I’m looking for a complete list of what personal data Discourse collects, for example first name, last name, email, user principle name, location, etc. Also, I need to know firstly who can view and secondly who can edit this information. I’m trying to onboard Discourse in my organization.
I don’t think there is a definitive list anywhere. Maybe there should be one.
The problem with listing what personal data Discourse collects is that this is largely dependant on a site’s configuration. Discourse requires the following information to create an account:
- email address
When a user creates an account Discourse also stores their registration IP address. Each time a user logs into the site, Discourse will save their last used IP address.
So the three pieces of identifying data that Discourse must collect are the user’s email address, registration IP address, and last used IP address.
Discourse displays a Full Name field on the registration form, but by default Full Name is not a required field on the form. It can be made a required field by enabling the
full name required site setting.
Discourse allows users to enter information on their profile page. The fields that are available by default are About me (a bio), Timezone, Location, and Web Site. Users are not required to enter this information.
Sites are able to add additional optional or required fields to the signup form and profile page. It would be possible to add a required field that collected personal information.
All users on the site can view usernames. Site staff can edit usernames on behalf of a user.
Site staff (admins and moderators) can view a user’s registration IP address and last used IP address from the user’s admin page. IP addresses cannot be edited.
By default, only admins can view user’s email addresses. Moderators can be allowed to view email addresses if the
moderators view emails site setting is enabled. That setting is disabled by default.
Site staff that have permission to view emails can trigger an email change from a user’s preferences page. If they do this, a confirmation email will be sent to the user who had their email address changed. The change will not take effect until the user clicks the confirmation link in that email.
Full names can be completely hidden from everyone on the site including admins and moderators by disabling the
enable names site setting. It is enabled by default.
Interestingly, admins and moderators can edit a user’s full name from the user’s admin page, even if they don’t have permission to view the full name. This feels like an oversight.
Somewhat related, users can hide their profile page from regular site users by selecting the “Hide my public profile and presence features” option from their preferences page. This hides their profile page from regular users. It also removes any identifying details from their usercard.
One last thing to keep in mind is that anyone who has access to the site’s Rails console or database can view any identifying details that are saved to the data base.
I think that covers everything, but please respond to this if there are details that you still have questions about.
Discourse also stores (top of my head, not complete)
- IP addresses for anonymous visits.
- email headers for incoming emails including IP addresses and email agents
- the browser that was used
- profiles that have been viewed
- posts that have been read
- incoming and outgoing links that were clicked
- search queries
- everything entered as part of one’s profile like avatar, location, bio
Yes there should. Because I’m from an EU country.
I don’t believe there is any more personal data collected automatically besides registration e-mail, IP, and statistics about reading/posting.
However if any personal information is published in a bio or in forum posts moderators can edit that out, and hide revision history so the public can’t still see that in edit history which otherwise is still viewable to the public.
- Are not a 100% private Admin can view, Moderators can view PM with a site setting change.
Discourse has a plugin that enables peer 2 peer encryption. - If going with a paid hosting look to see if plugin is included. Self-Hosted cinsider installing:
theme-component to Consider
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.