mirror of
https://github.com/community-unscripted/telemetry-service.git
synced 2026-07-01 20:54:03 -04:00
docs: translate GDPR docs to English (international focus)
This commit is contained in:
+145
@@ -0,0 +1,145 @@
|
||||
# Records of Processing Activities (ROPA)
|
||||
|
||||
**GDPR Art. 30 Compliance Documentation**
|
||||
|
||||
---
|
||||
|
||||
## 1. Controller Information
|
||||
|
||||
| Field | Value |
|
||||
|-------|-------|
|
||||
| **Organization** | Community Scripts (Open Source Project) |
|
||||
| **Project Name** | Telemetry Service |
|
||||
| **Repository** | https://github.com/community-scripts/telemetry-service |
|
||||
| **Contact** | Via GitHub Issues |
|
||||
|
||||
---
|
||||
|
||||
## 2. Purpose of Processing
|
||||
|
||||
### 2.1 Description
|
||||
The Telemetry Service collects **anonymous technical usage statistics** from the Proxmox VE Helper-Scripts. This data is used exclusively for:
|
||||
|
||||
- **Quality Improvement**: Identification of scripts with high failure rates
|
||||
- **Prioritization**: Recognition of the most-used applications
|
||||
- **Trend Analysis**: Understanding of used operating systems and resource configurations
|
||||
|
||||
### 2.2 Legal Basis
|
||||
**Art. 6(1)(f) GDPR** (Legitimate Interest)
|
||||
|
||||
The legitimate interest lies in improving open-source software for the community. The processing is minimally invasive because:
|
||||
- No personal data is collected
|
||||
- No IP addresses are stored
|
||||
- Data transmission is opt-in (users must actively consent)
|
||||
|
||||
---
|
||||
|
||||
## 3. Categories of Data Subjects
|
||||
|
||||
| Category | Description |
|
||||
|----------|-------------|
|
||||
| Helper-Script Users | Administrators who run Proxmox VE Helper-Scripts and have consented to telemetry |
|
||||
|
||||
---
|
||||
|
||||
## 4. Categories of Personal Data
|
||||
|
||||
### ⚠️ NO Personal Data Is Collected
|
||||
|
||||
The collected data is **purely technical** and allows **no identification of natural persons**:
|
||||
|
||||
| Data Field | Type | Description | Personal Data |
|
||||
|------------|------|-------------|---------------|
|
||||
| `random_id` | UUID | Randomly generated session ID (new per installation) | ❌ No |
|
||||
| `type` | String | LXC, VM, Tool, Addon | ❌ No |
|
||||
| `nsapp` | String | Name of installed application (e.g., "jellyfin") | ❌ No |
|
||||
| `status` | String | Success / Failed / Installing | ❌ No |
|
||||
| `disk_size` | Integer | Disk size in GB | ❌ No |
|
||||
| `core_count` | Integer | CPU cores | ❌ No |
|
||||
| `ram_size` | Integer | RAM in MB | ❌ No |
|
||||
| `os_type` | String | Operating system (debian, ubuntu, alpine) | ❌ No |
|
||||
| `os_version` | String | OS version (12, 24.04) | ❌ No |
|
||||
| `pve_version` | String | Proxmox VE version | ❌ No |
|
||||
| `method` | String | Installation method | ❌ No |
|
||||
| `error` | String | Error description (max 120 characters) | ❌ No |
|
||||
| `exit_code` | Integer | Exit code (0-255) | ❌ No |
|
||||
| `gpu_vendor` | String | GPU manufacturer | ❌ No |
|
||||
| `cpu_vendor` | String | CPU manufacturer | ❌ No |
|
||||
| `install_duration` | Integer | Installation duration in seconds | ❌ No |
|
||||
|
||||
### What Is NOT Collected:
|
||||
- ❌ IP addresses (request logging disabled)
|
||||
- ❌ Hostnames or domain names
|
||||
- ❌ MAC addresses or serial numbers
|
||||
- ❌ Usernames or email addresses
|
||||
- ❌ Network configuration
|
||||
- ❌ Location data
|
||||
|
||||
---
|
||||
|
||||
## 5. Data Recipients
|
||||
|
||||
| Recipient | Purpose | Legal Basis |
|
||||
|-----------|---------|-------------|
|
||||
| PocketBase (self-hosted) | Storage of telemetry data | Processing on same server |
|
||||
| GitHub (for public dashboard) | Aggregated statistics | Art. 6(1)(f) (legitimate interest) |
