Data Handling and Privacy
This document outlines our policies for handling data, particularly Personally Identifiable Information (PII), to ensure we protect our users’ privacy and comply with relevant regulations like GDPR and CCPA.
Guiding Principles
- Data Minimization: We only collect and store the data that is absolutely necessary for the functioning of our application.
- Privacy by Design: We build our applications with privacy as a core consideration from the very beginning, not as an afterthought.
- Transparency: We are open and clear with users about what data we collect and how we use it. This is documented in our Privacy Policy.
- Security: We treat all user data as sensitive and protect it with appropriate security measures.
Data Classification
We classify data into the following categories:
- Public Data: Data that is intended to be publicly accessible (e.g., blog posts, company marketing information).
- Internal Data: Data that is for internal company use only (e.g., project plans, internal documentation).
- Confidential Data: Sensitive data that is not intended for public disclosure. This includes most user data.
- Restricted Data (PII): Personally Identifiable Information that can be used to identify an individual. This type of data is subject to the strictest controls.
Examples of Personally Identifiable Information (PII):
- Name
- Email address
- Physical address
- Phone number
- IP address
- Any combination of data that could be used to identify a person.
Rules for Handling PII
-
Do Not Log PII:
- Never log sensitive user data like passwords, API keys, or full credit card numbers.
- Be careful about logging entire user objects or request bodies, as they may contain PII. Cherry-pick the specific, non-sensitive fields you need for debugging.
-
Encryption:
- In Transit: All data must be encrypted in transit using TLS 1.2 or higher. Our Cloudflare configuration enforces this.
- At Rest: Sensitive data stored in our databases (e.g., Cloudflare D1) or storage (R2) should be encrypted at rest. The underlying Cloudflare services generally provide this automatically. Passwords must always be hashed using a strong, salted hashing algorithm (e.g., bcrypt).
-
Access Control:
- Access to systems containing PII must be strictly limited based on the principle of least privilege.
- Only authorized personnel who need access to perform their job duties should be able to view or manage PII.
-
Data Retention:
- We will not store PII for longer than is necessary for the purpose for which it was collected.
- We will establish clear data retention policies and automated processes for deleting old data.
-
Local Development:
- Do not use production data in your local development environment.
- Use mock data, synthetic data, or an anonymized version of the production data.
- If you must temporarily use a piece of production data for debugging a specific issue, it must be handled with extreme care and deleted from your local machine immediately after the issue is resolved.
User Rights (GDPR/CCPA)
- Right to Access: Users have the right to request a copy of the data we hold about them.
- Right to Rectification: Users have the right to have inaccurate data corrected.
- Right to Erasure (Right to be Forgotten): Users have the right to request that we delete their data.
We must have processes and tools in place to fulfill these user requests in a timely manner.
By adhering to these data handling policies, we build trust with our users and protect our company from legal and reputational risk.