feat(beta): add beta testing features and privacy policy page
Implemented comprehensive beta testing system with tier badges and
reorganized environment configuration for better maintainability.
Beta Testing Features:
- Beta banner component with dismissible state (localStorage)
- Auto-assign SUPPORTER tier to new registrations (env controlled)
- TierBadge component with SUPPORTER/COMFORT tier display
- Badge shown in Navbar, ProfilePage, and PublicProfilePage
- Environment variables: VITE_BETA_MODE, BETA_AUTO_SUPPORTER
Environment Configuration Reorganization:
- Moved .env files from root to frontend/ and backend/ directories
- Created .env.{development,production}{,.example} structure
- Updated docker-compose.yml to use env_file for frontend
- All env vars properly namespaced and documented
Privacy Policy Implementation:
- New /privacy route with dedicated PrivacyPage component
- Comprehensive GDPR/RODO compliant privacy policy (privacy.html)
- Updated CookieConsent banner to link to /privacy
- Added Privacy Policy links to all footers (HomePage, PublicFooter)
- Removed privacy section from About Us page
HTML Content System:
- Replaced react-markdown dependency with simple HTML loader
- New HtmlContentPage component for rendering .html files
- Converted about-us.md and how-it-works.md to .html format
- Inline CSS support for full styling control
- Easier content editing without React knowledge
Backend Changes:
- Registration auto-assigns SUPPORTER tier when BETA_AUTO_SUPPORTER=true
- Added accountTier to auth middleware and user routes
- Updated public profile endpoint to include accountTier
Files:
- Added: frontend/.env.{development,production}{,.example}
- Added: backend/.env variables for BETA_AUTO_SUPPORTER
- Added: components/BetaBanner.jsx, TierBadge.jsx, HtmlContentPage.jsx
- Added: pages/PrivacyPage.jsx
- Added: public/content/{about-us,how-it-works,privacy}.html
- Modified: docker-compose.yml (env_file configuration)
- Modified: App.jsx (privacy route, beta banner)
- Modified: auth.js (auto SUPPORTER tier logic)
This commit is contained in:
Radosław Gierwiało
240
frontend/public/content/privacy.html
Normal file
240
frontend/public/content/privacy.html
Normal file
@@ -0,0 +1,240 @@
|
||||
<style>
|
||||
.privacy-wrapper {
|
||||
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
|
||||
line-height: 1.6;
|
||||
color: #333;
|
||||
}
|
||||
|
||||
.privacy-wrapper h1 {
|
||||
font-size: 2.25rem;
|
||||
font-weight: 700;
|
||||
margin-bottom: 1.5rem;
|
||||
color: #1f2937;
|
||||
}
|
||||
|
||||
.privacy-wrapper h2 {
|
||||
font-size: 1.875rem;
|
||||
font-weight: 700;
|
||||
margin-top: 2.5rem;
|
||||
margin-bottom: 1rem;
|
||||
color: #1f2937;
|
||||
border-bottom: 2px solid #e5e7eb;
|
||||
padding-bottom: 0.5rem;
|
||||
}
|
||||
|
||||
.privacy-wrapper h3 {
|
||||
font-size: 1.5rem;
|
||||
font-weight: 600;
|
||||
margin-top: 2rem;
|
||||
margin-bottom: 0.75rem;
|
||||
color: #374151;
|
||||
}
|
||||
|
||||
.privacy-wrapper p {
|
||||
margin-bottom: 1.25rem;
|
||||
color: #4b5563;
|
||||
}
|
||||
|
||||
.privacy-wrapper ul {
|
||||
list-style: disc;
|
||||
margin-left: 1.5rem;
|
||||
margin-bottom: 1.25rem;
|
||||
}
|
||||
|
||||
.privacy-wrapper li {
|
||||
margin-bottom: 0.5rem;
|
||||
color: #4b5563;
|
||||
}
|
||||
|
||||
.privacy-wrapper strong {
|
||||
font-weight: 600;
|
||||
color: #1f2937;
|
||||
}
|
||||
|
||||
.privacy-wrapper a {
|
||||
color: #6366f1;
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
.privacy-wrapper a:hover {
|
||||
color: #4f46e5;
|
||||
}
|
||||
|
||||
.privacy-wrapper hr {
|
||||
margin: 2.5rem 0;
|
||||
border: 0;
|
||||
border-top: 1px solid #e5e7eb;
|
||||
}
|
||||
|
||||
.intro-text {
|
||||
font-size: 1.125rem;
|
||||
color: #1f2937;
|
||||
margin-bottom: 1.5rem;
|
||||
background-color: #f3f4f6;
|
||||
padding: 1rem;
|
||||
border-radius: 0.5rem;
|
||||
border-left: 4px solid #6366f1;
|
||||
}
|
||||
|
||||
.last-updated {
|
||||
color: #6b7280;
|
||||
font-size: 0.875rem;
|
||||
margin-bottom: 2rem;
|
||||
}
|
||||
</style>
|
||||
|
||||
<div class="privacy-wrapper">
|
||||
<h1>Privacy Policy & Cookie Policy</h1>
|
||||
|
||||
<p class="last-updated">Last updated: December 2025</p>
|
||||
|
||||
<p class="intro-text">
|
||||
At <strong>spotlight.cam</strong>, we respect your privacy and are committed to protecting your personal data.