|
||||
|
||||
**No sharing with third parties.** The data is used exclusively for improving the Helper-Scripts.
|
||||
|
||||
---
|
||||
|
||||
## 6. International Data Transfers
|
||||
|
||||
| Location | Transfer | Safeguards |
|
||||
|----------|----------|------------|
|
||||
| Non-EU Countries | ❌ No | - |
|
||||
|
||||
Data processing occurs **exclusively on EU servers** (Hetzner Cloud, Germany).
|
||||
|
||||
---
|
||||
|
||||
## 7. Retention Periods
|
||||
|
||||
| Data Category | Retention Period | Justification |
|
||||
|---------------|------------------|---------------|
|
||||
| Telemetry Data | **365 days** | Sufficient for yearly trend analysis |
|
||||
| Aggregated Statistics | Indefinite | No personal data |
|
||||
| Logs (if enabled) | 7 days | Technical troubleshooting |
|
||||
|
||||
Automatic deletion is implemented by the `cleanup` job in the service.
|
||||
|
||||
---
|
||||
|
||||
## 8. Technical and Organizational Measures (TOM)
|
||||
|
||||
See separate documentation: [TOMS.md](TOMS.md)
|
||||
|
||||
**Summary:**
|
||||
- ✅ Encryption in transit (TLS 1.3)
|
||||
- ✅ Access control (API token-based)
|
||||
- ✅ Rate limiting (DDoS protection)
|
||||
- ✅ No IP storage
|
||||
- ✅ Privacy by Design (anonymous session IDs)
|
||||
|
||||
---
|
||||
|
||||
## 9. Data Protection Impact Assessment (DPIA)
|
||||
|
||||
A DPIA according to Art. 35 GDPR is **not required** because:
|
||||
|
||||
1. No personal data is processed
|
||||
2. No profiling or automated decision-making occurs
|
||||
3. No special categories of personal data (Art. 9 GDPR) are affected
|
||||
4. The processing does not present a high risk to the rights and freedoms of natural persons
|
||||
|
||||
---
|
||||
|
||||
## 10. Revision History
|
||||
|
||||
| Date | Version | Change | Author |
|
||||
|------|---------|--------|--------|
|
||||
| 2025-02-12 | 1.0 | Initial creation | Community Scripts Team |
|
||||
|
||||
---
|
||||
|
||||
*For questions or change requests, please contact us via GitHub Issues.*
|
||||
+105
-105
@@ -1,130 +1,130 @@
|
||||
# Technische und Organisatorische Maßnahmen (TOM)
|
||||
# Technical and Organizational Measures (TOM)
|
||||
|
||||
**gemäß Art. 32 DSGVO**
|
||||
**GDPR Art. 32 Compliance Documentation**
|
||||
|
||||
---
|
||||
|
||||
## 1. Vertraulichkeit (Art. 32 Abs. 1 lit. b DSGVO)
|
||||
## 1. Confidentiality (Art. 32(1)(b) GDPR)
|
||||
|
||||
### 1.1 Zutrittskontrolle
|
||||
| Maßnahme | Umsetzung | Status |
|
||||
|----------|-----------|--------|
|
||||
| Rechenzentrum | Hetzner Cloud (ISO 27001 zertifiziert) | ✅ |
|
||||
| Physischer Zugriff | Durch Hetzner gesichert (Biometrie, 24/7 Überwachung) | ✅ |
|
||||
### 1.1 Physical Access Control
|
||||
| Measure | Implementation | Status |
|
||||
|---------|----------------|--------|
|
||||
| Data Center | Hetzner Cloud (ISO 27001 certified) | ✅ |
|
||||
| Physical Access | Secured by Hetzner (biometrics, 24/7 monitoring) | ✅ |
|
||||
|
||||
### 1.2 Zugangskontrolle
|
||||
