0

Is it possible to encrypt the username and email for Allauth to be PII compliant? If so, how would you do that? If this is possible, how would a site admin go about decrypting the username and email in case they needed to contact the user?

Not sure if Allauth specifically needs to be encrypted or the user model itself. I am not currently using a custom user model. All I have are the default tables that come with allauth / user model: Email Addresses, Groups, and Users.

Project Github: https://github.com/pennersr/django-allauth

To do this would you need to override allauth and use some sort of encryption package like https://github.com/georgemarshall/django-cryptography ? Or is there a better way?

antiporter
  • 1
  • Aside from your technical question I suggest you check what your actual requirements are. PII just means "personally identifiable information" - it isn't a compliance standard (thus "PII compliant" doesn't mean anything) and whether or not you need to actually encrypt this data depends on what standard/regulations you're trying to adhere to. – solarissmoke Feb 06 '20 at 02:59
  • I want to be GDPR compliant and PII pertains to that. The only data that is stored in my database pertaining to the user is the username and email. However, the website does ask for credit card, full name, address, phone number (but that stuff gets stored on Stripe). There is also a contact form which emails the user's full name, email address, and phone number to the company email account each time a user contacts the company. – antiporter Feb 06 '20 at 03:19

0 Answers0