GDPR u l-Protezzjoni tad-Data
Privatezza mid-Disinn
qr3.app huwa mibni biex ikun konformi mal-GDPR mill-qiegħ nett:
- Anonimizzazzjoni tal-IP — L-indirizzi IP jiġu kkonvertiti immedjatament f’hashes SHA-256 (b’salt li jdur kuljum) fl-Edge Worker. L-IP oriġinali qatt ma jilħaq id-database.
- Politiki ta’ Żamma (Retention Policies) — Id-data tal-iskannjar titħassar awtomatikament wara perjodu li jiddependi mill-pjan (Free: 7 ijiem, Pro: 90 jum, Business: sena).
- Minimizzazzjoni tad-Data — Tinġabar biss id-data meħtieġa għall-operat.
Privacy-API
Sommarju tad-Data (Art. 15 GDPR)
GET /v1/account/privacy — Jirritorna sommarju tad-data kollha maħżuna.
curl https://qr3.app/v1/account/privacy \ -H "Authorization: Bearer qr3_sk_..."Response:
{ "data": { "workspace_id": "ws_xxx", "stored_data": { "qr_codes": { "count": 42, "oldest_at": "2026-03-01T..." }, "scan_records": { "count": 15000, "oldest_at": "2026-03-01T..." }, "api_keys": { "count": 2 }, "webhooks": { "count": 1 } }, "your_rights": { "access": "GET /v1/account/export", "erasure": "DELETE /v1/account", }, "data_processing": { "legal_basis": "Contract performance (Art. 6(1)(b) GDPR)", "sub_processors": [ { "name": "Cloudflare, Inc.", "purpose": "CDN, edge computing, database" } ] } }}Esportazzjoni tad-Data (Art. 20 GDPR — Portabbiltà tad-Data)
GET /v1/account/export — Iniżżel id-data kollha bħala fajl JSON.
curl https://qr3.app/v1/account/export \ -H "Authorization: Bearer qr3_sk_..." \ -o meine-daten.jsonL-esportazzjoni tinkludi:
- Il-QR codes kollha (inkluż dawk imħassra)
- Statistika tal-iskannjar aggregata (l-ebda hash tal-IP mhux ipproċessat)
- Timestamp tal-ħolqien u tal-modifika
Ħassar il-Kont (Art. 17 GDPR — Dritt li Tinsesa)
DELETE /v1/account — Tħassir irrevokabbli tad-data kollha.
curl -X DELETE https://qr3.app/v1/account \ -H "Authorization: Bearer qr3_sk_..."X’jiġri:
- Il-QR codes kollha jitħassru b’mod artab (soft-deleted / arkivjati)
- Ir-records kollha tal-iskannjar jiġu mħassra b’mod permanenti (PII)
- L-API keys kollha jiġu rrevokati
- Il-KV cache jiġi invalidat
Ġestjoni tal-Kunsens
GET /v1/account/privacy/consents — Ikseb il-kunsensi attwali.
POST /v1/account/privacy/consents — Aġġorna l-kunsensi.
# Aktuelle Einwilligungen abrufencurl https://qr3.app/v1/account/privacy/consents \ -H "Authorization: Bearer qr3_sk_..."
# Marketing-E-Mails deaktivierencurl -X POST https://qr3.app/v1/account/privacy/consents \ -H "Authorization: Bearer qr3_sk_..." \ -H "Content-Type: application/json" \ -d '{ "marketing_emails": false, "analytics": true, "product_updates": true }'Kampi tal-Kunsens:
| Kamp | Default | Deskrizzjoni |
|---|---|---|
marketing_emails | false | Newsletters u emails promozzjonali |
analytics | true | Statistika tal-użu aggregata |
product_updates | true | Aġġornamenti tal-prodott u changelogs |
Implimentazzjoni Teknika tal-GDPR
Anonimizzazzjoni tal-IP (Art. 25 GDPR)
HTTP Request → Cloudflare Edge Worker ↓CF-Connecting-IP Header → SHA-256(IP + täglicher Salt) ↓ip_hash (nicht reversibel) → D1 Datenbank ↓Original-IP wird NIEMALS gespeichertIs-salt idur kuljum f’nofsillejl UTC. B’dan il-mod, anke jekk is-salt ikun magħruf, mhux possibbli li ssir korrelazzjoni tal-IP minn jum għal ieħor.
Żamma tad-Data (Awtomatizzata)
Cron job li jaħdem kuljum (purgeOldScans) iħassar id-data tal-iskannjar wara l-perjodu li jiddependi mill-pjan:
| Pjan | Żamma (Retention) |
|---|---|
| Free | 7 ijiem |
| Pro | 90 jum |
| Business / Agency | sena |
| Enterprise | Custom (SLA) |
DPA tas-Sub-Proċessur
Cloudflare, Inc. jipproċessa d-data bħala proċessur tad-data. Id-DPA hija disponibbli fuq cloudflare.com/cloudflare-customer-dpa.
Cloudflare jipproċessa d-data fuq servers tal-UE (Frankfurt). Il-Klawżoli Kuntrattwali Standard (SCCs) skont l-Art. 46 tal-GDPR huma fis-seħħ.
Kuntatt
- Uffiċjal għall-Protezzjoni tad-Data: [email protected]
- Ftehim dwar l-Ipproċessar tad-Data (DPA): [email protected] (fuq talba)
- Politika tal-Privatezza: qr3.app/de/legal/datenschutz