soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Update legal privacy disclosures and dates
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (push) Has been cancelled
Details
tests / ui (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Codex Agent
2026-01-04 11:17:04 +01:00
parent 103c8d4dfd
commit fae5ec26fb
7 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.beads/issues.jsonl
View File

@@ -61,7 +61,7 @@
{"id":"fotospiel-app-gsv","title":"Localized SEO: validate hreflang via Search Console/Lighthouse","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-01T16:02:36.4821072+01:00","created_by":"soeren","updated_at":"2026-01-01T16:02:36.4821072+01:00"}
{"id":"fotospiel-app-hbt","title":"Moderation queue for guest content","description":"Queue for flagged guest content (photos, feedback). Bulk actions to hide/delete/resolve with audit.","notes":"Land the plane: tests run (FilamentPanelNavigationTest, PhotoModerationQueueTest, TenantFeedbackModerationQueueTest, TenantLifecycle*), migrations added for photo + feedback moderation, no follow-up blockers.","status":"closed","priority":1,"issue_type":"feature","created_at":"2026-01-01T14:18:37.777772819+01:00","updated_at":"2026-01-02T17:33:22.599440896+01:00","closed_at":"2026-01-02T17:33:22.599440896+01:00","close_reason":"Closed"}
{"id":"fotospiel-app-ihd","title":"Superadmin control surface spec and access matrix","description":"Define the minimal superadmin control surface, permissions, and mapping to tenant/guest responsibilities. Document scope and non-goals.","notes":"Added superadmin control surface + access matrix to docs/ops/operations-manual.md (Section 1.1), including non-goals and role scope.","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-01T14:18:10.789147344+01:00","updated_at":"2026-01-02T17:33:57.71777777+01:00","closed_at":"2026-01-02T17:33:57.71777777+01:00","close_reason":"Closed"}
{"id":"fotospiel-app-iqd","title":"Legal: disclose checkout/coupon fraud IP/device signals","description":"Update Legal Pages (privacy policy) to disclose IP/device capture for coupon fraud signals and retention window.","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-02T23:33:44.532864199+01:00","created_by":"soeren","updated_at":"2026-01-02T23:33:44.532864199+01:00"}
{"id":"fotospiel-app-iqd","title":"Legal: disclose checkout/coupon fraud IP/device signals","description":"Update Legal Pages (privacy policy) to disclose IP/device capture for coupon fraud signals and retention window.","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-02T23:33:44.532864199+01:00","created_by":"soeren","updated_at":"2026-01-04T11:15:55.947463643+01:00","closed_at":"2026-01-04T11:15:55.947463643+01:00","close_reason":"Closed"}
{"id":"fotospiel-app-iyc","title":"Superadmin audit log for admin actions","description":"Audit trail for superadmin actions without PII payloads.","status":"closed","priority":2,"issue_type":"feature","created_at":"2026-01-01T14:20:19.043695952+01:00","updated_at":"2026-01-02T11:57:23.328889123+01:00","closed_at":"2026-01-02T11:57:23.328889123+01:00","close_reason":"Closed"}
{"id":"fotospiel-app-iyh","title":"Security review follow-ups: signed URL TTLs, guest asset throttles, CORS allowlist, logging hygiene","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-01T16:05:42.642109576+01:00","created_by":"soeren","updated_at":"2026-01-01T16:05:42.642109576+01:00"}
{"id":"fotospiel-app-jk4","title":"Checkout refactor: CheckoutController + marketing route alignment","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-01T16:06:21.088319132+01:00","created_by":"soeren","updated_at":"2026-01-01T16:06:26.663419594+01:00","closed_at":"2026-01-01T16:06:26.663419594+01:00","close_reason":"Completed in codebase (verified)"}

2
docs/content/legal/agb-de.md
View File

@@ -1,6 +1,6 @@
# Allgemeine Geschäftsbedingungen (AGB) für „Die Fotospiel App“
**Stand:** Oktober 2025
**Stand:** Januar 2026
**Anbieter:**
Sören Eberhardt-Biermann

2
docs/content/legal/agb-en.md
View File

@@ -1,6 +1,6 @@
# Terms and Conditions (T&C) for "The Fotospiel App"
**Last updated:** October 2025
**Last updated:** January 2026
**Provider:**
Sören Eberhardt-Biermann