|
||||
This policy explains how we collect, use, and safeguard your information in compliance with GDPR/RODO regulations.
|
||||
</p>
|
||||
|
||||
<h2>Information We Collect</h2>
|
||||
|
||||
<h3>Account Information</h3>
|
||||
<ul>
|
||||
<li><strong>Registration data</strong>: Email address, username, password (encrypted), first and last name</li>
|
||||
<li><strong>Profile information</strong>: Optional profile details, social media links, location (country and city)</li>
|
||||
<li><strong>WSDC integration</strong>: Optional WSDC ID for auto-filling profile data from worldsdc.com</li>
|
||||
</ul>
|
||||
|
||||
<h3>Usage Data</h3>
|
||||
<ul>
|
||||
<li><strong>Activity logs</strong>: Login history, event participation, match requests, and chat activity</li>
|
||||
<li><strong>Technical data</strong>: IP address (for security and rate limiting), browser type, device information</li>
|
||||
<li><strong>Analytics</strong>: Page views, feature usage, and user interactions (via Google Analytics 4, only if cookies accepted)</li>
|
||||
</ul>
|
||||
|
||||
<h3>Communication Data</h3>
|
||||
<ul>
|
||||
<li><strong>Chat messages</strong>: Event chat and private match chat messages (stored securely)</li>
|
||||
<li><strong>Contact form submissions</strong>: Name, email, subject, and message content</li>
|
||||
</ul>
|
||||
|
||||
<h2>Cookies We Use</h2>
|
||||
|
||||
<p>
|
||||
We use cookies and similar technologies to provide you with a better experience. Here's what cookies we use:
|
||||
</p>
|
||||
|
||||
<h3>Essential Cookies (Always Active)</h3>
|
||||
<ul>
|
||||
<li><strong>Authentication cookies</strong>: Keep you logged in securely (JWT tokens)</li>
|
||||
<li><strong>Security cookies</strong>: CSRF protection, session management</li>
|
||||
<li><strong>Preference cookies</strong>: Remember your settings and choices</li>
|
||||
</ul>
|
||||
|
||||
<p><em>These cookies are necessary for the platform to function and cannot be disabled.</em></p>
|
||||
|
||||
<h3>Analytics Cookies (Optional)</h3>
|
||||
<ul>
|
||||
<li><strong>Google Analytics 4</strong>: Helps us understand how users interact with the platform</li>
|
||||
<li><strong>Usage tracking</strong>: Page views, feature usage, user flow analysis</li>
|
||||
</ul>
|
||||
|
||||
<p><em>These cookies are only activated after you accept them via the cookie consent banner.</em></p>
|
||||
|
||||
<h2>How We Use Your Data</h2>
|
||||
|
||||
<p>We use your personal data for the following purposes:</p>
|
||||
|
||||
<ul>
|
||||
<li><strong>Account management</strong>: Create and maintain your user account</li>
|
||||
<li><strong>Service delivery</strong>: Provide matchmaking, chat, WebRTC file transfer, and event participation features</li>
|
||||
<li><strong>Communication</strong>: Send verification emails, password reset links, and service notifications</li>
|
||||
<li><strong>Security</strong>: Prevent fraud, detect abuse, enforce rate limits, and protect user accounts</li>
|
||||
<li><strong>Analytics</strong>: Improve the platform based on usage patterns (only if cookies accepted)</li>
|
||||
<li><strong>Legal compliance</strong>: Maintain activity logs for security audits and comply with legal obligations</li>
|
||||
</ul>
|
||||
|
||||
<h2>Data Sharing & Third Parties</h2>
|
||||
|
||||
<p>We respect your privacy. Here's what we <strong>do</strong> and <strong>don't do</strong> with your data:</p>
|
||||
|
||||
<h3>We DO:</h3>
|
||||
<ul>
|
||||
<li><strong>Use AWS SES</strong> for sending transactional emails (verification, password reset)</li>
|
||||
<li><strong>Use Cloudflare</strong> for CAPTCHA (Turnstile) and WebRTC TURN/STUN servers</li>
|
||||
<li><strong>Use Google Analytics 4</strong> for usage analytics (only if you accept cookies)</li>
|
||||
<li><strong>Integrate with worldsdc.com</strong> to auto-fill profile data (if you provide WSDC ID)</li>
