HomeDev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityDoc feedbackLog In

Optimizely Community API

This topic describes GDPR guidelines for Optimizely Community API.

Collect data

If your application uses Optimizely Community API (formerly Social), you should ensure that consent is given before accepting user-generated content or allowing participation in digital communities. Clearly state the purpose and guidelines of your community features, and only collect PII data that is appropriate to the purpose of that community. Avoid collection of data that may be deemed sensitive. See also Collect data.

Store data

Optimizely Community API stores only the content submitted to it by your application. All communication between your application and Optimizely Community API, including the transfer of content, occurs via HTTPS.

Avoid storing PII with Community API content whenever possible. Optimizely Community API uses “references” to identify users, such as the author or a comment or the contributor of a rating. This is helpful because it lets you consolidate and segregate PII data from your content. The content refers to a user but does not require you to embed their data in it.

When storing content with Optimizely Community API that may contain PII, you should do so in a manner that can be retrieved or removed later. Requests for access or requests to be forgotten by your users mean that you will need to identify their contributions. The Optimizely Community API’s modeling and querying features let you structure content in the manner that is most appropriate to support your application in this regard.

In some cases, content generated by one user may intentionally or inadvertently contain PII data of another. Such content can be challenging to identify and remove. Consider implementing a stringent moderation policy for accepting content, which lets administrators prevent this kind of content from being stored.

See also Store data.

Fetch data

The Optimizely Community API’s content modeling capabilities let applications structure content in the most appropriate manner for them. Consider structuring content so it can be most easily identified and retrieved by your application. The API’s querying capabilities let you define powerful queries to retrieve content, even if it is represented using custom models. Your application should take advantage of these tools to implement the export capabilities necessary to honor a Subject Access Request (SAR).

See also Fetch and update data.

Delete data

The Optimizely Community API content modeling capabilities let applications structure content in the manner that is most appropriate for them. Consider structuring content so that it can be most easily identified and deleted. Consider the Optimizely Community API features you are using to store content, as some forms of content may be better suited to facilitate removal.

Also, content generated by one user may intentionally or inadvertently contain PII data of another. Such content can be challenging to identify and remove. Consider implementing a stringent moderation policy for accepting content, which lets administrators prevent this kind of content from being stored.

See also Delete data.