From c195fb20e6b2394f78cc28de0bf04d4c5a300052 Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Fri, 6 Dec 2019 09:41:59 +1300 Subject: [PATCH 1/2] DOCS Removed outdated maintainer info Will can still contribute, but I think it's inaccurate to call him the "maintainer" at the moment. It's more of a fluid concept, don't think declaring maintainers is useful to anyone here --- docs/en/index.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/docs/en/index.md b/docs/en/index.md index ef07f18..b262038 100644 --- a/docs/en/index.md +++ b/docs/en/index.md @@ -3,14 +3,6 @@ UserForms enables CMS users to create dynamic forms via a drag and drop interface and without getting involved in any PHP code. -## Maintainer Contact - - * Will Rossiter (Nickname: wrossiter, willr) `` - -## Requirements - -See the "require" section of [composer.json](https://github.com/silverstripe/silverstripe-userforms/blob/master/composer.json) - ## Features * Construct a form using all major form fields (text, email, dropdown, radio, checkbox..) From b4bd6e7968c6fa2a31038dd67f4c2d93b20f583a Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Fri, 6 Dec 2019 09:51:53 +1300 Subject: [PATCH 2/2] DOCS Data protection and privacy note --- docs/en/userguide/index.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/en/userguide/index.md b/docs/en/userguide/index.md index 8aae870..3569c6d 100644 --- a/docs/en/userguide/index.md +++ b/docs/en/userguide/index.md @@ -7,7 +7,26 @@ summary: How to use the UserForms module to create forms via the CMS. Make sure that your SilverStripe CMS installation has the [UserForms](https://addons.silverstripe.org/add-ons/silverstripe/userforms/) module installed. -## UserForm features +## Data Protection and Privacy + +**IMPORTANT: READ THIS BEFORE USING THE MODULE** + +This feature allows authors with CMS permissions to create forms which process submission data, +and store data the CMS database by default. Anyone with the ability to create forms +also has access to view and export submissions. As the owner and operator of your website, +you should ensure processes and safeguards are in place to perform these actions securely. + +This is your responsibility, but here are a few tips to get you started: + + * Ensure you have the necessary consents for processing and storing data according to your legislation (e.g. GDPR) + * Only accept form submissions via encrypted transfers (HTTPS) - check our [Secure Coding](https://docs.silverstripe.org/en/4/developer_guides/security/secure_coding/) guidelines + * Control access to form submissions (via CMS page access controls) + * Create a process to limit the types of data you are allowed to collect via this feature (e.g. no payment information or health data) + * Create a process for limiting submission storage duration (manual deletion) + * Consider further safeguards such as at-rest encryption (check [encryption related addons](https://addons.silverstripe.org/add-ons?search=encrypt)) + +## Features + * [Create and edit forms](creating-and-editing-forms.md) * [Add different field types to a form](field-types.md) * [Set up multipage forms](multipage-forms.md)