fix(pitch-deck): GDPR compliance — automated cleanup, full Art. 13 notice
Build pitch-deck / build-push-deploy (push) Successful in 1m37s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 38s
CI / test-python-voice (push) Successful in 32s
CI / test-bqas (push) Successful in 30s
Build pitch-deck / build-push-deploy (push) Successful in 1m37s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 38s
CI / test-python-voice (push) Successful in 32s
CI / test-bqas (push) Successful in 30s
- runDataCleanup() replaces maskOverdueInvestors(): now also anonymizes never-activated invites after 90 days, deletes sessions + magic links older than 30 days, NULLs IPs in audit logs older than 30 days, and redacts email from audit log details JSONB for masked investors - New /api/admin/cleanup POST endpoint for scheduled invocation - New .gitea/workflows/pitch-cleanup.yml: daily cron at 02:00 UTC calls the cleanup endpoint so anonymization is genuinely automatic, not lazy - Switch masking window from first_activity_at to last_login_at (30 days of inactivity; resets on each login) - Both auth pages: DSGVO footer now covers all Art. 13 requirements — data categories, retention cutoffs, Art. 15–21 rights, contact address, LfDI Baden-Württemberg as supervisory authority Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
@@ -198,15 +198,15 @@ export default function InvestorDetailPage() {
|
||||
</div>
|
||||
{inv.data_masked_at ? (
|
||||
<div className="text-xs text-zinc-500 mt-1">
|
||||
Data anonymized on {new Date(inv.data_masked_at).toLocaleString()} · 72h window elapsed after first activity
|
||||
Data anonymized on {new Date(inv.data_masked_at).toLocaleString()} · 30-day inactivity window elapsed
|
||||
</div>
|
||||
) : (
|
||||
<>
|
||||
<div className="text-sm text-white/60">{inv.company || '—'}</div>
|
||||
<div className="text-xs text-white/40 mt-1">{inv.email}</div>
|
||||
{inv.first_activity_at && (
|
||||
{inv.last_login_at && (
|
||||
<div className="text-xs text-amber-400/70 mt-1">
|
||||
⏱ Data window: 72h from first login · expires {new Date(new Date(inv.first_activity_at).getTime() + 72 * 60 * 60 * 1000).toLocaleString()}
|
||||
⏱ Data window: 30 days after last login · auto-anonymizes {new Date(new Date(inv.last_login_at).getTime() + 30 * 24 * 60 * 60 * 1000).toLocaleString()}
|
||||
</div>
|
||||
)}
|
||||
</>
|
||||
|
||||
Reference in New Issue
Block a user