koopa-admin-log/configs/bank-landing/privacy.html

137 lines
6.1 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>Privacy · GOA Bank · Swiss FADP</title>
<style>
:root { color-scheme: dark light; }
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 42rem; margin: 2rem auto; padding: 0 1.1rem 3rem;
line-height: 1.5; color: #e8e6e3; background: #1a1520;
}
h1 { font-size: 1.35rem; font-weight: 800; margin: 0 0 1rem; color: #f5f0ea; }
h2 { font-size: 1.05rem; margin: 1.5rem 0 0.5rem; color: #e8c878; }
p, li, td, th { font-size: 0.95rem; }
ul { padding-left: 1.2rem; }
code, a { color: #5eead4; }
a { text-decoration: none; }
a:hover { text-decoration: underline; }
.badge {
display: inline-block; font-size: 0.72rem; font-weight: 700;
letter-spacing: 0.06em; text-transform: uppercase;
color: #c4b5fd; border: 1px solid rgba(196,181,253,0.35);
border-radius: 999px; padding: 0.2rem 0.65rem; margin-bottom: 0.85rem;
}
.note {
border-radius: 12px; padding: 0.75rem 0.9rem; margin: 0.85rem 0 1rem;
border: 1px solid rgba(255,255,255,0.1); background: rgba(0,0,0,0.25);
font-size: 0.9rem; color: #c8c4bf;
}
table { width: 100%; border-collapse: collapse; margin: 0.6rem 0 1rem; font-size: 0.88rem; }
th, td { border: 1px solid rgba(255,255,255,0.12); padding: 0.45rem 0.55rem; text-align: left; vertical-align: top; }
th { background: rgba(0,0,0,0.35); color: #e8c878; font-weight: 700; }
.muted { color: #a39e98; font-size: 0.88rem; }
footer { margin-top: 2rem; font-size: 0.85rem; color: #a39e98; }
</style>
</head>
<body>
<div class="badge">bank.hacktivism.ch · privacy · CH</div>
<h1>Privacy notice · GOA Exploration Bank</h1>
<p class="note">
This notice describes personal data processing for the self-hosted bank at
<code>bank.hacktivism.ch</code> under the Swiss Federal Act on Data Protection
(<strong>FADP / revDSG</strong>, in force since 1&nbsp;Sep&nbsp;2023). It is an
explorational service, not a licensed Swiss bank.
</p>
<h2>1. Controller</h2>
<p>Operators of the hacktivism.ch GNU Taler stack (GOA exploration deployment).
Contact via the operational channels published for this host. No separate DPO
is appointed for this experimental service.</p>
<h2>2. Categories of data retained</h2>
<table>
<thead><tr><th>Data</th><th>Examples</th><th>Typical retention</th></tr></thead>
<tbody>
<tr>
<td>Account identifiers</td>
<td>Username, account serial, registration timestamp</td>
<td>For account lifetime + up to 12 months after deletion or archive wipe</td>
</tr>
<tr>
<td>Authentication secrets</td>
<td>Password hashes / tokens (not plaintext passwords)</td>
<td>While account exists; tokens until expiry or revoke</td>
</tr>
<tr>
<td>Ledger / transactions</td>
<td>Credits, debits, amounts (GOA), subjects, counterparty account names, timestamps</td>
<td>Operational retention for the service lifetime; may be wiped on stack reset</td>
</tr>
<tr>
<td>Balances &amp; limits</td>
<td>Account balance, debt limit, conversion flags</td>
<td>While account exists</td>
</tr>
<tr>
<td>Withdrawal operations</td>
<td>Withdrawal IDs, amounts, status (pending/selected/confirmed), reserve pub when known</td>
<td>Until completed/aborted + short operational logs (daysweeks)</td>
</tr>
<tr>
<td>Technical logs</td>
<td>HTTP access logs (IP, User-Agent, path, status), application logs</td>
<td>Typically days to a few weeks (rotation); not used for marketing</td>
</tr>
<tr>
<td>Landing / demo artefacts</td>
<td>Public <code>stats.json</code> aggregates, demo withdraw URI state</td>
<td>Stats overwritten continuously; demo URI until used or rotated</td>
</tr>
</tbody>
</table>
<p><strong>Not retained as payment content:</strong> wallet coin private keys (never sent to the bank).
Full browser history or device contacts are not collected by this bank service.</p>
<h2>3. Purposes</h2>
<ul>
<li>Operating bank accounts and GOA transfers for exploration of GNU Taler</li>
<li>Authenticating users and preventing abuse</li>
<li>Enabling withdrawals to the GOA exchange</li>
<li>Security, debugging, and capacity monitoring</li>
</ul>
<h2>4. Legal basis (Swiss FADP)</h2>
<p>Processing is necessary to provide the service requested by the user (account / withdraw)
and for overriding private interests of secure operation of an experimental public stack
(Art.&nbsp;6 and 31 FADP principles: lawfulness, proportionality, purpose limitation).</p>
<h2>5. Recipients &amp; transfers</h2>
<ul>
<li><strong>GOA exchange</strong> (<code>exchange.hacktivism.ch</code>): reserve/wire-related data required by the protocol</li>
<li><strong>Infrastructure operators</strong> of this host (hosting, backups) under operational control</li>
<li>No sale of personal data. No intentional transfer outside Switzerland/EEA for this service;
infrastructure may use standard CDN/DNS resolvers</li>
</ul>
<h2>6. Your rights (FADP)</h2>
<p>Subject to legal limits: right to information/access, rectification, deletion, and to object
to processing. Contact the operators. You may lodge a complaint with the Swiss Federal Data
Protection and Information Commissioner (<strong>FDPIC / EDÖB</strong>).</p>
<h2>7. Security</h2>
<p>TLS in transit; access control on bank API; experimental service — no certified ISMS.
Do not store sensitive personal data in transaction subjects.</p>
<h2>Related</h2>
<ul>
<li><a href="https://bank.hacktivism.ch/terms">Bank terms</a></li>
<li><a href="https://exchange.hacktivism.ch/privacy">Exchange privacy</a></li>
<li><a href="https://taler.hacktivism.ch/privacy">Merchant privacy</a></li>
<li><a href="https://bank.hacktivism.ch/intro/">Bank intro</a></li>
</ul>
<footer class="muted">bank-pp-swiss-v0 · Swiss FADP (revDSG)</footer>
</body>
</html>