@girardmedia/bootspring 1.2.0 → 2.0.3

package/templates/legal/gdpr-checklist.md

@@ -1,339 +0,0 @@
-# GDPR Compliance Checklist: {{PROJECT_NAME}}
-
-> **Version**: 1.0 | **Created**: {{DATE}} | **Status**: In Progress
-
----
-
-## Overview
-
-The General Data Protection Regulation (GDPR) applies if you:
-- Are established in the EU/EEA
-- Process personal data of EU/EEA residents
-- Offer goods/services to EU/EEA residents
-- Monitor behavior of EU/EEA residents
-
----
-
-## 1. Lawful Basis for Processing
-
-### Documentation Required
-- [ ] Identify lawful basis for each processing activity
-- [ ] Document lawful basis in privacy policy
-- [ ] Maintain records of processing activities
-
-### Lawful Bases (Choose One Per Activity)
-| Processing Activity | Lawful Basis | Documentation |
-|--------------------|--------------|---------------|
-| Account creation | Contract | |
-| Marketing emails | Consent | |
-| Analytics | Legitimate Interest | |
-| Payment processing | Contract | |
-| Security monitoring | Legitimate Interest | |
-| Legal compliance | Legal Obligation | |
-
-### Consent Requirements (If Using Consent)
-- [ ] Consent is freely given
-- [ ] Consent is specific to purpose
-- [ ] Consent is informed (clear explanation)
-- [ ] Consent is unambiguous (affirmative action)
-- [ ] No pre-ticked boxes
-- [ ] Easy to withdraw consent
-- [ ] Consent records maintained
-
----
-
-## 2. Data Subject Rights
-
-### Right to Be Informed
-- [ ] Privacy policy is accessible
-- [ ] Information provided at point of collection
-- [ ] Clear and plain language used
-- [ ] All required information included
-
-### Right of Access (Subject Access Request)
-- [ ] Process to verify identity
-- [ ] Process to respond within 30 days
-- [ ] Ability to provide data in common format
-- [ ] Process for handling complex requests
-- [ ] No charge for reasonable requests
-
-### Right to Rectification
-- [ ] Users can update their information
-- [ ] Process to correct inaccurate data
-- [ ] Notification to third parties when corrected
-
-### Right to Erasure ("Right to Be Forgotten")
-- [ ] Process to delete user data
-- [ ] Criteria for when erasure applies
-- [ ] Process for notifying third parties
-- [ ] Exceptions documented (legal requirements)
-
-### Right to Restrict Processing
-- [ ] Process to restrict processing on request
-- [ ] Technical ability to restrict processing
-- [ ] Notification when restriction lifted
-
-### Right to Data Portability
-- [ ] Ability to export data in machine-readable format
-- [ ] Process for handling portability requests
-- [ ] Common format defined (JSON, CSV, etc.)
-
-### Right to Object
-- [ ] Process to handle objections
-- [ ] Immediate stop for direct marketing
-- [ ] Legitimate interest balancing for other processing
-
-### Rights Related to Automated Decision-Making
-- [ ] Identify any automated decisions
-- [ ] Process for human review when requested
-- [ ] Safeguards in place
-
----
-
-## 3. Privacy by Design & Default
-
-### Design Principles
-- [ ] Data minimization (collect only what's needed)
-- [ ] Purpose limitation (use only for stated purposes)
-- [ ] Storage limitation (don't keep longer than necessary)
-- [ ] Accuracy (keep data up to date)
-- [ ] Security (protect data appropriately)
-- [ ] Privacy by default (most private settings by default)
-
-### Technical Measures
-- [ ] Data minimization in database schema
-- [ ] Privacy-friendly default settings
-- [ ] Automatic data deletion after retention period
-- [ ] Pseudonymization where appropriate
-- [ ] Anonymization for analytics
-
----
-
-## 4. Data Protection Impact Assessment (DPIA)
-
-### When Required
-- [ ] Systematic monitoring of public areas
-- [ ] Large-scale processing of sensitive data
-- [ ] Automated decision-making with legal effects
-- [ ] New technologies with high risk
-- [ ] Combining data sets
-
-### DPIA Process
-- [ ] Describe processing operations
-- [ ] Assess necessity and proportionality
-- [ ] Identify and assess risks
-- [ ] Identify measures to address risks
-- [ ] Document the assessment
-- [ ] Consult with DPO (if required)
-
----
-
-## 5. Security Measures
-
-### Technical Measures
-- [ ] Encryption at rest
