GDPR & Privacy

Privacy compliance for communities worldwide (GDPR + CCPA): a granular cookie-consent banner that honors Global Privacy Control / Do-Not-Track, a re-openable “Privacy choices / Do...

Privacy compliance for communities worldwide (GDPR + CCPA): a granular cookie-consent banner that honors Global Privacy Control / Do-Not-Track, a re-openable “Privacy choices / Do Not Sell or Share” control, proof-of-consent logging, member self-service data export and account erasure, and configurable IP-log retention.

AI security review

✓

Reviewed safe · 95/100

A legitimate GDPR/privacy extension with consent banner, data export, account erasure, and IP retention. All routes use appropriate middleware, queries are parameterized, and output is escaped; no malicious behavior or external exfiltration found.

low · Self-service export/erase rely on auth only — In src/Extension.php, /privacy/export and /privacy/erase operate on the authenticated user's own data only ($request->user()), which is correct; admin actions are gated behind the 'admin' middleware. No missing authorization, but note erase deletes posts based on user-controlled flag — intended behavior.
low · Banner config values rendered via JS textContent — forum.js uses textContent for heading/message and sets link.href from cfg.privacyUrl. privacyUrl is admin-configured and only validated as a string (max:300), so a javascript: URL could theoretically be set by an admin; low risk since it requires admin access and admin output in adminPage is htmlspecialchars-escaped.

Automated review of v1.0.0 by claude-opus-4-8 4 days ago. This is an automated signal to aid your judgment — not a guarantee.