Zero-build privacy policies with Astro(www.openpolicy.sh)
10 pointsby jamie_davenport4 hours ago3 comments
  • ximman hour ago
    I am still confused what exactly this tool is doing. I clicked on "examples" in the hope of finding an example of a generated policy. But it only gives examples of the configuration, not the output.
    • jamie_davenport36 minutes ago
      While OP can generate MD, HTML and PDFs we've since moved away from that as the default to an approach in favour of just rendering the outputs as HTML/JSX.

      You're 100% right we should make it easy for anyone just checking out the project to see the generated results without running the examples. I will add a CLI example and commit the generated policies to the repo.

      Thanks for pointing this out and sorry our docs aren't up to the standard they need to be.

  • NylonMeltdown2 hours ago
    "Zero-build privacy policies": "Everything runs at build time", what?
    • jamie_davenportan hour ago
      Fair point. "No extra build step privacy policies with Astro" just didn't have the same ring to it.

      This was just a small quality of life improvement for the Astro users so it's a huge surprise to see how many reads it's getting.

      Hopefully we get the same response next week when we launch 2 very exciting features.

  • Rygian4 hours ago
    I wonder how often do privacy policies change, for the average site, to merit investing in a dedicated library that renders them dynamically. Assuming that the default solution is a static page.
    • 9dev2 hours ago
      My problem is mostly that I lack the legal expertise to be able to a) write up a coherent policy with full coverage, and b) follow up on changing legislation, of which there has been quite a lot in recent years (at least in Europe).

      The best option until now have been generators found online, which mostly seem to have pivoted to lead generators or demos for paid products now. Considering that in Germany, for example, any website affiliated with a company or pursuing any economic purpose is required to have both a proper imprint and privacy policy, this is something you have to care about. There are even lawyers writing specialised crawlers to find websites with linked Google Fonts but no privacy policy notice, and send automated litigation to the owners. This only became possible after a court decided (as shortsighted as stupidly) loading fonts from Google's servers constituted a privacy violation, given that visitors had no way to consent.

      Following these changes and reacting in a timely way is a continuous effort, and a framework to automate this is very welcome IMHO.

    • jamie_davenport3 hours ago
      I think most apps don't update often enough. We've seen products with privacy/cookie policies that are 5+ years old and totally out of sync with the product itself.

      We're building OpenPolicy not necessarily to reduce the risk companies have of litigation, but instead to be more transparent with users and to build trust.

      In the next version we'll be releasing auto-instrumentation that tracks data/third parties to always keep things in sync.

      • rafram3 hours ago
        > We're building OpenPolicy not necessarily to reduce the risk companies have of litigation

        Privacy policy is one thing, but that’s what terms of service are for!

        • weird-eye-issue3 hours ago
          Terms of service don't override laws so only a fool thinks that they have any effect on litigation.
          • rafram7 minutes ago
            If a set of terms not overriding the law makes it useless, what do you think contracts are for?