-- [ ] Encryption in transit (TLS/SSL)
-- [ ] Access controls and authentication
-- [ ] Secure password storage (hashing)
-- [ ] Regular security testing
-- [ ] Vulnerability management
-- [ ] Logging and monitoring
-- [ ] Backup and recovery
-
-### Organizational Measures
-- [ ] Security policies documented
-- [ ] Employee training on data protection
-- [ ] Access limited to need-to-know
-- [ ] Confidentiality agreements
-- [ ] Incident response procedures
-- [ ] Regular security reviews
-
----
-
-## 6. Data Breach Procedures
-
-### Detection and Assessment
-- [ ] Monitoring for breaches
-- [ ] Process to assess severity
-- [ ] Documentation of all breaches
-
-### Notification to Supervisory Authority
-- [ ] Notify within 72 hours if risk to rights
-- [ ] Template notification prepared
-- [ ] Contact information for relevant authority
-
-### Notification to Data Subjects
-- [ ] Process for notifying affected individuals
-- [ ] Clear communication of impact
-- [ ] Advice on protective measures
-
-### Documentation
-- [ ] Breach register maintained
-- [ ] Post-incident review process
-- [ ] Lessons learned documented
-
----
-
-## 7. Third-Party Processors
-
-### Due Diligence
-- [ ] List all third-party processors
-- [ ] Verify processor GDPR compliance
-- [ ] Review processor security measures
-
-### Contracts (Data Processing Agreements)
-- [ ] Written contracts with all processors
-- [ ] Required GDPR clauses included:
-  - [ ] Subject matter and duration
-  - [ ] Nature and purpose of processing
-  - [ ] Types of personal data
-  - [ ] Categories of data subjects
-  - [ ] Processor obligations
-  - [ ] Controller rights
-
-### Processor List
-| Processor | Purpose | Data Processed | DPA Signed | Location |
-|-----------|---------|----------------|------------|----------|
-| [Cloud Provider] | Hosting | All | [ ] | |
-| [Payment Provider] | Payments | Payment data | [ ] | |
-| [Email Service] | Email | Email, name | [ ] | |
-| [Analytics] | Analytics | Usage data | [ ] | |
-
----
-
-## 8. International Transfers
-
-### Assessment
-- [ ] Identify all international data transfers
-- [ ] Determine adequacy status of destination countries
-- [ ] Implement appropriate safeguards
-
-### Transfer Mechanisms
-| Destination | Mechanism | Status |
-|-------------|-----------|--------|
-| USA | Standard Contractual Clauses | [ ] |
-| UK | Adequacy Decision | [ ] |
-| [Country] | [Mechanism] | [ ] |
-
-### Safeguards
-- [ ] Standard Contractual Clauses signed
-- [ ] Binding Corporate Rules (if applicable)
-- [ ] Transfer Impact Assessments completed
-- [ ] Supplementary measures implemented
-
----
-
-## 9. Records of Processing Activities
-
-### Controller Records (Article 30)
-- [ ] Name and contact details
-- [ ] Purposes of processing
-- [ ] Categories of data subjects
-- [ ] Categories of personal data
-- [ ] Categories of recipients
-- [ ] International transfers
-- [ ] Retention periods
-- [ ] Security measures description
-
-### Record Template
-| Activity | Purpose | Legal Basis | Data Categories | Recipients | Retention | Transfers |
-|----------|---------|-------------|-----------------|------------|-----------|-----------|
-| User accounts | Service provision | Contract | Name, email | [List] | Account + 3yr | US (SCCs) |
-| Analytics | Improvement | Legitimate interest | Usage data | [List] | 2 years | US (SCCs) |
-
----
-
-## 10. Data Protection Officer (DPO)
-
-### When Required
-- [ ] Public authority
-- [ ] Core activities require regular monitoring at scale
-- [ ] Core activities involve sensitive data at scale
-
-### DPO Responsibilities (If Appointed)
-- [ ] DPO appointed and registered
-- [ ] DPO contact information published
-- [ ] DPO involved in all data protection matters
-- [ ] DPO reports to highest management level
-- [ ] DPO has adequate resources
-
----
-
-## 11. Privacy Policy Requirements
-
-### Required Information
-- [ ] Identity and contact details of controller
-- [ ] DPO contact details (if applicable)
-- [ ] Purposes of processing
-- [ ] Legal basis for processing
-- [ ] Legitimate interests (if applicable)
-- [ ] Categories of recipients
-- [ ] International transfer details
-- [ ] Retention periods
-- [ ] Data subject rights
