Cumplimiento de las normas de privacidad

Nota

Aquí encontrará información legal diversa que podría necesitar para operar Weblate en ciertas jurisdicciones. Se proporciona a modo de orientación, sin garantía de exactitud ni corrección. Es su responsabilidad asegurarse de que el uso de Weblate cumpla con todas las leyes y normativas aplicables.

Truco

Weblate provides features that help organizations operate within privacy frameworks such as GDPR, DPDPA, PIPL, and others. Hosting, legal basis, retention, notices, and compliance responsibilities remain under the deploying organization’s control.

This document outlines Weblate features that can support compliance with:

  • Reglamento General de Protección de Datos de la UE (RGPD)

  • Ley de Privacidad del Consumidor de California (CCPA)

  • Ley General de Protección de Datos de Brasil (LGPD)

  • Ley Federal Suiza de Protección de Datos (nFADP)

  • Ley Canadiense de Protección de la Información Personal y de los Documentos Electrónicos (PIPEDA)

  • Ley de Protección de Datos Personales Digitales de la India (DPDPA)

  • Ley de Protección de Información Personal de China (PIPL)

Principios de privacidad

Minimización de datos

Weblate processes account and activity data needed to provide translation workflows, authentication, notifications, access control, and auditability. Depending on enabled features, the following personal data can be stored or processed:

  • Account identifiers such as username, full name, primary e-mail address, verified e-mail addresses, and social-authentication associations.

  • Optional profile fields such as public e-mail, website, profile links, location, company, language preferences, and dashboard preferences.

  • Translation activity, suggestions, comments, watched projects, notification settings, and contribution statistics.

  • Operational records such as audit-log entries, IP addresses, user agents, timestamps, and security-related events.

External analytics, crash reporting, remote logging, and avatar providers are optional integrations controlled by the site operator.

Acceso y portabilidad de datos

  • Users can download a JSON export of their user data from the Account tab in Perfil de usuario; the export format is documented in Weblate user data export.

  • Administrators can export active non-bot user data with dumpuserdata.

  • Project translations and translation files can be exported separately using Weblate’s project and file export features.

Derecho de supresión y corrección

  • Users can correct account and profile information from the profile interface.

  • Users can request account removal from the Account tab. The removal flow requires confirmation and then deactivates and anonymizes the account.

  • Account removal clears private profile fields, API tokens, social-auth associations, group memberships, notification subscriptions, watched projects, and user translation memory.

  • Historical project records can remain associated with an anonymized deleted account where needed to preserve translation history and auditability.

Retención y borrado de datos

  • Retención de bitácora de auditoría está configurada utilizando AUDITLOG_EXPIRY.

  • Backups, reverse-proxy logs, mail server logs, and database retention are controlled by the site operator.

  • Third-party services receive data only when configured or used by the operator, for example external authentication providers, avatar providers, Matomo, Sentry, OpenTelemetry, remote logging, machine translation services, or repository integrations.

Seguridad y confidencialidad

  • Weblate supports HTTPS deployments and secure cookie settings; operators should configure TLS and trusted proxy headers correctly.

  • Failed sign-ins, permission changes, two-factor changes, account removal requests, and other security events are recorded in the audit log.

  • Optional GELF logging can forward logs to systems such as Graylog.

  • Access control is enforced through users, teams, roles, project access settings, and component permissions.

  • Commit identity privacy can be improved with PRIVATE_COMMIT_EMAIL_OPT_IN, PRIVATE_COMMIT_EMAIL_TEMPLATE, PRIVATE_COMMIT_NAME_OPT_IN, and PRIVATE_COMMIT_NAME_TEMPLATE.

  • Avatar fetching can be disabled with ENABLE_AVATARS; when enabled, avatars are downloaded and cached server-side as described in Avatares.

Transferencias internacionales

  • Weblate itself does not require a specific hosting region.

  • Hosting location, backups, e-mail delivery, repository hosting, external authentication, analytics, error reporting, and machine translation services determine where data is processed.

  • Organizations can self-host Weblate in the required jurisdiction, or use a dedicated deployment with suitable infrastructure controls.

Regulación regulatoria

Estructura

Supporting Weblate features

GDPR (UE)

Data export, correction, account removal, audit logs, privacy notices, configurable retention, self-hosting

CCPA (California)

Data access, deletion workflow, user control, no built-in sale of personal data

LGPD (Brasil)

Transparency, access, correction, deletion workflow, operator-defined legal basis

nFADP (Suiza)

Transparency, purpose limitation by configuration, account controls, auditability

PIPEDA (Canadá)

Notice, consent workflow, access, correction, deletion

DPDPA (India)

Notice, consent workflow, user rights handling, hosting locality controlled by operator

PIPL (China)

Purpose limitation by configuration, data minimization, self-hosted locality controls

Recomendaciones para cumplimiento

  • Avisos y consentimiento: Proporcione información sobre privacidad, cookies, subcontratistas y términos a través de Módulo legal, y actualice LEGAL_TOS_DATE cuando los usuarios deben aceptar términos modificados.

  • Enlaces a las directrices:. Vincular documentos externos de privacidad y legales con PRIVACY_URL y LEGAL_URL cuando los documentos están alojados fuera de Weblate.

  • Solicitudes de los interesados: Defina un proceso operativo para la exportación, corrección, eliminación de cuentas, manejo de copias de respaldo y revisión de contribuciones históricas de datos de usuarios.

  • Retención: Configure AUDITLOG_EXPIRY y periodos de retención documental para copias de respaldo de bases de datos, agregación de registros, sistemas de correo, repositorios e integraciones externas.

  • External services: Review configured authentication providers, avatar providers, analytics, Sentry, OpenTelemetry, GELF logging, machine translation, e-mail, and repository integrations for transfer and processor obligations.

  • Locality: Ensure application hosting, backups, logs, repositories, and external processors are located in permitted jurisdictions.