Processing activities & sub-processors

We maintain these records under GDPR Articles 28 and 30. They describe every processing activity we perform on personal data and the third-party services that process data on our behalf.

Records of processing (Art. 30)

Account registration· legal basis: `contract`

Create and maintain a user account so the visitor can contribute content, receive notifications, and manage their profile.

Data categories: email · username · password hash · IP address · user agent
Subjects: registered users
Recipients: internal admin/moderator · email provider (Sub-processor list)
Retention: Retained while account is active. On deletion: 30-day tombstone, then purge.

Security measures: Password hashed with Argon2id. Session cookie httpOnly + Secure + SameSite=Lax. TLS in transit. DB encryption at rest.

User-generated content (issues, guides, comments)· legal basis: `contract`

Publish community content authored by the user so it is discoverable by other visitors.

Data categories: user id · content body · source locale · IP for moderation
Subjects: registered users · public visitors reading content
Recipients: public (published status) · internal moderators
Retention: Retained until the content is deleted or the owning user is purged.

Security measures: Role-based access. Audit log on every moderation action.

Web analytics· legal basis: `consent`

Aggregate traffic metrics (page views, session counts, bounce) to improve content and navigation.

Data categories: truncated IP · user agent · referring URL · page path
Subjects: all visitors who consented to analytics
Recipients: Google Analytics 4 (Sub-processor)
Retention: Raw event data retained for 14 months by the sub-processor. No first-party raw logs.

Security measures: Gated on `emd_analytics_consent=granted`. Client-side only; no server-side capture.

Advertisement delivery· legal basis: `consent`

Display advertising to offset hosting costs.

Data categories: truncated IP · user agent · ad interaction
Subjects: all visitors who consented to ads
Recipients: Google Ad Manager (Sub-processor)
Retention: Ad frequency caps and interaction logs retained by the sub-processor.

Security measures: Gated on `emd_ads_consent=granted`. Server-rendered ad slots respect consent before the first fetch.

Email notifications· legal basis: `contract`

Send transactional notifications (password reset, verification, mentions) and opt-in digests.

Data categories: email · notification body · event metadata
Subjects: registered users who opted in
Recipients: email provider (Sub-processor)
Retention: Delivery receipts retained 30 days; notification rows retained 90 days per retention policy.

Security measures: TLS to SMTP provider. Unsubscribe link per digest.

Security + rate limiting· legal basis: `legitimate_interests`

Detect abuse (brute-force logins, spam posting, content flooding).

Data categories: IP hash · user agent · request count · user id (when logged in)
Subjects: all visitors
Recipients: internal admin/moderator
Retention: Rate-limit buckets purged after the block window expires (at most 24 hours).

Security measures: IP is hashed before persistence. Rate-limit blocks escalate to a temporary ban before a permanent one.

Sub-processors (Art. 28)

Processor	Purpose	Data categories	Country	DPA
Google Analytics 4	Anonymised traffic analytics + usage trends.	IP (truncated) · device id · page views · interaction events	US	DPA
Google Ad Manager	Advertisement delivery + frequency capping.	IP · device id · ad interaction	US	DPA
Google Identity (OAuth)	Sign-in via Google SSO.	email · profile name · avatar URL · Google subject id	US	DPA

Records of processing (Art. 30)

Account registration· legal basis: contract

User-generated content (issues, guides, comments)· legal basis: contract

Web analytics· legal basis: consent

Advertisement delivery· legal basis: consent

Email notifications· legal basis: contract