Legal Page Maintenance

Where each site's legal pages live, update procedures, and content requirements

Overview

Each SanMarcSoft site that processes user data must maintain up-to-date legal pages: Privacy Policy, Terms of Service, and Cookie Policy. This runbook documents where each page lives and how to update them.

Legal Page Locations

verifieddit.com

PageLocationFormat
Privacy Policyverifieddit-www/src/pages/PrivacyPolicy.tsxReact component
Terms of Serviceverifieddit-www/src/pages/TermsOfService.tsxReact component
Cookie PolicyCovered within Privacy Policy-

Update procedure:

  1. Edit the React component in the source code
  2. Build: bun install && bun run build
  3. Build OCI image: nix build .#packages.x86_64-linux.oci-image
  4. Deploy per Verifieddit Deployment SOP

verifieddit.com/docs (Hugo docs)

PageLocationFormat
Privacyverifieddit-www/hugo-site/content/en/privacy.mdMarkdown

sanmarcsoft.com

PageLocationFormat
Privacy Policysanmarcsoft-www/src/privacy.html or Cloudflare PagesHTML
Terms of Servicesanmarcsoft-www/src/terms.htmlHTML

Update procedure:

  1. Edit the HTML files
  2. Deploy via Cloudflare Pages (push to main branch)

trusteddit.com

PageLocationFormat
Privacy Policytrusteddit-www/content/privacy.mdMarkdown (Hugo)
Terms of Servicetrusteddit-www/content/terms.mdMarkdown (Hugo)

Update procedure:

  1. Edit the Markdown files
  2. Deploy via Cloudflare Pages

Required Content (GDPR)

Every Privacy Policy must include:

  1. Identity of the controller: SanMarcSoft, contact email
  2. Purpose of processing: What data is collected and why
  3. Legal basis: Consent, legitimate interest, or contractual necessity
  4. Data retention periods: How long data is kept
  5. Data subject rights: Access, erasure, portability, etc.
  6. International transfers: If data leaves the EU (e.g., Clerk is US-hosted)
  7. Third-party processors: List of sub-processors
    • Cloudflare (CDN, Workers, D1)
    • Scaleway (containers, registry)
    • Clerk (authentication)
    • Stripe (payments)
    • Sightengine (AI detection)
    • AWS (Phenom Drop)
    • Google (Firestore, Phenom Drop)
  8. DPO contact: Data Protection Officer contact information
  9. Supervisory authority: CNIL (France)

Update Triggers

Legal pages must be updated when:

  • A new third-party service is integrated
  • Data processing purposes change
  • New data categories are collected
  • Infrastructure moves between jurisdictions
  • Regulatory requirements change

Review Schedule

  • Quarterly: Review all legal pages for accuracy
  • On change: Update immediately when data processing changes
  • Annually: Full legal review with counsel

Troubleshooting

  • Legal page not rendering: Check the build process for the affected site. Legal pages are part of the application build.
  • Outdated processor list: Cross-reference with the actual services in use (this runbook’s services section).
  • Cookie consent banner: Cloudflare provides basic analytics. If additional cookies are used, a consent banner may be required.