| Maßnahme | Umsetzung | Status |
|
||||
|----------|-----------|--------|
|
||||
| SSH-Zugang | Nur mit SSH-Keys, kein Passwort-Login | ✅ |
|
||||
| API-Authentifizierung | PocketBase Admin-Token erforderlich | ✅ |
|
||||
| Dashboard-Zugriff | Lesezugriff ohne Authentifizierung (nur aggregierte Daten) | ✅ |
|
||||
| Admin-Zugriff | Über Coolify mit 2FA | ✅ |
|
||||
### 1.2 System Access Control
|
||||
| Measure | Implementation | Status |
|
||||
|---------|----------------|--------|
|
||||
| SSH Access | SSH keys only, password login disabled | ✅ |
|
||||
| API Authentication | PocketBase admin token required | ✅ |
|
||||
| Dashboard Access | Read-only without authentication (aggregated data only) | ✅ |
|
||||
| Admin Access | Via Coolify with 2FA | ✅ |
|
||||
|
||||
### 1.3 Zugriffskontrolle
|
||||
| Maßnahme | Umsetzung | Status |
|
||||
|----------|-----------|--------|
|
||||
| Berechtigungskonzept | Minimalprinzip: Service hat nur Schreibrechte auf telemetry-Collection | ✅ |
|
||||
| API-Endpunkte | Telemetrie-Endpoint: Nur POST, Dashboard-API: Nur GET | ✅ |
|
||||
| Keine Root-Prozesse | Container läuft mit non-root User | ✅ |
|
||||
### 1.3 Data Access Control
|
||||
| Measure | Implementation | Status |
|
||||
|---------|----------------|--------|
|
||||
| Authorization Concept | Least privilege: service only has write access to telemetry collection | ✅ |
|
||||
| API Endpoints | Telemetry endpoint: POST only, Dashboard API: GET only | ✅ |
|
||||
| Non-Root Processes | Container runs as non-root user | ✅ |
|
||||
|
||||
### 1.4 Trennungskontrolle
|
||||
| Maßnahme | Umsetzung | Status |
|
||||
|----------|-----------|--------|
|
||||
| Datentrennung | Separate Collections für ProxmoxVE/ProxmoxVED | ✅ |
|
||||
| Netzwerktrennung | Docker-Network-Isolation | ✅ |
|
||||
| Umgebungstrennung | Produktion getrennt von Entwicklung | ✅ |
|
||||
### 1.4 Separation Control
|
||||
| Measure | Implementation | Status |
|
||||
|---------|----------------|--------|
|
||||
| Data Separation | Separate collections for ProxmoxVE/ProxmoxVED | ✅ |
|
||||
| Network Separation | Docker network isolation | ✅ |
|
||||
| Environment Separation | Production separated from development | ✅ |
|
||||
|
||||
---
|
||||
|
||||
## 2. Integrität (Art. 32 Abs. 1 lit. b DSGVO)
|
||||
## 2. Integrity (Art. 32(1)(b) GDPR)
|
||||
|
||||
### 2.1 Weitergabekontrolle
|
||||
| Maßnahme | Umsetzung | Status |
|
||||
|----------|-----------|--------|
|
||||
| Transportverschlüsselung | TLS 1.3 (HTTPS) | ✅ |
|
||||
| Interne Kommunikation | Docker-internes Netzwerk | ✅ |
|
||||
| Keine Drittland-Übermittlung | Server ausschließlich in Deutschland | ✅ |
|
||||
### 2.1 Transfer Control
|
||||
| Measure | Implementation | Status |
|
||||
|---------|----------------|--------|
|
||||
| Transport Encryption | TLS 1.3 (HTTPS) | ✅ |
|
||||
| Internal Communication | Docker internal network | ✅ |
|
||||
| Data Location | Server located in EU (Germany) | ✅ |
|
||||
|
||||
### 2.2 Eingabekontrolle
|
