隐私监管合规¶
备注
在此。您可以找到您在某些法律管辖区操作Weblate可能需要的各种法律信息。它是作为一种指导手段提供的,不保证其准确性或正确性。确保您对Weblate的使用符合所有适用的法律和法规,最终是您的责任。
小技巧
Weblate provides features that help organizations operate within privacy frameworks such as GDPR, DPDPA, PIPL, and others. Hosting, legal basis, retention, notices, and compliance responsibilities remain under the deploying organization's control.
This document outlines Weblate features that can support compliance with:
欧盟通用数据保护条例(GDPR)
加利福利亚消费者隐私法案(CCPA)
巴西通用数据保护法(LGPD)
瑞士联邦数据保护法(nFADP)
加拿大个人信息保护和电子文档法案(PIPEDA)
印度数字个人数据保护法案(DPDPA)
中华人民共和国个人信息保护法(PIPL)
隐私准则¶
数据最小化¶
Weblate processes account and activity data needed to provide translation workflows, authentication, notifications, access control, and auditability. Depending on enabled features, the following personal data can be stored or processed:
Account identifiers such as username, full name, primary e-mail address, verified e-mail addresses, and social-authentication associations.
Optional profile fields such as public e-mail, website, profile links, location, company, language preferences, and dashboard preferences.
Translation activity, suggestions, comments, watched projects, notification settings, and contribution statistics.
Operational records such as audit-log entries, IP addresses, user agents, timestamps, and security-related events.
External analytics, crash reporting, remote logging, and avatar providers are optional integrations controlled by the site operator.
用户同意和透明度¶
Users can review and update their account and profile data in 用户个人资料.
Administrators can publish privacy policy, terms, cookie information, and subcontractor information using 法律组件, or link externally using
LEGAL_URLandPRIVACY_URL.Terms of service confirmation can be enforced using the legal app, and
LEGAL_TOS_DATEcan require users to accept updated terms.Data processing depends on user interaction and on integrations enabled by the site operator.
数据访问和便携性¶
Users can download a JSON export of their user data from the Account tab in 用户个人资料; the export format is documented in Weblate user data export.
Administrators can export active non-bot user data with
dumpuserdata.Project translations and translation files can be exported separately using Weblate's project and file export features.
数据擦除和修正的权利¶
Users can correct account and profile information from the profile interface.
Users can request account removal from the Account tab. The removal flow requires confirmation and then deactivates and anonymizes the account.
Account removal clears private profile fields, API tokens, social-auth associations, group memberships, notification subscriptions, watched projects, and user translation memory.
Historical project records can remain associated with an anonymized deleted account where needed to preserve translation history and auditability.
数据保留和删除¶
Audit-log retention is configured using
AUDITLOG_EXPIRY.Backups, reverse-proxy logs, mail server logs, and database retention are controlled by the site operator.
Third-party services receive data only when configured or used by the operator, for example external authentication providers, avatar providers, Matomo, Sentry, remote logging, machine translation services, or repository integrations.
安全性和机密性¶
Weblate supports HTTPS deployments and secure cookie settings; operators should configure TLS and trusted proxy headers correctly.
Failed sign-ins, permission changes, two-factor changes, account removal requests, and other security events are recorded in the audit log.
Optional GELF logging can forward logs to systems such as Graylog.
Access control is enforced through users, teams, roles, project access settings, and component permissions.
Commit identity privacy can be improved with
PRIVATE_COMMIT_EMAIL_OPT_IN,PRIVATE_COMMIT_EMAIL_TEMPLATE,PRIVATE_COMMIT_NAME_OPT_IN, andPRIVATE_COMMIT_NAME_TEMPLATE.Avatar fetching can be disabled with
ENABLE_AVATARS; when enabled, avatars are downloaded and cached server-side as described in 头像.
跨境传输¶
Weblate itself does not require a specific hosting region.
Hosting location, backups, e-mail delivery, repository hosting, external authentication, analytics, error reporting, and machine translation services determine where data is processed.
Organizations can self-host Weblate in the required jurisdiction, or use a dedicated deployment with suitable infrastructure controls.
监管地图¶
框架 |
Supporting Weblate features |
|---|---|
GDPR(欧盟) |
Data export, correction, account removal, audit logs, privacy notices, configurable retention, self-hosting |
CCPA(加利福尼亚) |
Data access, deletion workflow, user control, no built-in sale of personal data |
LGPD(巴西) |
Transparency, access, correction, deletion workflow, operator-defined legal basis |
nFADP(瑞士) |
Transparency, purpose limitation by configuration, account controls, auditability |
PIPEDA(加拿大) |
Notice, consent workflow, access, correction, deletion |
DPDPA(印度) |
Notice, consent workflow, user rights handling, hosting locality controlled by operator |
PIPL(中国) |
Purpose limitation by configuration, data minimization, self-hosted locality controls |
合规建议¶
Notices and consent: Provide privacy, cookie, subcontractor, and terms information through 法律组件, and update
LEGAL_TOS_DATEwhen users must accept changed terms.Policy links: Link external privacy and legal documents with
PRIVACY_URLandLEGAL_URLwhen the documents are hosted outside Weblate.Data subject requests: Define an operational process for user-data export, correction, account removal, backup handling, and historical contribution review.
Retention: Configure
AUDITLOG_EXPIRYand document retention periods for database backups, log aggregation, mail systems, repositories, and external integrations.External services: Review configured authentication providers, avatar providers, analytics, Sentry, GELF logging, machine translation, e-mail, and repository integrations for transfer and processor obligations.
Locality: Ensure application hosting, backups, logs, repositories, and external processors are located in permitted jurisdictions.