Соответствие нормам конфиденциальности

Примечание

Здесь вы найдёте информацию по различным правовым вопросам, которая может вам потребоваться при работе с Weblate в определённых юрисдикциях. Она приведена исключительно в качестве рекомендации без каких-либо гарантий точности или корректности оной. В конце концов, обеспечение того, чтобы то, как вы используете Weblate, соответствовало всем применимым законам и нормам, является исключительно вышей ответственностью.

Совет

Weblate предоставляет функции, которые помогают организациям работать в рамках структур конфиденциальности, таких как GDPR, DPDPA, PIPL и других. Обязанности по хостингу, законному основанию, хранению, уведомлениям и соблюдению требований остаются под контролем развёртывающей организации.

В этом документе описаны функции Weblate, которые могут поддерживать соответствие:

• Общий регламент ЕС о защите данных (GDPR)

• Закон о конфиденциальности потребителей Калифорнии (CCPA)

• Бразильский Общий закон о защите данных (LGPD)

• Швейцарский Федеральный закон о защите данных (nFADP)

• Канадский Закон о защите личной информации и электронных документах (PIPEDA)

• Индийский Закон о защите цифровых персональных данных (DPDPA)

• Китайский Закон о защите личной информации (PIPL)

Принципы конфиденциальности

Минимизация данных

Weblate processes account and activity data needed to provide translation workflows, authentication, notifications, access control, and auditability. Depending on enabled features, the following personal data can be stored or processed:

• Account identifiers such as username, full name, primary e-mail address, verified e-mail addresses, and social-authentication associations.

• Optional profile fields such as public e-mail, website, profile links, location, company, language preferences, and dashboard preferences.

• Translation activity, suggestions, comments, watched projects, notification settings, and contribution statistics.

• Operational records such as audit-log entries, IP addresses, user agents, timestamps, and security-related events.

External analytics, crash reporting, remote logging, and avatar providers are optional integrations controlled by the site operator.

Согласие пользователя и прозрачность

• Users can review and update their account and profile data in Профиль пользователя.

• Administrators can publish privacy policy, terms, cookie information, and subcontractor information using Юридический модуль, or link externally using LEGAL_URL and PRIVACY_URL.

• Terms of service confirmation can be enforced using the legal app, and LEGAL_TOS_DATE can require users to accept updated terms.

• Data processing depends on user interaction and on integrations enabled by the site operator.

Доступ к данным и их переносимость

• Users can download a JSON export of their user data from the Account tab in Профиль пользователя; the export format is documented in Weblate user data export.

• Administrators can export active non-bot user data with dumpuserdata.

• Project translations and translation files can be exported separately using Weblate’s project and file export features.

Право на удаление и исправление

• Users can correct account and profile information from the profile interface.

• Users can request account removal from the Account tab. The removal flow requires confirmation and then deactivates and anonymizes the account.

• Account removal clears private profile fields, API tokens, social-auth associations, group memberships, notification subscriptions, watched projects, and user translation memory.

• Historical project records can remain associated with an anonymized deleted account where needed to preserve translation history and auditability.

Хранение и удаление данных

• Audit-log retention is configured using AUDITLOG_EXPIRY.

• Backups, reverse-proxy logs, mail server logs, and database retention are controlled by the site operator.

• Third-party services receive data only when configured or used by the operator, for example external authentication providers, avatar providers, Matomo, Sentry, remote logging, machine translation services, or repository integrations.

Безопасность и конфиденциальность

• Weblate supports HTTPS deployments and secure cookie settings; operators should configure TLS and trusted proxy headers correctly.

• Failed sign-ins, permission changes, two-factor changes, account removal requests, and other security events are recorded in the audit log.

• Optional GELF logging can forward logs to systems such as Graylog.

• Access control is enforced through users, teams, roles, project access settings, and component permissions.

• Commit identity privacy can be improved with PRIVATE_COMMIT_EMAIL_OPT_IN, PRIVATE_COMMIT_EMAIL_TEMPLATE, PRIVATE_COMMIT_NAME_OPT_IN, and PRIVATE_COMMIT_NAME_TEMPLATE.

• Avatar fetching can be disabled with ENABLE_AVATARS; when enabled, avatars are downloaded and cached server-side as described in Аватары.

Международные передачи

• Weblate itself does not require a specific hosting region.

• Hosting location, backups, e-mail delivery, repository hosting, external authentication, analytics, error reporting, and machine translation services determine where data is processed.

• Organizations can self-host Weblate in the required jurisdiction, or use a dedicated deployment with suitable infrastructure controls.

Нормативное отображение

Фреймворк	Supporting Weblate features
GDPR (Евросоюз)	Data export, correction, account removal, audit logs, privacy notices, configurable retention, self-hosting
CCPA (Калифорния)	Data access, deletion workflow, user control, no built-in sale of personal data
LGPD (Бразилия)	Transparency, access, correction, deletion workflow, operator-defined legal basis
nFADP (Швейцария)	Transparency, purpose limitation by configuration, account controls, auditability
PIPEDA (Канада)	Notice, consent workflow, access, correction, deletion
DPDPA (Индия)	Notice, consent workflow, user rights handling, hosting locality controlled by operator
PIPL (Китай)	Purpose limitation by configuration, data minimization, self-hosted locality controls

Рекомендации по обеспечению соответствия

• Notices and consent: Provide privacy, cookie, subcontractor, and terms information through Юридический модуль, and update LEGAL_TOS_DATE when users must accept changed terms.

• Policy links: Link external privacy and legal documents with PRIVACY_URL and LEGAL_URL when the documents are hosted outside Weblate.

• Data subject requests: Define an operational process for user-data export, correction, account removal, backup handling, and historical contribution review.

• Retention: Configure AUDITLOG_EXPIRY and document retention periods for database backups, log aggregation, mail systems, repositories, and external integrations.

• External services: Review configured authentication providers, avatar providers, analytics, Sentry, GELF logging, machine translation, e-mail, and repository integrations for transfer and processor obligations.

• Locality: Ensure application hosting, backups, logs, repositories, and external processors are located in permitted jurisdictions.