adherence to NAR guidelines

[ChristopherMancuso]

NAR has guidelines for submission at Web Server Issue Guidelines. Some main takeaways from this

1. provide a cookie consent
2. cannot use any tracking cookies. Does that mean we can't get any usage metrics? Does GCP function do this automatically?
3. need to make help/tutorial pages
4. landing page must have a free access statement or a license
5. Can't be a new method, so that means we need to include BioGRID and IMO and only stick to the 6 model species (currently what we are doing but this precludes us to expanding before publication I believe)
6. Can't use Flash and/or Java plugins due to security risks (not sure if we do this or not)

[vincerubinetti]

For 1), let's reference text from mygeneset.info and monarch.org.

For 2), we don't use any cookies, but we do use localStorage for remembering recent analysis inputs, as added in #38 in 20a0e2b. For GDPR, I think this is still a legal gray area. For a journal submission, I think using localStorage (without sending it to our own servers to record it) is well within the actual spirit/intent of the rule, which is to not track your user's data without their consent. However, if you go to our Google Cloud console, you'll see logs of request for the past X number of days. I don't remember if those include IP addresses, but it will show the input genes the function was called with. So we might want a disclosure somewhere. We haven't added Google Analytics yet, but if we do that, that definitely requires disclosure.

For 3) and 4), that sounds like a good opportunity to put something on the home page.

For 6), definitely not.

[ChristopherMancuso]

For 1) we also have some things on the live version of the web server too. I will need to go and check all the data source pages (i.e. STRING, Monarch, BioGRID) to make sure there licenses haven't changed either for us to reuse their data.

[vincerubinetti]

I was thinking of putting something like this at the top of the About page under a "Terms of Service" section:

For the user's convenience, this web application saves certain information locally (via localStorage, not cookies), such as recent analysis inputs. This data only exists locally on the user's device, and is not sent to the developers of GenePlexus or any other party.

This web application also tracks user behavior, such as navigation and clicks, using Google Analytics. These analytics services take significant steps to remove identifying information from the data they collect to ensure anonymity.

The developers of GenePlexus pledge to use any information collected solely for the purposes of improving GenePlexus, and to never disclose any private, identifying information. By using this web application, you consent to these terms.