0

I'm creating a personal website and learning to implement a service worker that takes advantage of the push API in order to update myself and whatever others look at it that I have updated the website whenever I deploy. I figured out that the pushSubscription provides you with a capability URL and that I would need to store that somewhere in order to push a message to that url.

That's where my question comes in. Do I need a privacy policy if I'm going to be storing these capability URL in a database? If so, can I somehow only allow my website to store my capability URL instead of storing others?

D. Lopez
  • 11
  • If you store **only the endpoints** I don't think that you need a privacy policy, because they are basically random tokens. However be careful if you use a push service: most of them collect a lot of information about your users and track them for advertising purposes. In that case you definitely need a privacy policy. Check out [Pushpad](https://pushpad.xyz): it doesn't track your users and has a free tier. – collimarco Apr 07 '17 at 11:26
  • I'm voting to close this question as off-topic because it is a legal question, not a programming question. – Kara May 16 '17 at 22:05

1 Answers1

3

your question would likely work better at law.stackexchange, thought let me say this: I work on privacy policies as a service (at iubenda) and one of the things you learn is that privacy policy requirements are usually triggered a lot sooner than most people think.

So in theory, in many legislations privacy policies are a requirement whenever your site is in any way commercial (this could be a personal site as well with a connection to your job in any way) and processes any personal data (this on the other hand could be the IP that gets automatically processed for connection purposes. Or, take what most people do on any site they make - Google Analytics - as an example: Google requests you to have a compliant privacy policy (check under 7).

Therefore let me give you this rule of thumb: having a privacy policy is rarely a bad idea from a requirement standpoint and it doesn't usually start with push notifications.

Also, here you might feel like reading up a bit about it when curiosity strikes:

Simon
  • 2,263
  • 2
  • 19
  • 26