||||
| Maßnahme | Umsetzung | Status |
|
||||
|----------|-----------|--------|
|
||||
| Request-Validierung | Strikte JSON-Schema-Validierung | ✅ |
|
||||
| Max Body Size | 1024 Bytes (verhindert Oversized Payloads) | ✅ |
|
||||
| Fehlermeldungen | Max. 120 Zeichen (verhindert Log-Injection) | ✅ |
|
||||
| Audit-Logging | Fehlerhafte Anfragen werden geloggt (ohne IP) | ✅ |
|
||||
### 2.2 Input Control
|
||||
| Measure | Implementation | Status |
|
||||
|---------|----------------|--------|
|
||||
| Request Validation | Strict JSON schema validation | ✅ |
|
||||
| Max Body Size | 1024 bytes (prevents oversized payloads) | ✅ |
|
||||
| Error Messages | Max 120 characters (prevents log injection) | ✅ |
|
||||
| Audit Logging | Failed requests are logged (without IP) | ✅ |
|
||||
|
||||
---
|
||||
|
||||
## 3. Verfügbarkeit und Belastbarkeit (Art. 32 Abs. 1 lit. b/c DSGVO)
|
||||
## 3. Availability and Resilience (Art. 32(1)(b)(c) GDPR)
|
||||
|
||||
### 3.1 Verfügbarkeitskontrolle
|
||||
| Maßnahme | Umsetzung | Status |
|
||||
|----------|-----------|--------|
|
||||
| Health-Checks | `/health`-Endpoint mit Docker HEALTHCHECK | ✅ |
|
||||
| Auto-Restart | Coolify startet Container bei Absturz neu | ✅ |
|
||||
| Rate Limiting | 60 Requests/Minute pro IP (DDoS-Schutz) | ✅ |
|
||||
| Timeout-Handling | 120s Timeout für Dashboard-Queries | ✅ |
|
||||
### 3.1 Availability Control
|
||||
| Measure | Implementation | Status |
|
||||
|---------|----------------|--------|
|
||||
| Health Checks | `/health` endpoint with Docker HEALTHCHECK | ✅ |
|
||||
| Auto-Restart | Coolify restarts container on crash | ✅ |
|
||||
| Rate Limiting | 60 requests/minute per IP (DDoS protection) | ✅ |
|
||||
| Timeout Handling | 120s timeout for dashboard queries | ✅ |
|
||||
|
||||
### 3.2 Wiederherstellbarkeit
|
||||
| Maßnahme | Umsetzung | Status |
|
||||
|----------|-----------|--------|
|
||||
| Datensicherung | PocketBase SQLite-Backups durch Coolify | ✅ |
|
||||
| Backup-Intervall | Täglich | ✅ |
|
||||
| Disaster Recovery | Daten können aus Backup wiederhergestellt werden | ✅ |
|
||||
### 3.2 Recoverability
|
||||
| Measure | Implementation | Status |
|
||||
|---------|----------------|--------|
|
||||
| Data Backup | PocketBase SQLite backups via Coolify | ✅ |
|
||||
| Backup Interval | Daily | ✅ |
|
||||
| Disaster Recovery | Data can be restored from backup | ✅ |
|
||||
|
||||
---
|
||||
|
||||
## 4. Verfahren zur regelmäßigen Überprüfung (Art. 32 Abs. 1 lit. d DSGVO)
|
||||
## 4. Regular Testing and Evaluation (Art. 32(1)(d) GDPR)
|
||||
|
||||
### 4.1 Datenschutz-Management
|
||||
| Maßnahme | Umsetzung | Status |
|
||||
|----------|-----------|--------|
|
||||
| VVT vorhanden | [docs/VVT.md](VVT.md) | ✅ |
|
||||
### 4.1 Privacy Management
|
||||
| Measure | Implementation | Status |
|
||||
|---------|----------------|--------|
|
||||
| Processing Records | [docs/ROPA.md](ROPA.md) | ✅ |
|
||||
| Security Policy | [SECURITY.md](../SECURITY.md) | ✅ |
|
||||
