Welcome to Codidact Meta!
Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.
In order to accept donations, we use a third-party payment system, Stripe. When we added this support, we failed to realize that Stripe, to combat fraud, must collect some information about activity on our site. They're looking for things like a client trying rapid-fire purchases from storefronts.
Stripe collects this information through the library that allows us to process payments at all. We initially loaded that library on all community pages on our network, without realizing the privacy implications. We have now restricted the code so that it only loads that library on donation-specific pages. That is, if you click on the "donate" button, the pages from there until you finish or abort the payment use Stripe's library. If you merely visit a page that has a "donate" button, such as the main list in a category, you are not sharing anything with Stripe.
Stripe describes the data it collects in its documentation on fraud detection. The section on privacy says:
Internally, this data is subject to strict access control policies enforced by Stripe, and restricted to a small number of Stripe employees working on fraud prevention and security.
We'd like to thank the user who alerted us to the Stripe data collection on non-donation pages, and the developers who limited its reach. We apologize for missing this implication earlier.
For a diff showing the changes, see this commit.
0 comment threads