GDPR Compliance of Photonic

  • Resolved dejudicibus

    (@dejudicibus)


    5 years, 11 months ago

    Please, confirm that Photonic is compliant to GDPR. My understanding is that you set many cookies:

    setcookie('photonic-'.$secret.'-oauth-token', $token['oauth_token'], time() + 365 * 60 * 60 * 24, COOKIEPATH);
setcookie('photonic-'.$secret.'-oauth-token-secret', $token['oauth_token_secret'], time() + 365 * 60 * 60 * 24, COOKIEPATH);
setcookie('photonic-'.$secret.'-oauth-token-type', 'request', time() + 365 * 60 * 60 * 24, COOKIEPATH);
setcookie('photonic-'.$secret.'-oauth-verifier', $token['oauth_verifier'], time() + 365 * 60 * 60 * 24, COOKIEPATH);
setcookie('photonic-' . $secret . '-oauth-token-created', time(), time() + $cookie_expiration, COOKIEPATH);
setcookie('photonic-' . $secret . '-oauth-token-expires', $body->expires_in, time() + $cookie_expiration, COOKIEPATH);
setcookie('photonic-zf-keyring', $response->result, time() + 60 * 60 * 24, COOKIEPATH);

    What are they for?

Viewing 1 replies (of 1 total)
  • Plugin Author Sayontan Sinha

    (@sayontan)

    5 years, 11 months ago

    Short answer: yes.

    TL,DR:
    GDPR applies to a remote server storing your information, not to a user’s browser / local computer storing information. Cookies are stored in your end-user’s local browser, not in your browser or your WP instance, and certainly not sent to any remote Photonic-specific server. These cookies are specifically set for authentication with different service providers, and these are the specific use cases:

    1. You turning on “Front-end authentication” for visitors of your site. Those visitors would require logins on platforms like Flickr, SmugMug, Google or 500px to then browse through private content. The cookie basically prevents them from having to log in each time they visit Flickr etc. your site, same as WP itself sets login cookies. The first 6 examples you pasted pertain to this point, and are only applicable if you enable front-end authentication.
    2. You displaying a password-protected album in SmugMug or Zenfolio, where first a call is made with SmugMug / Zenfolio to determine that you have put in the correct password. You receive a short-lived “success” token, which you have to pass as a cookie back to SmugMug / Zenfolio to then see your photos. The seventh example from your list pertains to this.

    Nothing that you put in Photonic “phones home” (you are not logging into a Photonic-specific website anywhere), so there is no concept of data getting stored remotely, hence GDPR is not applicable to Photonic itself. If any restrictions apply, it will be on what data you store with Flickr / SmugMug / Google / Zenfolio / 500px / Instagram. None of that data is in Photonic, and their GDPR compliance is really what affects you.

Viewing 1 replies (of 1 total)
  • The topic ‘GDPR Compliance of Photonic’ is closed to new replies.