privacy policy for my web application

Question

Hi, I’ve made a web application and currently the only people using it are me, my brother and a close friend. I’m hoping to get more people using it soon but I’m concerned about their privacy because I can see the data they enter in my database.

Is this normal/acceptable or should I be encrypting every column in my database or something? (I imagine this would be overkill and make coding more difficult.)

Do I need a privacy policy? If I don’t have one am I at risk of getting sued? If the answer to that is ‘yes,’ what would my privacy policy need to contain to eliminate that risk, please?

Answer 1 · 2015-03-27T03:48:36Z

March 27, 2015 3:48am

I think it depends on the data they are entering. If you can see their password FIX THAT NOW. Use a hashing library to hash the password then when they enter it, hash what they enter and compare it against the result in the database.

For personal data I would recommend encrypting that simply for liabilities sake. I do not know the business side of this but I hope no one has tons of my unencrypted data stored somewhere. If you are worried then there is a reason and you need to address it.

Encrypt the data or hash it, depending on its use. Let your users know what data you are saving via some kind of privacy policy. Filter input and escape output in all database interactions in order to prevent data from being stolen(this includes info from the database, #1 don't trust user data, #2 don't trust anything that was user data). Make sure all library's are up to date and secure by industry stands (aka if using PHP use PDO or MySQLi instead of MySQL).

Goodluck! --Ricky

Welcome to the Treehouse Community

Looking to learn something new?

Jenny Swift

Jenny Swift

privacy policy for my web application

1 Answer

Ricky Catron

Ricky Catron

Jenny Swift

Jenny Swift