koopa-admin-log/scripts/taler-merchant/install_swiss_privacy.sh

195 lines
9.4 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# Install Swiss FADP privacy policy for merchant backend (taler.hacktivism.ch).
# Run as root inside taler-hacktivism. Sets files for PRIVACY_ETAG=merchant-pp-swiss-v0
set -euo pipefail
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin${PATH:+:$PATH}"
ETAG="${PRIVACY_ETAG:-merchant-pp-swiss-v0}"
CONF="${TALER_MERCHANT_CONFIG:-/etc/taler-merchant/taler-merchant.conf}"
DATA_HOME=""
if command -v taler-config >/dev/null 2>&1; then
DATA_HOME=$(taler-config -c "$CONF" -f -s PATHS -o TALER_DATA_HOME 2>/dev/null || true)
fi
DATA_HOME="${DATA_HOME:-/var/lib/taler-merchant/}"
PRIVACY_DIR="${PRIVACY_DIR:-${DATA_HOME%/}/terms}"
LANG_DIR="$PRIVACY_DIR/en"
mkdir -p "$LANG_DIR"
TITLE="Privacy notice · GOA/CHF Merchant · Swiss FADP"
BODY_TXT='Privacy notice — taler.hacktivism.ch merchant backend (Swiss FADP / revDSG)
Controller: operators of the hacktivism.ch GNU Taler stack.
This dual-currency merchant backend accepts GOA (explorational) and CHF (via taler-ops exchange configuration).
Data retained (precise):
1) Merchant instances — merchant_id, serial, creation metadata, config flags: lifetime of instance + up to 12 months after delete or stack wipe.
2) Authentication — API tokens / login tokens (hashed or bearer secrets as stored by software): until expiry, revoke, or instance delete.
3) Contract terms / orders — order_id, amount (currency:amount), summary (free text), paid/wired flags, creation time: for service lifetime; public landing stats may show anonymised aggregates and recent amounts/summaries.
4) Deposits & refunds — deposit proofs, refund amounts/reasons, timestamps: for service lifetime or until operational wipe.
5) Settlement accounts — payto URIs / account labels configured on instances: while configured.
6) Exchange interaction metadata — which exchange (GOA/CHF) was used for deposits: with related order records.
7) Technical logs — HTTP/access and application logs (IP, path, status): typically daysweeks via rotation.
8) Public stats.json — aggregate counts and recent activity without full account credentials: overwritten minutely.
Not retained by this merchant backend: wallet private keys; full card PANs; unsolicited government ID documents unless an operator enables separate KYC tooling.
Purposes: accept GNU Taler payments, refunds, settlement, abuse prevention, operations.
Legal basis (FADP): performance of service requested by merchant operators/customers; proportionate operation of a public experimental stack.
Recipients: configured exchanges (exchange.hacktivism.ch for GOA; exchange.taler-ops.ch for CHF as configured); host operators. No sale of data.
Rights: access, rectification, deletion, objection under FADP; complaint to Swiss FDPIC (EDÖB).
Security: TLS; experimental — no certified ISMS. Do not put sensitive personal data in order summaries.
Related: https://taler.hacktivism.ch/terms · https://exchange.hacktivism.ch/privacy · https://bank.hacktivism.ch/intro/privacy.html
'
BODY_MD='# Privacy notice · Merchant · Swiss FADP
Controller: operators of the **hacktivism.ch** GNU Taler stack (`taler.hacktivism.ch`).
Dual currency: **GOA** (explorational) and **CHF** (taler-ops exchange path).
Processing under the Swiss Federal Act on Data Protection (**FADP / revDSG**, since 1 Sep 2023).
## Data retained
| Data | Examples | Retention |
|------|----------|-----------|
| Instances | merchant_id, serial, config | Instance life + up to 12 months after delete/wipe |
| Auth | API / login tokens | Until expiry, revoke, or instance delete |
| Orders | order_id, amount, summary, paid/wired, time | Service life or wipe; public stats may show recent aggregates |
| Deposits / refunds | proofs, amounts, reasons | Service life or wipe |
| Settlement | payto / account labels | While configured |
| Exchange metadata | GOA/CHF exchange used | With related order records |
| Technical logs | IP, path, status | Daysweeks (rotation) |
| Public stats.json | Aggregates, recent activity | Overwritten continuously |
**Not retained:** wallet private keys; card PANs; government ID unless separate KYC is enabled.
## Purposes
Accept payments, refunds, settlement; security and operations of this experimental backend.
## Rights
Access, correction, deletion, objection (FADP). Complaint: Swiss **FDPIC / EDÖB**.
