radziel/spotlightcam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c9dc712f651cf15893ebc297521e2d4b1ea34aae
spotlightcam/frontend/public/content/privacy.html
Radosław Gierwiało e2b10387c2 feat(beta): add beta testing features and privacy policy page 
Implemented comprehensive beta testing system with tier badges and
reorganized environment configuration for better maintainability.

Beta Testing Features:
- Beta banner component with dismissible state (localStorage)
- Auto-assign SUPPORTER tier to new registrations (env controlled)
- TierBadge component with SUPPORTER/COMFORT tier display
- Badge shown in Navbar, ProfilePage, and PublicProfilePage
- Environment variables: VITE_BETA_MODE, BETA_AUTO_SUPPORTER

Environment Configuration Reorganization:
- Moved .env files from root to frontend/ and backend/ directories
- Created .env.{development,production}{,.example} structure
- Updated docker-compose.yml to use env_file for frontend
- All env vars properly namespaced and documented

Privacy Policy Implementation:
- New /privacy route with dedicated PrivacyPage component
- Comprehensive GDPR/RODO compliant privacy policy (privacy.html)
- Updated CookieConsent banner to link to /privacy
- Added Privacy Policy links to all footers (HomePage, PublicFooter)
- Removed privacy section from About Us page

HTML Content System:
- Replaced react-markdown dependency with simple HTML loader
- New HtmlContentPage component for rendering .html files
- Converted about-us.md and how-it-works.md to .html format
- Inline CSS support for full styling control
- Easier content editing without React knowledge

Backend Changes:
- Registration auto-assigns SUPPORTER tier when BETA_AUTO_SUPPORTER=true
- Added accountTier to auth middleware and user routes
- Updated public profile endpoint to include accountTier

Files:
- Added: frontend/.env.{development,production}{,.example}
- Added: backend/.env variables for BETA_AUTO_SUPPORTER
- Added: components/BetaBanner.jsx, TierBadge.jsx, HtmlContentPage.jsx
- Added: pages/PrivacyPage.jsx
- Added: public/content/{about-us,how-it-works,privacy}.html
- Modified: docker-compose.yml (env_file configuration)
- Modified: App.jsx (privacy route, beta banner)
- Modified: auth.js (auto SUPPORTER tier logic)
2025-12-06 11:50:28 +01:00