| Löschkonzept | Automatische Löschung nach 365 Tagen | ✅ |
|
||||
| Deletion Concept | Automatic deletion after 365 days | ✅ |
|
||||
|
||||
### 4.2 Technische Prüfungen
|
||||
| Maßnahme | Intervall | Status |
|
||||
|----------|-----------|--------|
|
||||
| Dependency-Updates | Bei jedem Build (Go Modules) | ✅ |
|
||||
| Container-Updates | Alpine-Base regelmäßig aktualisiert | ✅ |
|
||||
| Code-Review | Alle Änderungen via Pull Request | ✅ |
|
||||
### 4.2 Technical Reviews
|
||||
| Measure | Interval | Status |
|
||||
|---------|----------|--------|
|
||||
| Dependency Updates | On every build (Go Modules) | ✅ |
|
||||
| Container Updates | Alpine base regularly updated | ✅ |
|
||||
| Code Review | All changes via Pull Request | ✅ |
|
||||
|
||||
---
|
||||
|
||||
## 5. Privacy by Design / Privacy by Default (Art. 25 DSGVO)
|
||||
## 5. Privacy by Design / Privacy by Default (Art. 25 GDPR)
|
||||
|
||||
### 5.1 Privacy by Design
|
||||
| Prinzip | Umsetzung | Status |
|
||||
|---------|-----------|--------|
|
||||
| Datenminimierung | Nur technisch notwendige Daten werden erhoben | ✅ |
|
||||
| Anonymität | Keine personenbezogenen Daten, anonyme Session-IDs | ✅ |
|
||||
| Keine IP-Speicherung | `ENABLE_REQUEST_LOGGING=false` | ✅ |
|
||||
| Principle | Implementation | Status |
|
||||
|-----------|----------------|--------|
|
||||
| Data Minimization | Only technically necessary data is collected | ✅ |
|
||||
| Anonymity | No personal data, anonymous session IDs | ✅ |
|
||||
| No IP Storage | `ENABLE_REQUEST_LOGGING=false` | ✅ |
|
||||
|
||||
### 5.2 Privacy by Default
|
||||
| Einstellung | Standard | Status |
|
||||
|-------------|----------|--------|
|
||||
| Telemetrie | Opt-In (Nutzer muss aktiv zustimmen) | ✅ |
|
||||
| Request-Logging | Deaktiviert | ✅ |
|
||||
| Datenweitergabe | Keine | ✅ |
|
||||
| Setting | Default | Status |
|
||||
|---------|---------|--------|
|
||||
| Telemetry | Opt-in (user must actively consent) | ✅ |
|
||||
| Request Logging | Disabled | ✅ |
|
||||
| Data Sharing | None | ✅ |
|
||||
|
||||
---
|
||||
|
||||
## 6. Auftragsverarbeitung
|
||||
## 6. Sub-Processors
|
||||
|
||||
### 6.1 Dienstleister
|
||||
| Dienstleister | Funktion | Standort | Vertrag |
|
||||
|---------------|----------|----------|---------|
|
||||
| Hetzner Cloud | Infrastructure | Deutschland | AV-Vertrag vorhanden |
|
||||
| Coolify | Container-Orchestrierung | Self-Hosted | - |
|
||||
| GitHub | Source Code Hosting | USA | DPF-zertifiziert |
|
||||
### 6.1 Service Providers
|
||||
| Provider | Function | Location | Contract |
|
||||
|----------|----------|----------|----------|
|
||||
| Hetzner Cloud | Infrastructure | EU (Germany) | DPA in place |
|
||||
| Coolify | Container orchestration | Self-hosted | - |
|
||||
| GitHub | Source code hosting | USA | EU-US DPF certified |
|
||||
|
||||
### 6.2 Keine Weitergabe an Dritte
|
||||
Die Telemetriedaten werden **nicht** an externe Analysedienste, Werbepartner oder sonstige Dritte weitergegeben.