|
||||
</ul>
|
||||
|
||||
<h3>We DON'T:</h3>
|
||||
<ul>
|
||||
<li><strong>Sell your data</strong> to third parties or advertisers</li>
|
||||
<li><strong>Share your personal information</strong> with anyone without your consent (except as required by law)</li>
|
||||
<li><strong>Store your videos</strong> on our servers - WebRTC transfers are peer-to-peer and end-to-end encrypted</li>
|
||||
</ul>
|
||||
|
||||
<h2>Data Security</h2>
|
||||
|
||||
<p>We implement industry-standard security measures to protect your data:</p>
|
||||
|
||||
<ul>
|
||||
<li><strong>Password encryption</strong>: Passwords are hashed using bcrypt (10 salt rounds)</li>
|
||||
<li><strong>JWT authentication</strong>: Secure token-based authentication with httpOnly cookies in production</li>
|
||||
<li><strong>HTTPS encryption</strong>: All data transmitted over secure HTTPS connections</li>
|
||||
<li><strong>Rate limiting</strong>: Protection against brute force attacks and spam</li>
|
||||
<li><strong>Account lockout</strong>: Automatic account protection after failed login attempts</li>
|
||||
<li><strong>WebRTC encryption</strong>: P2P file transfers are end-to-end encrypted (DTLS/SRTP)</li>
|
||||
<li><strong>Database security</strong>: Parameterized queries prevent SQL injection attacks</li>
|
||||
</ul>
|
||||
|
||||
<h2>Your Rights (GDPR/RODO)</h2>
|
||||
|
||||
<p>Under GDPR/RODO, you have the following rights:</p>
|
||||
|
||||
<ul>
|
||||
<li><strong>Right to access</strong>: Request a copy of your personal data</li>
|
||||
<li><strong>Right to rectification</strong>: Correct inaccurate or incomplete data</li>
|
||||
<li><strong>Right to erasure</strong>: Delete your account and all associated data</li>
|
||||
<li><strong>Right to data portability</strong>: Export your data in a machine-readable format</li>
|
||||
<li><strong>Right to object</strong>: Object to certain types of data processing</li>
|
||||
<li><strong>Right to withdraw consent</strong>: Withdraw cookie consent at any time</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
To exercise any of these rights, please <a href="/contact">contact us</a>.
|
||||
</p>
|
||||
|
||||
<h2>Data Retention</h2>
|
||||
|
||||
<ul>
|
||||
<li><strong>Active accounts</strong>: Data retained as long as your account is active</li>
|
||||
<li><strong>Deleted accounts</strong>: Personal data permanently deleted within 30 days of account deletion</li>
|
||||
<li><strong>Activity logs</strong>: Security logs retained for 90 days for audit purposes</li>
|
||||
<li><strong>Chat messages</strong>: Retained as long as the match/event exists or account is active</li>
|
||||
</ul>
|
||||
|
||||
<h2>Children's Privacy</h2>
|
||||
|
||||
<p>
|
||||
Our service is not intended for users under the age of 16. We do not knowingly collect personal data from children.
|
||||
If you believe a child has provided us with personal data, please <a href="/contact">contact us</a> immediately.
|
||||
</p>
|
||||
|
||||
<h2>Changes to This Policy</h2>
|
||||
|
||||
<p>
|
||||
We may update this Privacy Policy from time to time. We will notify users of significant changes via email or
|
||||
prominent notice on the platform. The "Last updated" date at the top of this page shows when the policy was last revised.
|
||||
</p>
|
||||
|
||||
<h2>Contact Us</h2>
|
||||
|
||||
<p>
|
||||
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data,
|
||||
please contact us through our <a href="/contact">contact page</a>.
|
||||
</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<p style="color: #6b7280; font-size: 0.875rem; text-align: center;">
|
||||
<strong>spotlight.cam</strong> - Dance Event Video Exchange Platform<br>
|
||||
Built with privacy and security in mind. 🔒
|
||||
</p>
|
||||
</div>
|
||||
Reference in New Issue
Block a user