## Related
- [Merchant terms](https://taler.hacktivism.ch/terms)
- [Exchange privacy](https://exchange.hacktivism.ch/privacy)
- [Bank privacy](https://bank.hacktivism.ch/intro/privacy.html)
'
cat >"$LANG_DIR/${ETAG}.txt" <<EOF
$BODY_TXT
EOF
cat >"$LANG_DIR/${ETAG}.md" <<EOF
$BODY_MD
EOF
cat >"$LANG_DIR/${ETAG}.html" <<'HTML'
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>Privacy notice · GOA/CHF Merchant · Swiss FADP</title>
<style>
:root { color-scheme: dark light; }
body {
font-family: system-ui, -apple-system, sans-serif;
max-width: 42rem; margin: 2rem auto; padding: 0 1.1rem 3rem;
line-height: 1.5; color: #e8e6e3; background: #1a1520;
}
h1 { font-size: 1.35rem; font-weight: 800; margin: 0 0 1rem; color: #f5f0ea; }
h2 { font-size: 1.05rem; margin: 1.5rem 0 0.5rem; color: #e8c878; }
p, li, td, th { font-size: 0.95rem; }
ul { padding-left: 1.2rem; }
code, a { color: #5eead4; }
a { text-decoration: none; }
a:hover { text-decoration: underline; }
.badge {
display: inline-block; font-size: 0.72rem; font-weight: 700;
letter-spacing: 0.06em; text-transform: uppercase;
color: #c4b5fd; border: 1px solid rgba(196,181,253,0.35);
border-radius: 999px; padding: 0.2rem 0.65rem; margin-bottom: 0.85rem;
}
.note {
border-radius: 12px; padding: 0.75rem 0.9rem; margin: 0.85rem 0 1rem;
border: 1px solid rgba(255,255,255,0.1); background: rgba(0,0,0,0.25);
font-size: 0.9rem; color: #c8c4bf;
}
table { width: 100%; border-collapse: collapse; margin: 0.6rem 0 1rem; font-size: 0.88rem; }
th, td { border: 1px solid rgba(255,255,255,0.12); padding: 0.45rem 0.55rem; text-align: left; vertical-align: top; }
th { background: rgba(0,0,0,0.35); color: #e8c878; font-weight: 700; }
.muted { color: #a39e98; font-size: 0.88rem; }
footer { margin-top: 2rem; font-size: 0.85rem; color: #a39e98; }
</style>
</head>
<body>
<div class="badge">taler.hacktivism.ch · privacy · CH</div>
<h1>Privacy notice · GOA/CHF Merchant</h1>
<p class="note">
Swiss Federal Act on Data Protection (<strong>FADP / revDSG</strong>, since 1&nbsp;Sep&nbsp;2023).
Dual-currency merchant backend at <code>taler.hacktivism.ch</code>:
<strong>GOA</strong> (explorational) and <strong>CHF</strong> (taler-ops path).
</p>
<h2>1. Controller</h2>
<p>Operators of the hacktivism.ch GNU Taler stack. Experimental public deployment;
no separate DPO appointed.</p>
<h2>2. Data retained</h2>
<table>
<thead><tr><th>Data</th><th>Examples</th><th>Typical retention</th></tr></thead>
<tbody>
<tr><td>Instances</td><td>merchant_id, serial, config</td><td>Instance life + up to 12 months after delete/wipe</td></tr>
<tr><td>Authentication</td><td>API / login tokens</td><td>Until expiry, revoke, or instance delete</td></tr>
<tr><td>Orders</td><td>order_id, amount, summary, paid/wired, time</td><td>Service life or wipe; public stats may list recent amounts/summaries</td></tr>
<tr><td>Deposits / refunds</td><td>proofs, amounts, reasons</td><td>Service life or wipe</td></tr>
<tr><td>Settlement accounts</td><td>payto / account labels</td><td>While configured</td></tr>
<tr><td>Exchange metadata</td><td>GOA/CHF exchange used</td><td>With related order records</td></tr>
<tr><td>Technical logs</td><td>IP, path, status</td><td>Daysweeks (rotation)</td></tr>
<tr><td>Public stats.json</td><td>Aggregates, recent activity</td><td>Overwritten continuously</td></tr>
</tbody>
</table>
<p><strong>Not retained:</strong> wallet private keys; payment card PANs; government ID documents
unless a separate KYC feature is enabled by operators.</p>
<h2>3. Purposes</h2>
<ul>
<li>Accept GNU Taler payments (GOA and/or CHF), refunds, and settlement</li>
<li>Authenticate instance operators</li>
<li>Security, abuse prevention, debugging</li>
</ul>
<h2>4. Recipients</h2>
<ul>
<li>Local GOA exchange (<code>exchange.hacktivism.ch</code>)</li>
<li>CHF exchange as configured (e.g. <code>exchange.taler-ops.ch</code>)</li>
<li>Host/infrastructure operators under this deployment</li>
</ul>
<p>No sale of personal data.</p>
<h2>5. Your rights</h2>
<p>Access, rectification, deletion, and objection under the FADP (within legal limits).
Complaint: Swiss Federal Data Protection and Information Commissioner
(<strong>FDPIC / EDÖB</strong>).</p>
<h2>Related</h2>
<ul>
<li><a href="https://taler.hacktivism.ch/terms">Merchant terms</a></li>
<li><a href="https://exchange.hacktivism.ch/privacy">Exchange privacy</a></li>
<li><a href="https://bank.hacktivism.ch/intro/privacy.html">Bank privacy</a></li>
</ul>
<footer class="muted">merchant-pp-swiss-v0 · Swiss FADP (revDSG)</footer>
</body>
</html>
HTML
chmod -R a+rX "$PRIVACY_DIR"
if id taler-merchant-httpd >/dev/null 2>&1; then
chown -R taler-merchant-httpd: "$PRIVACY_DIR" 2>/dev/null \
|| chown -R taler-merchant-httpd:www-data "$PRIVACY_DIR" 2>/dev/null || true
fi
echo "ok privacy $ETAG -> $LANG_DIR"
ls -la "$LANG_DIR"/${ETAG}.*