|
||||
### 6.2 No Third-Party Sharing
|
||||
Telemetry data is **not** shared with external analytics services, advertising partners, or any other third parties.
|
||||
|
||||
---
|
||||
|
||||
## 7. Technische Schutzmaßnahmen im Code
|
||||
## 7. Technical Security Measures in Code
|
||||
|
||||
```go
|
||||
// service.go - Security Headers
|
||||
@@ -133,34 +133,34 @@ w.Header().Set("X-Frame-Options", "DENY")
|
||||
w.Header().Set("Referrer-Policy", "no-referrer")
|
||||
|
||||
// Rate Limiting
|
||||
RateLimitRPM: 60 // Max 60 Requests pro Minute
|
||||
RateBurst: 20 // Burst-Limit
|
||||
MaxBodyBytes: 1024 // Max 1KB Request-Body
|
||||
RateLimitRPM: 60 // Max 60 requests per minute
|
||||
RateBurst: 20 // Burst limit
|
||||
MaxBodyBytes: 1024 // Max 1KB request body
|
||||
|
||||
// Keine IP-Speicherung
|
||||
// No IP Storage
|
||||
EnableReqLogging: false
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 8. Maßnahmen bei Datenschutzverletzungen
|
||||
## 8. Data Breach Response
|
||||
|
||||
| Schritt | Verantwortlich | Frist |
|
||||
|---------|----------------|-------|
|
||||
| Erkennung | Automatisch (Monitoring) oder via GitHub Issue | - |
|
||||
| Ersteinschätzung | Maintainer | 24 Stunden |
|
||||
| Meldung an Aufsichtsbehörde | N/A (keine personenbezogenen Daten) | - |
|
||||
| Benachrichtigung Betroffener | N/A (keine personenbezogenen Daten) | - |
|
||||
| Dokumentation | GitHub Security Advisory | 7 Tage |
|
||||
| Step | Responsible | Timeframe |
|
||||
|------|-------------|-----------|
|
||||
| Detection | Automatic (monitoring) or via GitHub Issue | - |
|
||||
| Initial Assessment | Maintainer | 24 hours |
|
||||
| Supervisory Authority Notification | N/A (no personal data) | - |
|
||||
| Data Subject Notification | N/A (no personal data) | - |
|
||||
| Documentation | GitHub Security Advisory | 7 days |
|
||||
|
||||
---
|
||||
|
||||
## 9. Änderungshistorie
|
||||
## 9. Revision History
|
||||
|
||||
| Datum | Version | Änderung | Autor |
|
||||
|-------|---------|----------|-------|
|
||||
| 2026-02-12 | 1.0 | Initiale Erstellung | Community Scripts Team |
|
||||
| Date | Version | Change | Author |
|
||||
|------|---------|--------|--------|
|
||||
| 2025-02-12 | 1.0 | Initial creation | Community Scripts Team |
|
||||
|
||||
---
|
||||
|
||||
*Diese Dokumentation wird bei wesentlichen Änderungen am Service aktualisiert.*
|
||||
*This documentation is updated when significant changes are made to the service.*
|
||||
|
||||
-146
@@ -1,146 +0,0 @@
|
||||
# Verzeichnis von Verarbeitungstätigkeiten (VVT)
|
||||
|
||||
**gemäß Art. 30 DSGVO**
|
||||
|
||||
---
|
||||
|
||||
## 1. Angaben zum Verantwortlichen
|
||||
|
||||
| Feld | Wert |
|
||||
|------|------|
|
||||
| **Organisation** | Community Scripts (Open Source Projekt) |
|
||||
| **Projektname** | Telemetry Service |
|
||||
| **Repository** | https://github.com/community-scripts/telemetry-service |
|
||||
| **Kontakt** | Über GitHub Issues |
|
||||
|
||||
---
|
||||
|
||||
## 2. Zweck der Verarbeitung
|
||||
|
||||
### 2.1 Beschreibung
|
||||
Der Telemetry Service sammelt **anonyme technische Nutzungsstatistiken** von den Proxmox VE Helper-Scripts. Diese Daten dienen ausschließlich der:
|
||||
|
||||
- **Qualitätsverbesserung**: Identifikation von Scripts mit hohen Fehlerraten
|
||||
- **Priorisierung**: Erkennung der meistgenutzten Anwendungen
|
||||
- **Trendanalyse**: Verständnis der verwendeten Betriebssysteme und Ressourcenkonfigurationen
|
||||
|
||||
### 2.2 Rechtsgrundlage
|
||||
**Art. 6 Abs. 1 lit. f DSGVO** (berechtigtes Interesse)
|
||||
|
||||
Das berechtigte Interesse liegt in der Verbesserung der Open-Source-Software für die Community. Die Verarbeitung ist minimal-invasiv, da:
|
||||
- Keine personenbezogenen Daten erhoben werden
|
||||
- Keine IP-Adressen gespeichert werden
|
||||
- Die Datenübermittlung opt-in ist (Nutzer müssen aktiv zustimmen)
|
||||
|
||||
---
|
||||
|
||||
## 3. Kategorien betroffener Personen
|
||||
|
||||
| Kategorie | Beschreibung |
|
||||
|-----------|--------------|
|
||||
| Nutzer der Helper-Scripts | Administratoren, die Proxmox VE Helper-Scripts ausführen und der Telemetrie zugestimmt haben |
|
||||
|
||||
---
|
||||
|
||||
## 4. Kategorien personenbezogener Daten
|
||||
|
||||
### ⚠️ KEINE personenbezogenen Daten werden erhoben
|
||||
|
||||
Die erhobenen Daten sind **ausschließlich technischer Natur** und lassen **keinen Rückschluss auf natürliche Personen** zu:
|
||||
|
||||
| Datenfeld | Typ | Beschreibung | Personenbezug |
|
||||
|-----------|-----|--------------|---------------|
|
||||
| `random_id` | UUID | Zufällig generierte Session-ID (pro Installation neu) | ❌ Nein |
|
||||
| `type` | String | LXC, VM, Tool, Addon | ❌ Nein |
|
||||
| `nsapp` | String | Name der installierten Anwendung (z.B. "jellyfin") | ❌ Nein |
|
||||
| `status` | String | Erfolgreich / Fehlgeschlagen / Installierend | ❌ Nein |
|
||||
| `disk_size` | Integer | Festplattengröße in GB | ❌ Nein |
|
||||
| `core_count` | Integer | CPU-Kerne | ❌ Nein |
|
||||
| `ram_size` | Integer | RAM in MB | ❌ Nein |
|
||||
| `os_type` | String | Betriebssystem (debian, ubuntu, alpine) | ❌ Nein |
|
||||
| `os_version` | String | OS-Version (12, 24.04) | ❌ Nein |
|
||||
| `pve_version` | String | Proxmox VE Version | ❌ Nein |
|
||||
| `method` | String | Installationsmethode | ❌ Nein |
|
||||
| `error` | String | Fehlerbeschreibung (max. 120 Zeichen) | ❌ Nein |
|
||||
| `exit_code` | Integer | Exit-Code (0-255) | ❌ Nein |
|
||||
| `gpu_vendor` | String | GPU-Hersteller | ❌ Nein |
|
||||
| `cpu_vendor` | String | CPU-Hersteller | ❌ Nein |
|
||||
| `install_duration` | Integer | Installationsdauer in Sekunden | ❌ Nein |
|
||||
|
||||
### Was wird NICHT erhoben:
|
||||
- ❌ IP-Adressen (Request-Logging deaktiviert)
|
||||
- ❌ Hostnamen oder Domainnamen
|
||||
- ❌ MAC-Adressen oder Seriennummern
|
||||
- ❌ Benutzernamen oder E-Mail-Adressen
|
||||
- ❌ Netzwerkkonfiguration
|
||||
- ❌ Standortdaten
|
||||
|
||||
---
|
||||
|
||||
## 5. Empfänger der Daten
|
||||
|
||||
| Empfänger | Zweck | Rechtsgrundlage |
|
||||
|-----------|-------|-----------------|
|
||||
| PocketBase (selbst gehostet) | Speicherung der Telemetriedaten | Auftragsverarbeitung (gleicher Server) |
|
||||
| GitHub (für öffentliches Dashboard) | Aggregierte Statistiken | Art. 6 Abs. 1 lit. f (berechtigtes Interesse) |
