Description
Context
When a user asks to delete their data, how should the app handle their records? If they post a Resource, should the Discussions attached to the Resource get deleted as well?
Short answer: the content will not be deleted, but the attributed user will be anonymized.
Some thoughts:
[Linda] the way Slack handles when people email to request account deletion is it changes their username to deactivated or deleted, but the data remains. I think that’s how we currently have it in our Django app too — on_delete=django.db.models.deletion.CASCADE, meaning the data gets reflected to an anonymous/fixtured default user
[Angelo] I wonder if we can look at this from a perspective of if someone submits a resource, it's a collective pool that the whole organization owns?
[From Bethany] Be upfront about expectations:
"Codebuddies is an opensource community, and we consider resources and discussions shared with the community in public to be community assets. Should you decide to exit the community, we will delete your account and all information flagged private"
To Do:
[ ] Research Slack, Reddit, Quora, Stack Overflow etc. for working on policy re: data retention. Also research: California - having just passed a data privacy law might also have resources around this
[ ] Create a codebuddies.org/privacy-policy page
[ ] Share a google doc draft of the privacy policy for review
[ ] Make sure we link to the privacy policy from the home page