241 lines
8.6 KiB
HTML
Raw Blame History

<style>
.privacy-wrapper {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
line-height: 1.6;
color: #333;
}
.privacy-wrapper h1 {
font-size: 2.25rem;
font-weight: 700;
margin-bottom: 1.5rem;
color: #1f2937;
}
.privacy-wrapper h2 {
font-size: 1.875rem;
font-weight: 700;
margin-top: 2.5rem;
margin-bottom: 1rem;
color: #1f2937;
border-bottom: 2px solid #e5e7eb;
padding-bottom: 0.5rem;
}
.privacy-wrapper h3 {
font-size: 1.5rem;
font-weight: 600;
margin-top: 2rem;
margin-bottom: 0.75rem;
color: #374151;
}
.privacy-wrapper p {
margin-bottom: 1.25rem;
color: #4b5563;
}
.privacy-wrapper ul {
list-style: disc;
margin-left: 1.5rem;
margin-bottom: 1.25rem;
}
.privacy-wrapper li {
margin-bottom: 0.5rem;
color: #4b5563;
}
.privacy-wrapper strong {
font-weight: 600;
color: #1f2937;
}
.privacy-wrapper a {
color: #6366f1;
text-decoration: underline;
}
.privacy-wrapper a:hover {
color: #4f46e5;
}
.privacy-wrapper hr {
margin: 2.5rem 0;
border: 0;
border-top: 1px solid #e5e7eb;
}
.intro-text {
font-size: 1.125rem;
color: #1f2937;
margin-bottom: 1.5rem;
background-color: #f3f4f6;
padding: 1rem;
border-radius: 0.5rem;
border-left: 4px solid #6366f1;
}
.last-updated {
color: #6b7280;
font-size: 0.875rem;
margin-bottom: 2rem;
}
</style>
<div class="privacy-wrapper">
<h1>Privacy Policy & Cookie Policy</h1>
<p class="last-updated">Last updated: December 2025</p>
<p class="intro-text">
At <strong>spotlight.cam</strong>, we respect your privacy and are committed to protecting your personal data.
This policy explains how we collect, use, and safeguard your information in compliance with GDPR/RODO regulations.
</p>
<h2>Information We Collect</h2>
<h3>Account Information</h3>
<ul>
<li><strong>Registration data</strong>: Email address, username, password (encrypted), first and last name</li>
<li><strong>Profile information</strong>: Optional profile details, social media links, location (country and city)</li>
<li><strong>WSDC integration</strong>: Optional WSDC ID for auto-filling profile data from worldsdc.com</li>
</ul>
<h3>Usage Data</h3>
<ul>
<li><strong>Activity logs</strong>: Login history, event participation, match requests, and chat activity</li>
<li><strong>Technical data</strong>: IP address (for security and rate limiting), browser type, device information</li>
<li><strong>Analytics</strong>: Page views, feature usage, and user interactions (via Google Analytics 4, only if cookies accepted)</li>
</ul>
<h3>Communication Data</h3>
<ul>
<li><strong>Chat messages</strong>: Event chat and private match chat messages (stored securely)</li>
<li><strong>Contact form submissions</strong>: Name, email, subject, and message content</li>
</ul>
<h2>Cookies We Use</h2>
<p>
We use cookies and similar technologies to provide you with a better experience. Here's what cookies we use:
</p>
<h3>Essential Cookies (Always Active)</h3>
<ul>
<li><strong>Authentication cookies</strong>: Keep you logged in securely (JWT tokens)</li>
<li><strong>Security cookies</strong>: CSRF protection, session management</li>
<li><strong>Preference cookies</strong>: Remember your settings and choices</li>
</ul>
<p><em>These cookies are necessary for the platform to function and cannot be disabled.</em></p>
<h3>Analytics Cookies (Optional)</h3>
<ul>
<li><strong>Google Analytics 4</strong>: Helps us understand how users interact with the platform</li>
<li><strong>Usage tracking</strong>: Page views, feature usage, user flow analysis</li>
</ul>
<p><em>These cookies are only activated after you accept them via the cookie consent banner.</em></p>
<h2>How We Use Your Data</h2>
<p>We use your personal data for the following purposes:</p>
<ul>
<li><strong>Account management</strong>: Create and maintain your user account</li>
<li><strong>Service delivery</strong>: Provide matchmaking, chat, WebRTC file transfer, and event participation features</li>
<li><strong>Communication</strong>: Send verification emails, password reset links, and service notifications</li>
<li><strong>Security</strong>: Prevent fraud, detect abuse, enforce rate limits, and protect user accounts</li>
<li><strong>Analytics</strong>: Improve the platform based on usage patterns (only if cookies accepted)</li>
<li><strong>Legal compliance</strong>: Maintain activity logs for security audits and comply with legal obligations</li>
</ul>
<h2>Data Sharing & Third Parties</h2>
<p>We respect your privacy. Here's what we <strong>do</strong> and <strong>don't do</strong> with your data:</p>
<h3>We DO:</h3>
<ul>
<li><strong>Use AWS SES</strong> for sending transactional emails (verification, password reset)</li>
<li><strong>Use Cloudflare</strong> for CAPTCHA (Turnstile) and WebRTC TURN/STUN servers</li>
<li><strong>Use Google Analytics 4</strong> for usage analytics (only if you accept cookies)</li>
<li><strong>Integrate with worldsdc.com</strong> to auto-fill profile data (if you provide WSDC ID)</li>
</ul>
<h3>We DON'T:</h3>
<ul>
<li><strong>Sell your data</strong> to third parties or advertisers</li>
<li><strong>Share your personal information</strong> with anyone without your consent (except as required by law)</li>
<li><strong>Store your videos</strong> on our servers - WebRTC transfers are peer-to-peer and end-to-end encrypted</li>
</ul>
<h2>Data Security</h2>
<p>We implement industry-standard security measures to protect your data:</p>
<ul>
<li><strong>Password encryption</strong>: Passwords are hashed using bcrypt (10 salt rounds)</li>
<li><strong>JWT authentication</strong>: Secure token-based authentication with httpOnly cookies in production</li>
<li><strong>HTTPS encryption</strong>: All data transmitted over secure HTTPS connections</li>
<li><strong>Rate limiting</strong>: Protection against brute force attacks and spam</li>
<li><strong>Account lockout</strong>: Automatic account protection after failed login attempts</li>
<li><strong>WebRTC encryption</strong>: P2P file transfers are end-to-end encrypted (DTLS/SRTP)</li>
<li><strong>Database security</strong>: Parameterized queries prevent SQL injection attacks</li>
</ul>
<h2>Your Rights (GDPR/RODO)</h2>
<p>Under GDPR/RODO, you have the following rights:</p>
<ul>
<li><strong>Right to access</strong>: Request a copy of your personal data</li>
<li><strong>Right to rectification</strong>: Correct inaccurate or incomplete data</li>
<li><strong>Right to erasure</strong>: Delete your account and all associated data</li>
<li><strong>Right to data portability</strong>: Export your data in a machine-readable format</li>
<li><strong>Right to object</strong>: Object to certain types of data processing</li>
<li><strong>Right to withdraw consent</strong>: Withdraw cookie consent at any time</li>
</ul>
<p>
To exercise any of these rights, please <a href="/contact">contact us</a>.
</p>
<h2>Data Retention</h2>
<ul>
<li><strong>Active accounts</strong>: Data retained as long as your account is active</li>
<li><strong>Deleted accounts</strong>: Personal data permanently deleted within 30 days of account deletion</li>
<li><strong>Activity logs</strong>: Security logs retained for 90 days for audit purposes</li>
<li><strong>Chat messages</strong>: Retained as long as the match/event exists or account is active</li>
</ul>
<h2>Children's Privacy</h2>
<p>
Our service is not intended for users under the age of 16. We do not knowingly collect personal data from children.
If you believe a child has provided us with personal data, please <a href="/contact">contact us</a> immediately.
</p>
<h2>Changes to This Policy</h2>
<p>
We may update this Privacy Policy from time to time. We will notify users of significant changes via email or
prominent notice on the platform. The "Last updated" date at the top of this page shows when the policy was last revised.
</p>
<h2>Contact Us</h2>
<p>
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data,
please contact us through our <a href="/contact">contact page</a>.
</p>
<hr>
<p style="color: #6b7280; font-size: 0.875rem; text-align: center;">
<strong>spotlight.cam</strong> - Dance Event Video Exchange Platform<br>
Built with privacy and security in mind. 🔒
</p>
</div>
Reference in New Issue View Git Blame Copy Permalink