|
||||
|
||||
**Keine Weitergabe an Dritte.** Die Daten werden ausschließlich für die Verbesserung der Helper-Scripts verwendet.
|
||||
|
||||
---
|
||||
|
||||
## 6. Übermittlung in Drittländer
|
||||
|
||||
| Drittland | Übermittlung | Garantien |
|
||||
|-----------|--------------|-----------|
|
||||
| USA | ❌ Nein | - |
|
||||
| Andere | ❌ Nein | - |
|
||||
|
||||
Die Datenverarbeitung erfolgt **ausschließlich auf EU-Servern** (Hetzner Cloud, Deutschland).
|
||||
|
||||
---
|
||||
|
||||
## 7. Löschfristen
|
||||
|
||||
| Datenkategorie | Löschfrist | Begründung |
|
||||
|----------------|------------|------------|
|
||||
| Telemetriedaten | **365 Tage** | Ausreichend für jährliche Trendanalysen |
|
||||
| Aggregierte Statistiken | Unbegrenzt | Keine personenbezogenen Daten |
|
||||
| Logs (falls aktiviert) | 7 Tage | Technische Fehlerbehebung |
|
||||
|
||||
Die automatische Löschung wird durch den `cleanup`-Job im Service umgesetzt.
|
||||
|
||||
---
|
||||
|
||||
## 8. Technische und organisatorische Maßnahmen (TOM)
|
||||
|
||||
Siehe separate Dokumentation: [TOMS.md](TOMS.md)
|
||||
|
||||
**Zusammenfassung:**
|
||||
- ✅ Verschlüsselung in Transit (TLS 1.3)
|
||||
- ✅ Zugriffskontrolle (API-Token-basiert)
|
||||
- ✅ Rate Limiting (DDoS-Schutz)
|
||||
- ✅ Keine IP-Speicherung
|
||||
- ✅ Privacy by Design (anonyme Session-IDs)
|
||||
|
||||
---
|
||||
|
||||
## 9. Datenschutz-Folgenabschätzung (DSFA)
|
||||
|
||||
Eine DSFA nach Art. 35 DSGVO ist **nicht erforderlich**, da:
|
||||
|
||||
1. Keine personenbezogenen Daten verarbeitet werden
|
||||
2. Kein Profiling oder automatisierte Entscheidungsfindung stattfindet
|
||||
3. Keine besonderen Kategorien personenbezogener Daten (Art. 9 DSGVO) betroffen sind
|
||||
4. Die Verarbeitung kein hohes Risiko für die Rechte und Freiheiten natürlicher Personen darstellt
|
||||
|
||||
---
|
||||
|
||||
## 10. Änderungshistorie
|
||||
|
||||
| Datum | Version | Änderung | Autor |
|
||||
|-------|---------|----------|-------|
|
||||
| 2026-02-12 | 1.0 | Initiale Erstellung | Community Scripts Team |
|
||||
|
||||
---
|
||||
|
||||
*Dieses Dokument wurde nach bestem Wissen und Gewissen erstellt. Bei Fragen oder Änderungswünschen kontaktieren Sie uns über GitHub Issues.*
|
||||
Reference in New Issue
Block a user