docs(legal): Update to DPA and privacy policy documents (May 2025) (#9566)

We are bringing our DPA and privacy policy document in line with our changes to the corporate structure, changes to subprocessors, and new cookie technologies. This PR replaces #3055 which included more changes to terms of service. The changes to terms of service will follow in a second step. --------- Co-authored-by: Florian Forster <florian@zitadel.com>
2025-08-12 07:47:32 +00:00 · 2025-05-07 17:58:21 +02:00
parent 21167a4bba
commit 577bf9c710
4 changed files with 490 additions and 283 deletions
--- a/docs/src/components/pii_table.jsx
+++ b/docs/src/components/pii_table.jsx
@@ -0,0 +1,106 @@
+import React from "react";
+
+export function PiiTable() {
+
+  const pii = [
+    {
+      type: "Basic data",
+      examples: [
+        'Names',
+        'Email addresses',
+        'User names'
+      ],
+      subjects: "All users as uploaded by Customer."
+    },
+    {
+      type: "Login data",
+      examples: [
+        'Randomly generated ID',
+        'Passwords',
+        'Public keys / certificates ("FIDO2", "U2F", "x509", ...)',
+        'User names or identifiers of external login providers',
+        'Phone numbers',
+      ],
+      subjects: "All users as uploaded and feature use by Customer."
+    },
+    {
+      type: "Profile data",
+      examples: [
+        'Profile pictures',
+        'Gender',
+        'Languages',
+        'Nicknames or Display names',
+        'Phone numbers',
+        'Metadata'
+      ],
+      subjects: "All users as uploaded by Customer"
+    },
+    {
+      type: "Communication data",
+      examples: [
+        'Emails',
+        'Chats',
+        'Call metadata',
+        'Call recording and transcripts',
+        'Form submissions',
+      ],
+      subjects: "Customers and users who communicate with us directly (e.g. support, chat)."
+    },
+    {
+      type: "Payment data",
+      examples: [
+        'Billing address',
+        'Payment information',
+        'Customer number',
+        'Support Customer history',
+        'Credit rating information',
+      ],
+      subjects: "Customers who use services that require payment. Credit rating information: Only customers who pay by invoice."
+    },
+    {
+      type: "Analytics data",
+      examples: [
+        'Usage metrics',
+        'User behavior',
+        'User journeys (eg, Milestones)',
+        'Telemetry data',
+        'Client-side anonymized session replay',
+      ],
+      subjects: "Customers who use our services."
+    },
+    {
+      type: "Usage meta data",
+      examples: [
+        'User agent',
+        'IP addresses',
+        'Operating system',
+        'Time and date',
+        'URL',
+        'Referrer URL',
+        'Accepted Language',
+      ],
+      subjects: "All users"
+    },
+    ]
+
+  return (
+    <table className="text-xs">
+      <tr>
+        <th>Type of personal data</th>
+        <th>Examples</th>
+        <th>Affected data subjects</th>
+      </tr>
+      {
+        pii.map((row, rowID) => {
+          return (
+            <tr>
+              <td key={rowID}>{row.type}</td>
+              <td><ul>{row.examples.map((example) => { return ( <li>{example}</li> )})}</ul></td>
+              <td>{row.subjects}</td>
+            </tr>
+          )
+        })
+      }
+    </table>
+  );
+}
--- a/docs/src/components/subprocessors.jsx
+++ b/docs/src/components/subprocessors.jsx
@@ -1,162 +0,0 @@
-import React from "react";
-
-export function SubProcessorTable() {
-
-  const country_list = {
-    us: "USA",
-    eu: "EU",
-    ch: "Switzerland",
-    fr: "France",
-    in: "India",
-    de: "Germany",
-    ee: "Estonia",
-    nl: "Netherlands",
-    ro: "Romania",
-  }
-  const processors = [
-    {
-      entity: "Google LLC",
-      purpose: "Cloud infrastructure provider (Google Cloud), business applications and collaboration (Workspace), Data warehouse services, Content delivery network,  DDoS and bot prevention",
