data is retained + (accounts, ledger, logs, …) is listed on + /privacy.
+ + +