Data retention policy implementation

gdpr
privacy

(Richard - DiscourseHosting.com) #1

One of our users asked us about the data retention policy that comes with Discourse (https://meta.discourse.org/privacy)

What is your data retention policy?

We will make a good faith effort to:
•Retain server logs containing the IP address of all requests to this server no more than 90 days.
•Retain the IP addresses associated with registered users and their posts no more than 5 years.

I was curious if the latter is actually implemented, and if so, where.
Not a big deal if it’s not, since it won’t matter before 2018 but still :slightly_smiling:


(Florian) #2

Now that it’s 2018, are there any news on that? :slight_smile:


#3

Can anyone confirm whether that second point is accurate? I’m currently trying to update our privacy policy for GDPR purposes so I guess we might need to amend that section.


(Kane York) #4

That clause is not currently supported by code, no.


#5

Thanks. Will add this to my todo list of changes to make to our documentation.

What would be a reasonable timeframe for retention under the law?


(Ionuț Staicu) #6

Maybe the retention timeframe should be configurable (either on discourse admin, either by yaml config)?