-      hosting: "Region designated by Customer, United States",
-      country: country_list.us,
-      enduserdata: "Yes"
-    },
-    {
-      entity: "Datadog, Inc.",
-      purpose: "Infrastructure monitoring, log analytics, and alerting",
-      hosting: country_list.eu,
-      country: country_list.us,
-      enduserdata: "Yes (logs)"
-    },
-    {
-      entity: "Github, Inc.",
-      purpose: "Source code management, code scanning, dependency management, security advisory, issue management, continuous integration",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: false
-    },
-    {
-      entity: "Stripe Payments Europe, Ltd.",
-      purpose: "Subscription management, payment process",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: false
-    },
-    {
-      entity: "Bexio AG",
-      purpose: "Customer management, payment process",
-      hosting: country_list.ch,
-      country: country_list.ch,
-      enduserdata: false
-    },
-    {
-      entity: "Mailjet SAS",
-      purpose: "Marketing automation",
-      hosting: country_list.eu,
-      country: country_list.fr,
-      enduserdata: false
-    },
-    {
-      entity: "Postmark (AC PM LLC)",
-      purpose: "Transactional mails, if no customer owned SMTP service is configured",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: "Yes (opt-out)"
-    },
-    {
-      entity: "Vercel, Inc.",
-      purpose: "Website hosting",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: false
-    },
-    {
-      entity: "Agolia SAS",
-      purpose: "Documentation search engine (zitadel.com/docs)",
-      hosting: country_list.us,
-      country: country_list.in,
-      enduserdata: false
-    },
-    {
-      entity: "Discord Netherlands BV",
-      purpose: "Community chat (zitadel.com/chat)",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: false
-    },
-    {
-      entity: "Statuspal",
-      purpose: "ZITADEL Cloud service status announcements",
-      hosting: country_list.us,
-      country: country_list.de,
-      enduserdata: false
-    },
-    {
-      entity: "Plausible Insights OÜ",
-      purpose: "Privacy-friendly web analytics",
-      hosting: country_list.de,
-      country: country_list.ee,
-      enduserdata: false,
-      dpa: 'https://plausible.io/dpa'
-    },
-    {
-      entity: "Twillio Inc.",
-      purpose: "Messaging platform for SMS",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: "Yes (opt-out)"
-    },
-    {
-      entity: "Mohlmann Solutions SRL",
-      purpose: "Global payroll",
-      hosting: undefined,
-      country: country_list.ro,
-      enduserdata: false
-    },
-    {
-      entity: "Remote Europe Holding, B.V.",
-      purpose: "Global payroll",
-      hosting: undefined,
-      country: country_list.nl,
-      enduserdata: false
-    },
-    {
-      entity: "HubSpot Inc.",
-      purpose: "Customer and sales management, Marketing automation, Support requests",
-      hosting: country_list.eu,
-      country: country_list.us,
-      enduserdata: false
-    },
-  ]
-
-  return (
-    <table className="text-xs">
-      <tr>
-        <th>Entity name</th>
-        <th>Purpose</th>
-        <th>End-user data</th>
-        <th>Hosting location</th>
-        <th>Country of registration</th>
-      </tr>
-      {
-        processors
-          .sort((a, b) => {
-            if (a.entity < b.entity) return -1
-            if (a.entity > b.entity) return 1
-            else return 0
-          })
-          .map((processor, rowID) => {
-          return (
-            <tr>
-              <td key={rowID}>{processor.entity}</td>
-              <td>{processor.purpose}</td>
-              <td>{processor.enduserdata ? processor.enduserdata  : 'No'}</td>
-              <td>{processor.hosting ? processor.hosting  : 'n/a'}</td>
-              <td>{processor.country}</td>
-            </tr>
-          )
-        })
-      }
-    </table>
-  );
-}