-- [ ] Right to withdraw consent
-- [ ] Right to complain to supervisory authority
-- [ ] Whether provision is required/obligatory
-- [ ] Automated decision-making details
-
----
-
-## 12. Cookie Compliance
-
-### Requirements
-- [ ] Cookie banner/notice displayed
-- [ ] Prior consent before non-essential cookies
-- [ ] Easy to reject cookies
-- [ ] No pre-selected options
-- [ ] Cookie policy accessible
-- [ ] List of all cookies with purposes
-- [ ] Third-party cookie disclosure
-
-### Cookie Categories
-| Cookie | Purpose | Duration | Type |
-|--------|---------|----------|------|
-| Session | Essential | Session | Necessary |
-| Auth token | Essential | 30 days | Necessary |
-| Analytics | Analytics | 2 years | Requires consent |
-| Marketing | Advertising | 1 year | Requires consent |
-
----
-
-## 13. Regular Review
-
-### Annual Tasks
-- [ ] Review and update privacy policy
-- [ ] Review processing activities
-- [ ] Review data retention
-- [ ] Update third-party processor list
-- [ ] Conduct security assessment
-- [ ] Review breach procedures
-- [ ] Employee training refresh
-
-### Ongoing Tasks
-- [ ] Monitor regulatory guidance
-- [ ] Handle data subject requests
-- [ ] Document processing changes
-- [ ] Report to management
-
----
-
-## Resources
-
-### Regulatory Guidance
-- ICO (UK): https://ico.org.uk/
-- CNIL (France): https://www.cnil.fr/
-- EDPB: https://edpb.europa.eu/
-
-### Tools
-- Cookie consent platforms
-- DPIA templates
-- DPA templates
-
----
-
-**IMPORTANT**: This checklist is for guidance only and does not constitute legal advice. Consult a qualified attorney for compliance requirements specific to your situation.
-
----
-
-*Generated with Bootspring*

package/templates/legal/privacy-policy.md

@@ -1,285 +0,0 @@
-# Privacy Policy
-
-**{{PROJECT_NAME}}**
-
-**Last Updated**: {{DATE}}
-
----
-
-## 1. Introduction
-
-Welcome to {{PROJECT_NAME}} ("we," "our," or "us"). We are committed to protecting your privacy and personal information.
-
-This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service ("Service").
-
----
-
-## 2. Information We Collect
-
-### 2.1 Information You Provide
-
-**Account Information**
-- Name
-- Email address
-- Password (encrypted)
-- Profile information
-
-**Payment Information**
-- Payment card details (processed by payment provider)
-- Billing address
-- Transaction history
-
-**Communications**
-- Support inquiries
-- Feedback and surveys
-- Email correspondence
-
-**User Content**
-- Content you create or upload
-- Comments and interactions
-
-### 2.2 Information Collected Automatically
-
-**Usage Data**
-- Pages visited
-- Features used
-- Time spent on Service
-- Click patterns
-
-**Device Information**
-- Device type and model
-- Operating system
-- Browser type and version
-- Screen resolution
-
-**Log Data**
-- IP address
-- Access times
-- Referring URLs
-- Error logs
-
-**Cookies and Tracking**
-- Session cookies
-- Preference cookies
-- Analytics cookies
-- See our Cookie Policy for details
-
-### 2.3 Information from Third Parties
-
-- Social login providers (if used)
-- Payment processors
-- Analytics services
-- Marketing partners
-
----
-
-## 3. How We Use Your Information
-
-We use collected information to:
-
-### 3.1 Provide and Maintain Service
-- Create and manage your account
-- Process transactions
-- Deliver requested features
-- Provide customer support
-
-### 3.2 Improve Service
-- Analyze usage patterns
-- Develop new features
-- Fix bugs and issues
-- Optimize performance
-
-### 3.3 Communications
-- Send service notifications
-- Respond to inquiries
-- Send marketing communications (with consent)
-- Share updates and news
-
-### 3.4 Security and Compliance
-- Prevent fraud and abuse
-- Enforce our terms
-- Comply with legal obligations
-- Protect rights and safety
-
----
-
-## 4. How We Share Your Information
-
-### 4.1 Service Providers
-We share information with third parties that perform services on our behalf:
-- Cloud hosting providers
-- Payment processors
-- Analytics services
-- Customer support tools
-- Email service providers
-
-### 4.2 Business Transfers
-In the event of a merger, acquisition, or sale, your information may be transferred to the acquiring entity.
