From 6d420e231519c4d8a08330c376c68eea03b7a241 Mon Sep 17 00:00:00 2001 From: Andy Munro Date: Tue, 22 Oct 2019 21:32:42 -0400 Subject: [PATCH] Keycloak-8949 Personal data collected --- server_admin/topics.adoc | 1 + server_admin/topics/users/personal_data.adoc | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 server_admin/topics/users/personal_data.adoc diff --git a/server_admin/topics.adoc b/server_admin/topics.adoc index 6608433594..560235f10d 100644 --- a/server_admin/topics.adoc +++ b/server_admin/topics.adoc @@ -20,6 +20,7 @@ include::topics/users/required-actions.adoc[] include::topics/users/impersonation.adoc[] include::topics/users/user-registration.adoc[] include::topics/users/recaptcha.adoc[] +include::topics/users/personal_data.adoc[] include::topics/login-settings.adoc[] include::topics/login-settings/forgot-password.adoc[] include::topics/login-settings/remember-me.adoc[] diff --git a/server_admin/topics/users/personal_data.adoc b/server_admin/topics/users/personal_data.adoc new file mode 100644 index 0000000000..8d9415834b --- /dev/null +++ b/server_admin/topics/users/personal_data.adoc @@ -0,0 +1,19 @@ +[[_personal_data]] + +=== Personal data collected by {project_name} + +By default, {project_name} collects the following: + +* Basic user profile, such as email, firstname, and lastname + +* Basic user profile used for social accounts and references to the social account when using a social login + +* Device information collected for audit and security purposes, such as the IP address, operating system name, and browser name + +The information collected in {project_name} is highly customizable. Be aware of the following guidelines when making customizations: + +* Registration and account forms could contain custom fields, such as birthday, gender, and nationality. An administrator could configure {project_name} to retrieve that data from a social provider or a user storage provider such as LDAP. + +* {project_name} collects user credentials, such as password, OTP codes, and WebAuthn public keys. This information is encrypted and saved in a database, so it is not visible to {project_name} administrators. However, each type of credential can include non-confidential metadata that is visible to administrators such as the algorithm that is used to hash the password and the number of hash iterations used to hash the password. + +* With authorization services and UMA support enabled, {project_name} can hold information about some objects for which a particular user is the owner. For example, {project_name} can track that the user *john* is the owner of a photoalbum *album with animals* and a few photos called *lion picture* and *cow picture* in this album.