how does opensaas handle user data? According to the law!
I want to know how the opensaas template handles user data? Is it according to any law or guidline? I mean specifically the user entity.
Myself i made a different table with extra user information and encoded it i think 264bits.
3 Replies
Hi @Sven. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
In Wasp, the handling of user data is primarily managed through the
User
entity. This entity is a "business logic user" which represents a user of your app. You can use this entity to store any information about the user that you want to store. For example, you might want to store the user's name or address. You can also use the user entity to define the relations between users and other entities in your app. For example, you might want to define a relation between a user and the tasks that they have created.
Here is an example of how you might define a User
entity in Wasp:
You own the user entity and you can modify it as you wish. You can add new fields to it, remove fields from it, or change the type of the fields. You can also add new relations to it or remove existing relations from it.
As for the legal aspect, Wasp doesn't enforce any specific law or guideline for handling user data. It's up to you as the developer to ensure that your handling of user data complies with all relevant laws and regulations, such as GDPR if you're operating in the European Union.
If you've created a separate table with additional user information and encoded it, that's certainly a valid approach. Just make sure that your handling of user data, including any encryption or encoding, complies with all relevant laws and regulations.
For more information, you can refer to the Wasp documentation on Auth Entities (https://wasp-lang.dev/docs/auth/entities#entities-explained).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sven, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@Vinny (@Wasp) @martinsos one for our Open Saas squad
yeah that sounds like a cool move if you're focusing on encrypting user info to make it more attractive to privacy-conscious users. but for now we're not doing anything like that in Open SaaS by default. We could maybe make a mock privacy policy and terms of service in the future, but because that's so app-specific, it might not make sense for use to do so.
To be honest, I don't know a whole lot about this, but through some searching I know you should at least communicate how you're storing their personal data in your terms of service.