I’m looking for a complete list of what personal data Discourse collects, for example first name, last name, email, user principle name, location, etc. Also, I need to know firstly who can view and secondly who can edit this information. I’m trying to onboard Discourse in my organization.
I don’t think there is a definitive list anywhere. Maybe there should be one.
The problem with listing what personal data Discourse collects is that this is largely dependant on a site’s configuration. Discourse requires the following information to create an account:
- email address
- username
When a user creates an account Discourse also stores their registration IP address. Each time a user logs into the site, Discourse will save their last used IP address.
So the three pieces of identifying data that Discourse must collect are the user’s email address, registration IP address, and last used IP address.
Discourse displays a Full Name field on the registration form, but by default Full Name is not a required field on the form. It can be made a required field by enabling the full name required
site setting.
Discourse allows users to enter information on their profile page. The fields that are available by default are About me (a bio), Timezone, Location, and Web Site. Users are not required to enter this information.
Sites are able to add additional optional or required fields to the signup form and profile page. It would be possible to add a required field that collected personal information.
All users on the site can view usernames. Site staff can edit usernames on behalf of a user.
Site staff (admins and moderators) can view a user’s registration IP address and last used IP address from the user’s admin page. IP addresses cannot be edited.
By default, only admins can view user’s email addresses. Moderators can be allowed to view email addresses if the moderators view emails
site setting is enabled. That setting is disabled by default.
Site staff that have permission to view emails can trigger an email change from a user’s preferences page. If they do this, a confirmation email will be sent to the user who had their email address changed. The change will not take effect until the user clicks the confirmation link in that email.
Full names can be completely hidden from everyone on the site including admins and moderators by disabling the enable names
site setting. It is enabled by default.
Interestingly, admins and moderators can edit a user’s full name from the user’s admin page, even if they don’t have permission to view the full name. This feels like an oversight.
Somewhat related, users can hide their profile page from regular site users by selecting the “Hide my public profile and presence features” option from their preferences page. This hides their profile page from regular users. It also removes any identifying details from their usercard.
One last thing to keep in mind is that anyone who has access to the site’s Rails console or database can view any identifying details that are saved to the data base.
I think that covers everything, but please respond to this if there are details that you still have questions about.
Discourse also stores (top of my head, not complete)
- IP addresses for anonymous visits.
- email headers for incoming emails including IP addresses and email agents
- the browser that was used
- profiles that have been viewed
- posts that have been read
- incoming and outgoing links that were clicked
- search queries
- everything entered as part of one’s profile like avatar, location, bio
If you have a new discourse install the privacy policy is a staff-only topic that only an administrator can edit, to post specifically what data your site collects and how that is managed. If you need for this to be in compliance with gdpr they say best to consult with lawyers for making sure everything is correct. The public can read what is posted for that by going first to the drop down menu to the “about” and “frequently asked questions” pages which can also be edited by administrators. Here at Meta they have this link go to a different page with their policies:
Yes there should. Because I’m from an EU country.
I don’t believe there is any more personal data collected automatically besides registration e-mail, IP, and statistics about reading/posting.
However if any personal information is published in a bio or in forum posts moderators can edit that out, and hide revision history so the public can’t still see that in edit history which otherwise is still viewable to the public.
Some plugin & theme-component that maybe of interest.
Personal Messages
- Are not a 100% private Admin can view, Moderators can view PM with a site setting change.
Discourse has a plugin that enables peer 2 peer encryption. - If going with a paid hosting look to see if plugin is included. Self-Hosted cinsider installing:
theme-component to Consider
The cookie consent Banner might not be enough for GDPR. You would need to check with local laws. @Jagster might have sine info on this and/or suggestions for theme-component & plugin to consider.
Thank you very much, @simon, @RGJ , @anon65426961 , @Jagster , and @Heliosurge ! This is really helpful.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.