6 Privacy
tk100 edited this page 2 years ago

Notes on Privacy

This section in no way replaces a valid privacy declaration!

Two different user groups have to be distinguished:

  1. Visitors: These are unregistered persons, such as participant in a survey or a collection of ideas
  2. User: Registered persons, e.g. teacher, leader of a workshop. Each user has a unique user ID

Cookies

The application uses cookies neither for visitors nor for users, so no cookie banner is necessary.

Java web token

After authentication, users receive an access as well as a refresh token (both time-limited), which are stored in the main memory of the JavaScript application and are transmitted to the server in the event of queries.

Logging

  • Entries from visitors are saved without meta information (such as IP address).
  • When a user enters data (e.g. creating a new quiz), the user ID will be saved (otherwise an assignment is not possible)
  • For users, the date of the last login is also saved.

Confidentiality

  • If a ticket is issued for a collection / quiz, then everyone who owns this ticken can obviously access all of the data in it
  • Passwords of users are generally stored as hash (i.e. irreversibly encrypted)
  • Users with the “admin” role have access to a list of all other registered users and can edit them. You will also see an overview of all content for each module (e.g. all collections of ideas), but you can only see the user ID and the title (but not the content).
  • Contents are stored in the database not encrypted. This means that system administrators who have access to the database can read out all content.

Technical information about the application

  • The transmission in a productive system must be secured by SSL.
  • The database in a productive system must be secured with a password.
  • The log of the web server must not contain any tickets.

Conclusion

The protection against tracking is very high, while that of confidentiality is rather low. In other words, for all modules no personal data should be stored:

  • Use of nick names in the abcd quiz and similar modules
  • Avoid personal information (such as real names) in all modules