-
-### 4.3 Legal Requirements
-We may disclose information when required by law or to:
-- Comply with legal process
-- Protect our rights
-- Prevent fraud or abuse
-- Ensure safety of users
-
-### 4.4 With Your Consent
-We may share information for purposes you have consented to.
-
-### 4.5 Aggregated Data
-We may share aggregated, de-identified data that cannot identify you.
-
----
-
-## 5. Data Retention
-
-We retain your information for as long as:
-- Your account is active
-- Needed to provide services
-- Required by law
-- Necessary for legitimate business purposes
-
-After account deletion, we may retain certain information as required by law or for legitimate business purposes.
-
----
-
-## 6. Data Security
-
-We implement appropriate security measures including:
-- Encryption in transit and at rest
-- Access controls
-- Regular security assessments
-- Employee training
-- Incident response procedures
-
-However, no method of transmission is 100% secure. We cannot guarantee absolute security.
-
----
-
-## 7. Your Rights and Choices
-
-### 7.1 Account Information
-You can access, update, or delete your account information through your account settings.
-
-### 7.2 Marketing Communications
-You can opt out of marketing emails by:
-- Clicking "unsubscribe" in emails
-- Adjusting notification settings
-- Contacting us directly
-
-### 7.3 Cookies
-You can control cookies through browser settings. Note that disabling cookies may affect functionality.
-
-### 7.4 Do Not Track
-We currently do not respond to Do Not Track signals.
-
-### 7.5 Data Portability
-You may request a copy of your data in a portable format.
-
-### 7.6 Deletion
-You may request deletion of your personal information, subject to legal retention requirements.
-
----
-
-## 8. International Data Transfers
-
-If you are located outside [COUNTRY], your information may be transferred to and processed in [COUNTRY]. We ensure appropriate safeguards for international transfers.
-
----
-
-## 9. Children's Privacy
-
-Our Service is not intended for children under 13 (or applicable age of consent). We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.
-
----
-
-## 10. Third-Party Links
-
-Our Service may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.
-
----
-
-## 11. Updates to This Policy
-
-We may update this Privacy Policy periodically. We will notify you of material changes via:
-- Email notification
-- Service announcement
-- Updated "Last Updated" date
-
-Continued use after changes constitutes acceptance.
-
----
-
-## 12. California Privacy Rights (CCPA)
-
-If you are a California resident, you have additional rights:
-
-### 12.1 Right to Know
-You may request disclosure of:
-- Categories of information collected
-- Sources of information
-- Purpose of collection
-- Categories of third parties we share with
-- Specific pieces of information collected
-
-### 12.2 Right to Delete
-You may request deletion of your personal information.
-
-### 12.3 Right to Opt-Out
-You may opt out of the "sale" of personal information.
-
-### 12.4 Non-Discrimination
-We will not discriminate against you for exercising your rights.
-
-### 12.5 How to Exercise Rights
-Submit requests to: privacy@{{DOMAIN}}
-We will verify your identity before processing requests.
-
----
-
-## 13. European Privacy Rights (GDPR)
-
-If you are in the European Economic Area, you have additional rights:
-
-### 13.1 Legal Basis
-We process data based on:
-- Consent
-- Contract performance
-- Legal obligations
-- Legitimate interests
-
-### 13.2 Your Rights
-- Access your data
-- Rectify inaccurate data
-- Erase your data
-- Restrict processing
-- Data portability
-- Object to processing
-- Withdraw consent
-
-### 13.3 Data Protection Officer
-Contact our DPO at: dpo@{{DOMAIN}}
-
-### 13.4 Supervisory Authority
-You may lodge a complaint with your local data protection authority.
-
----
-
-## 14. Contact Us
-
-For questions about this Privacy Policy or our privacy practices:
-
-**{{PROJECT_NAME}}**
-Email: privacy@{{DOMAIN}}
-Address: [ADDRESS]
-
-For data protection inquiries:
-Email: dpo@{{DOMAIN}}
-
----
-
-**IMPORTANT**: This template is for informational purposes only and does not constitute legal advice. Consult a qualified attorney to ensure compliance with applicable laws.
-
----
-
-*Generated with Bootspring*