diff --git a/scripts/taler-exchange/install_swiss_privacy.sh b/scripts/taler-exchange/install_swiss_privacy.sh new file mode 100644 index 0000000..0519d50 --- /dev/null +++ b/scripts/taler-exchange/install_swiss_privacy.sh @@ -0,0 +1,168 @@ +#!/bin/bash +# Swiss FADP privacy for exchange.hacktivism.ch — run inside exchange container. +set -euo pipefail +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin${PATH:+:$PATH}" + +ETAG="${PRIVACY_ETAG:-exchange-pp-swiss-v0}" +CONF="${TALER_EXCHANGE_CONFIG:-/etc/taler-exchange/taler-exchange.conf}" +DATA_HOME=$(taler-exchange-config -c "$CONF" -f -s PATHS -o TALER_DATA_HOME 2>/dev/null || true) +DATA_HOME="${DATA_HOME:-/var/lib/taler-exchange/}" +DIR="${PRIVACY_DIR:-${DATA_HOME%/}/terms}/en" +mkdir -p "$DIR" + +cat >"$DIR/${ETAG}.txt" <<'EOF' +Privacy notice — exchange.hacktivism.ch (Swiss FADP / revDSG) + +Controller: operators of the hacktivism.ch GNU Taler stack. +Service: experimental GOA exchange (not a licensed Swiss bank or e-money institution). + +Data retained (precise): +1) Reserves — reserve public keys, current remaining amounts, creation/close times: for service life or wipe. +2) Wire-in (reserves_in) — credit amounts, timestamps, bank-side account reference as provided by the bank/wire gateway: for service life; links reserve funding to bank accounts. +3) Coins — known coin public keys, denomination serials, remaining value, spend/deposit linkage as required by protocol: for service life. +4) Withdraw / refresh / recoup / refund / deposit tables — protocol operation records and timestamps: for service life. +5) Wire-out — transfers to merchant accounts (amounts, payto/target as stored, times): for service life. +6) Keys / denominations — public denomination and signing keys (not personal data by themselves). +7) Technical logs — HTTP and process logs (IP, path, status): days–weeks via rotation. +8) Terms acceptance markers if stored by clients — as required by wallet software. + +Not retained by the exchange as plaintext identity of wallet holders: GNU Taler is designed so coin spend is unlinkable to customer bank identity at the exchange when used as intended. Funding reserves via the bank may still identify the bank account holder on the bank side. + +Purposes: operate GOA exchange protocol, settle with bank/merchants, security, operations. +Legal basis (FADP): provision of requested exchange service; proportionate operation of experimental stack. +Recipients: bank.hacktivism.ch (wire); merchants depositing GOA; host operators. No sale of data. +Rights: access, rectification, deletion, objection (FADP); complaint to Swiss FDPIC (EDÖB). +Security: TLS; experimental stack. + +Related: https://exchange.hacktivism.ch/terms · https://bank.hacktivism.ch/intro/privacy.html · https://taler.hacktivism.ch/privacy +EOF + +cat >"$DIR/${ETAG}.md" <<'EOF' +# Privacy notice · GOA Exchange · Swiss FADP + +Controller: operators of **hacktivism.ch**. Service: experimental **GOA** exchange at `exchange.hacktivism.ch`. + +Swiss Federal Act on Data Protection (**FADP / revDSG**, since 1 Sep 2023). + +## Data retained + +| Data | Examples | Retention | +|------|----------|-----------| +| Reserves | Reserve pubs, remaining amount, times | Service life or wipe | +| Wire-in | Amounts, timestamps, bank account ref from wire path | Service life | +| Coins | Coin pubs, denoms, remaining, deposit links | Service life | +| Protocol ops | Withdraw, refresh, deposit, refund, recoup | Service life | +| Wire-out | Merchant settlement amounts / targets | Service life | +| Technical logs | IP, path, status | Days–weeks (rotation) | + +**Design note:** Coin spend is intended to be unlinkable to the customer at the exchange. Funding a reserve via the bank may identify the **bank** account holder on the bank system. + +## Purposes + +Run the GOA exchange protocol; wire settlement; security and operations. + +## Rights + +FADP access, correction, deletion, objection. Complaint: Swiss **FDPIC / EDÖB**. + +## Related + +- [Exchange terms](https://exchange.hacktivism.ch/terms) +- [Bank privacy](https://bank.hacktivism.ch/intro/privacy.html) +- [Merchant privacy](https://taler.hacktivism.ch/privacy) +EOF + +cat >"$DIR/${ETAG}.html" <<'HTML' + + +
+ + +
+ Swiss Federal Act on Data Protection (FADP / revDSG, since 1 Sep 2023).
+ Experimental GOA exchange at exchange.hacktivism.ch — not a licensed bank.
+
Operators of the hacktivism.ch GNU Taler stack. No separate DPO for this experimental service.
+ +| Data | Examples | Typical retention |
|---|---|---|
| Reserves | Reserve public keys, remaining amount, times | Service life or wipe |
| Wire-in | Amounts, timestamps, bank account reference from wire path | Service life |
| Coins | Coin pubs, denominations, remaining value, deposit links | Service life |
| Protocol operations | Withdraw, refresh, deposit, refund, recoup | Service life |
| Wire-out | Merchant settlement amounts / targets | Service life |
| Technical logs | IP, path, status | Days–weeks (rotation) |
Design note: Coin spend is intended to be unlinkable to the customer + at the exchange. Funding a reserve via the bank may identify the bank account + holder on the bank system.
+ +Access, rectification, deletion, objection under the FADP. Complaint: + Swiss FDPIC / EDÖB.
+ +