Knowledgebase: User Manual
Elevated X CMS Software GDPR Data Protection and Privacy
Posted by Mark [Elevated X Support], Last modified by AJ Hall on 15 May 2018 11:52 AM
This document details the type of consumer/end-user data stored by Elevated X web site management software and how that information is retained.

Data Retention Settings
Within the CMS software admin panel under Global Settings -> Privacy, is a setting named "Length of time to store data". This setting controls retention of user information.

DATA/INFORMATION STORAGE:

Mailing Lists
The mailing list system stores the following information:
  • Email Address
  • Name (optional)

This information is stored for the duration a subscriber belongs to the mailing list.  When a subscriber opts-out of the mailing list, this information is permanently deleted after the number of days specified under the Retention Setting in the CMS software admin panel.

Comments
When a user submits a comment, information about the user MAY be stored for diagnostic purposes.

Diagnostic information includes:
- IP address
- Values of any cookies stored by the user's browser when they make the request
- The user agent.
- Any sort of server state variables.
- Username
- If your members area is using Simple HTTP Authentication, the password associated with the username.

This diagnostic mode is turned off by default. You will see a warning on the front page of your admin panel if this mode is turned on. We highly recommend keeping this mode off unless instructed differently by support.

This diagnostic information is stored for 24-48 hours before being permanently deleted.

Memberships
The following data is stored for users with web site memberships:
  • A display name for comments from the user posted to Content Updates, DVDs, Models, Blog Entries
  • Votes on models, sets, DVDs
  • Favorites
  • Private Messages to and from the user
  • If VOD / Store is enabled for the members area, a shopping cart for that user
  • If VOD / Store is enabled for the members area, any purchases made
  • Email address, if user provides email
  • User Name
  • The last time a user has been logged in to the site
  • Browser Agent

Based on when the user has last signed into the site, this information is permanently deleted after the number of days as specified under the Retention Setting in the CMS software admin panel. For example, if 90 days is specified under Retention Settings, the system will remove all information about the user after they have not logged into/utilized their account on the web site for 90 days.

Exemptions:

Purchases: If a user has made any VOD/Store purchases, all user information is retained unless the user requests that their information be removed.

Comments: If a user has been removed from the system, their comments are not deleted but are anonymized and de-associated with their account. The body of the comment is retained, however, the Display Name associated with the user is anonymized.

Votes/Ratings: If a user has been removed from the system, their votes are not deleted but are anonymized and de-associated with their account.

Statistics
Individual logs containing a web site account holder's/member's user name and browser agent are stored for a period of time specified by the site operator under the Statistics Plug-in's "Snapshot Length" setting in the in the CMS software admin panel. By default, when the software is installed by Elevated X, this setting is set to 60 days, at which time this information is purged (removed) from the system and the user name and browser agent data is automatically anonymized by the system.

The exception to the above is data related to "Most Active Users". This information is permanently deleted after the number of days as specified under the Retention Setting in the CMS software admin panel.

VOD/Store Users
The following data is stored for users with VOD/Store accounts:

  • Comments from the user posted to Sets, DVDs, Models, Blog Entries
  • A display name for comments
  • Votes on models, sets, DVDs
  • Favorites
  • Private Messages to and from the user
  • A shopping cart for that user
  • Any purchases made
  • Email address, if user provides email
  • User Name
  • The last time a user has been logged in to the site
  • Browser Agent

All VOD user information is retained indefinitely to provide user access to their past purchases and related transaction history unless the user requests their information be removed.

Removal of Information Requests
If an Elevated X CMS software operator receives a data removal request, user information can be manually deleted from the CMS software admin panel by clicking the gear icon at the upper right corner and choosing "Users" from the menu. A search can then be done for a specific user and their user name and associated data/information can be deleted from the system.

Note: When a user is deleted from the system, this deletes ALL associated information including information such as VOD/Store purchase history. The user will immediately and permanently lose access to all past purchases and any record thereof. This operation cannot be undone or reversed and should not be performed unless a customer/end-user has specifically asked for their information to be deleted.

Note: This only applies to users and related data associated with user accounts for memberships and VOD/Store accounts. Users must remove their information from mailing lists by unsubscribing from each individual mailing list they've subscribed to and this data will be purged (removed) upon reaching the length of time specified under Data Retention Setting as detailed above.

Database Caching
Data is cached server-side for for page loads within the directory /cms_admin/storage/cache/. This cache may contain historical data such as comments submitted by users and associated user names and display names. This cache is deleted between 7 - 14 days of the time the cached data is originally generated.

The CMS software can also be configured to do disk caching of SQL database queries within the directory /cms_admin/storage/sqlcache/. This may contain any database stored information as listed above. This cache is deleted after 7 - 14 days of the time the cached data is originally generated.

For improved cache performance and reduced disk retention, use of memcached is recommended for all CMS software owners/operators when possible.

Elevated X Protect
Elevated X Protect is an included cookie-based login form that allows web site visitors on mobile devices to view content. It is optional for member areas and built in/installed automatically for VOD/Store areas.

Protect stores information server-side within the directory /cms_admin/storage/protect that includes the following:

- User name
- IP addresses the user name is logging in from
- A hash of the user name's password

This information is stored prevent password sharing. Cache information containing this data is deleted 7-14 days after a user has last logged into the site.
(2 vote(s))
Helpful
Not helpful

Comments (0)