Elevated X CMS Software GDPR Data Protection and Privacy
Posted by Mark [Elevated X Support], Last modified by AJ Hall on 15 May 2018 11:52 AM
This document details the type of consumer/end-user data stored by Elevated X web site management software and how that information is retained.|
Data Retention Settings
Within the CMS software admin panel under Global Settings -> Privacy, is a setting named "Length of time to store data". This setting controls retention of user information.
The mailing list system stores the following information:
This information is stored for the duration a subscriber belongs to the mailing list. When a subscriber opts-out of the mailing list, this information is permanently deleted after the number of days specified under the Retention Setting in the CMS software admin panel.
When a user submits a comment, information about the user MAY be stored for diagnostic purposes.
Diagnostic information includes:
- IP address
- Values of any cookies stored by the user's browser when they make the request
- The user agent.
- Any sort of server state variables.
- If your members area is using Simple HTTP Authentication, the password associated with the username.
This diagnostic mode is turned off by default. You will see a warning on the front page of your admin panel if this mode is turned on. We highly recommend keeping this mode off unless instructed differently by support.
This diagnostic information is stored for 24-48 hours before being permanently deleted.
The following data is stored for users with web site memberships:
Based on when the user has last signed into the site, this information is permanently deleted after the number of days as specified under the Retention Setting in the CMS software admin panel. For example, if 90 days is specified under Retention Settings, the system will remove all information about the user after they have not logged into/utilized their account on the web site for 90 days.
The exception to the above is data related to "Most Active Users". This information is permanently deleted after the number of days as specified under the Retention Setting in the CMS software admin panel.
All VOD user information is retained indefinitely to provide user access to their past purchases and related transaction history unless the user requests their information be removed.
Removal of Information Requests
If an Elevated X CMS software operator receives a data removal request, user information can be manually deleted from the CMS software admin panel by clicking the gear icon at the upper right corner and choosing "Users" from the menu. A search can then be done for a specific user and their user name and associated data/information can be deleted from the system.
Note: When a user is deleted from the system, this deletes ALL associated information including information such as VOD/Store purchase history. The user will immediately and permanently lose access to all past purchases and any record thereof. This operation cannot be undone or reversed and should not be performed unless a customer/end-user has specifically asked for their information to be deleted.
Note: This only applies to users and related data associated with user accounts for memberships and VOD/Store accounts. Users must remove their information from mailing lists by unsubscribing from each individual mailing list they've subscribed to and this data will be purged (removed) upon reaching the length of time specified under Data Retention Setting as detailed above.
Data is cached server-side for for page loads within the directory /cms_admin/storage/cache/. This cache may contain historical data such as comments submitted by users and associated user names and display names. This cache is deleted between 7 - 14 days of the time the cached data is originally generated.
The CMS software can also be configured to do disk caching of SQL database queries within the directory /cms_admin/storage/sqlcache/. This may contain any database stored information as listed above. This cache is deleted after 7 - 14 days of the time the cached data is originally generated.
For improved cache performance and reduced disk retention, use of memcached is recommended for all CMS software owners/operators when possible.
Elevated X Protect
Elevated X Protect is an included cookie-based login form that allows web site visitors on mobile devices to view content. It is optional for member areas and built in/installed automatically for VOD/Store areas.
Protect stores information server-side within the directory /cms_admin/storage/protect that includes the following:
- User name
- IP addresses the user name is logging in from
- A hash of the user name's password
This information is stored prevent password sharing. Cache information containing this data is deleted 7-14 days after a user has last logged into the site.