🏠 Overview 🎯 Features 🎯 Privacy Policy

Privacy Policy

Feature Detail

low complexity extracted Legal Documents Confidence: 100%
7
Components
4
Shared
0
User Stories
Yes
Analyzed

Description

The Privacy Policy page is a publicly accessible, GDPR-compliant legal document explaining how Meander collects, processes, stores, and shares personal data across its platform. It is required before any data collection can begin and must be reachable without authentication. The page serves both prospective organizations evaluating the platform on the Sales Website and end users of the operational products who wish to independently review data-handling practices. It must be clearly written, accessible, and versioned with a last-updated date to reflect ongoing compliance obligations under Norwegian and EU law.

Sources & reasoning

Explicitly listed as a Sales Website core capability (line 223) and confirmed as Phase 1 MVP scope (line 337 "Privacy policy og vilkår"). GDPR obligations for a platform handling sensitive personal data of Norwegian disability-organization members make this a hard legal requirement before any data collection begins. Target release MVP per phase-1 evidence.

  • docs/source/likeperson.md · line 222-225
    Privacy policy, Terms of Service, Data Processing Agreement, Cookie Policy
  • docs/source/likeperson.md · line 337
    Privacy policy og vilkår

Analysis

Business Value

A published Privacy Policy is a legal prerequisite for operating a personal-data-processing platform under GDPR. Without it Meander cannot legally onboard organizations, collect user data, or execute data-processing agreements. For prospective organizations browsing the Sales Website, its presence signals regulatory maturity and builds trust before any demo or contract commitment. It also reduces liability by clearly delineating controller and processor responsibilities. Placing it on the public Sales Website ensures it is accessible to end users of the operational products without requiring login, supporting the transparency obligations that GDPR imposes on data controllers handling sensitive personal data.

Implementation Notes

The page is a static content page within the Next.js static-export Sales Website - no backend, no authentication. Content should be authored in MDX or plain HTML and reviewed by legal counsel before launch. The page must meet WCAG 2.2 AA standards: proper heading hierarchy, minimum 4.5:1 text contrast, scalable typography. It must include a visible last-updated date and version identifier. A persistent footer link on every Sales Website page is required. Additionally the mobile app Help & Support area references this URL so that peer mentors and coordinators can reach it from within the app, ensuring consistent cross-product discoverability without duplicating content.

Components (11)

User Interface (5)

ui ContactUsScreen medium ui PrivacyPolicyScreen medium ui AccessibilityStatementScreen medium ui FaqScreen medium ui PrivacyPolicyPage medium

Service Layer (1)

service SupportRequestService medium

Data Layer (1)

data FaqRepository medium

Shared Components

These components are reused across multiple features

User Stories

No user stories have been generated for this feature yet.