6
docs/content/legal/datenschutz-de.md
View File

@@ -1,5 +1,5 @@
# Datenschutzerklärung
**Stand:** Oktober 2025
**Stand:** Januar 2026
## 1. Verantwortlicher
Verantwortlich für die Datenverarbeitung im Sinne der Datenschutz-Grundverordnung (DSGVO):
@@ -23,7 +23,7 @@ Die Nutzung der Fotospiel App ist grundsätzlich nur mit den personenbezogenen D
## 3. Arten der verarbeiteten Daten
- Veranstalterdaten: Name, E-Mail-Adresse, Zahlungsinformationen (über Paddle), Eventdaten (Titel, Datum, Aufgaben, Bilder)
- Nutzerdaten (Gäste): hochgeladene Fotos, Anzeigename (frei wählbar), Reaktionen/Likes
- Technische Daten: IP-Adresse, Browsertyp, Zeitstempel, Geräteinformationen, anonyme Sitzungskennung (session_id)
- Technische Daten: IP-Adresse, Browsertyp, Zeitstempel, Geräteinformationen, anonyme Sitzungskennung (session_id) sowie Checkout-/Coupon-Missbrauchssignale (z. B. Geräte-/Browsermerkmale, Coupon-/Transaktionsmetadaten)
- Kommunikationsdaten: Inhalte von Kontaktanfragen über das Formular oder per E-Mail
---
@@ -34,6 +34,7 @@ Die Nutzung der Fotospiel App ist grundsätzlich nur mit den personenbezogenen D
| Bereitstellung der App und Durchführung von Veranstaltungen | Art. 6 Abs. 1 lit. b DSGVO | Nutzung der App durch Veranstalter und Gäste |
| Speicherung und Anzeige von Fotos innerhalb des Events | Art. 6 Abs. 1 lit. b DSGVO | Durchführung der Fotospiel-Funktionalität |
| Abrechnung und Zahlungsabwicklung | Art. 6 Abs. 1 lit. b, lit. c DSGVO | Nutzung der Dienste von Paddle |
| Betrugs- und Missbrauchsprävention (Checkout/Coupons) | Art. 6 Abs. 1 lit. f DSGVO | Schutz vor Betrug, Missbrauch und unzulässigen Coupon-Einlösungen |
| Webanalyse über Matomo (selbst gehostet) | Art. 6 Abs. 1 lit. f DSGVO | Statistische Auswertung zur Verbesserung der App |
| Sicherheit, Server-Logs | Art. 6 Abs. 1 lit. f DSGVO | Sicherstellung des Betriebs, Fehleranalyse |
| Beantwortung von Kontaktanfragen | Art. 6 Abs. 1 lit. f oder lit. b DSGVO | Kommunikation mit Nutzern und Interessenten |
@@ -51,6 +52,7 @@ Die Verarbeitung erfolgt ausschließlich innerhalb der EU.
Die Zahlungsabwicklung erfolgt über **Paddle.com Market Ltd.**
Bei der Zahlung werden personenbezogene Daten an diesen Dienstleister übermittelt.
Wir speichern keine Zahlungs- oder Kreditkartendaten.
Im Rahmen von Checkout und Coupon-Einlösung verarbeiten wir technische Signale (z. B. IP-Adresse, Geräte-/Browsermerkmale, Zeitstempel) zur Betrugs- und Missbrauchsprävention. Diese Daten können an Paddle übermittelt werden.
Rechtsgrundlage: Art. 6 Abs. 1 lit. b und lit. c DSGVO.
Datenschutzhinweise der Anbieter:

6
docs/content/legal/datenschutz-en.md
View File

@@ -1,5 +1,5 @@
# Privacy Policy
**Last updated:** October 2025
**Last updated:** January 2026
## 1. Data Controller
Responsible under the General Data Protection Regulation (GDPR):
@@ -23,7 +23,7 @@ Use of the Fotospiel App requires only the personal data necessary to host and p
## 3. Types of Data Processed
- Organizer data: name, email address, payment information (via Paddle), event details (title, date, photo tasks, photos)
- Guest data: uploaded photos, display name (optional), likes/reactions
- Technical data: IP address, browser type, timestamp, device information, anonymous session identifier (session_id)
- Technical data: IP address, browser type, timestamp, device information, anonymous session identifier (session_id), and checkout/coupon abuse signals (e.g., device/browser characteristics, coupon/transaction metadata)
- Communication data: messages sent via contact form or email
---
@@ -34,6 +34,7 @@ Use of the Fotospiel App requires only the personal data necessary to host and p
| Providing the app and hosting events | Art. 6(1)(b) GDPR | Contract performance |
| Storing and displaying photos | Art. 6(1)(b) GDPR | Core feature of the app |
| Payment processing and invoicing | Art. 6(1)(b), (c) GDPR | Use of Paddle services |
| Fraud and abuse prevention (checkout/coupons) | Art. 6(1)(f) GDPR | Protecting against fraud, abuse, and improper coupon redemptions |
| Web analytics via Matomo | Art. 6(1)(f) GDPR | Statistical analysis to improve the app |
| Server logs and security | Art. 6(1)(f) GDPR | Ensuring system security |
| Responding to inquiries | Art. 6(1)(f) or (b) GDPR | Communication with users |
@@ -50,6 +51,7 @@ All processing takes place within the EU.
## 6. Payment Processing
Payments are handled by **Paddle.com Market Ltd.**
We do not store payment or credit card data.
During checkout and coupon redemption, we process technical signals (e.g., IP address, device/browser characteristics, timestamps) for fraud and abuse prevention. This data may be shared with Paddle.
Legal basis: Art. 6(1)(b) and (c) GDPR.
Privacy policies:

2
docs/content/legal/widerrufsbelehrung-de.md
View File

@@ -1,6 +1,6 @@
# Widerrufsbelehrung für „Die Fotospiel App“
**Stand:** Oktober 2025
**Stand:** Januar 2026
---

2
docs/content/legal/widerrufsbelehrung-en.md
View File

@@ -1,6 +1,6 @@
# Right of Withdrawal for “The Fotospiel App”
**Last updated:** October 2025
**Last updated:** January 2026
---