veza/apps at 772799582d51d0f8e5217e2bb9da2dc00fe64a5f - senke/veza

senke/veza

History

senke 772799582d feat(legal): cookie banner + privacy page (ePrivacy/RGPD consent gate) v1.0.10 légal item 1. The privacy policy at /legal/privacy now exists and the SPA shows a non-modal banner asking for consent before any optional cookie is set. Conformité ePrivacy + CNIL guidance. Banner (apps/web/src/components/CookieBanner.tsx) : * Bottom strip, NOT a modal — public pages remain browsable while the user is undecided. Only optional-cookie-using surfaces gate on consent. * Two equal-weight buttons : "Refuser le non-essentiel" and "Tout accepter". No dark patterns / nudging — both actions are full size, both have visible borders. * Choice persisted in localStorage as `{ choice: 'all'\|'essential', timestamp: ISO8601 }`. * Auto-expires after 13 months (CNIL guidance) — the next visit after expiry re-shows the banner. * Custom event `veza:cookie-consent-changed` fires on decision so analytics wiring can react without polling. * Three exported helpers : readCookieConsent (sync) / useCookieConsent (React hook) / resetCookieConsent (revoke from settings page). Co-located with the banner because they're contextually inseparable — splitting would obscure the contract. Privacy page (apps/web/src/features/legal/pages/PrivacyPage.tsx) : * Public minimalist privacy notice — what data, why, how long, who we share with, RGPD rights. * Hosts the cookie controls : shows current choice + "modifier" button that calls resetCookieConsent() to re-prompt. * Cross-links DMCA / CGU / mentions (the latter two will land in légal item 3). * To be reviewed by counsel before v2.0.0 — text is honest baseline, not finalised legal copy. Wired : * Lazy-component registry (lazyExports.ts + index.ts + LazyComponent facade) * Public route /legal/privacy in routeConfig.tsx * <CookieBanner /> mounted in App.tsx after AppRouter so it overlays every screen including the landing page * Lint baseline holds at 754 (the 6 unavoidable warnings — react-refresh on co-located helpers + native <button> on a standalone-bundle-required component — are suppressed inline with specific reasons) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-01 17:33:19 +02:00
..
web	feat(legal): cookie banner + privacy page (ePrivacy/RGPD consent gate)	2026-05-01 17:33:19 +02:00

senke 772799582d feat(legal): cookie banner + privacy page (ePrivacy/RGPD consent gate)

v1.0.10 légal item 1. The privacy policy at /legal/privacy now exists
and the SPA shows a non-modal banner asking for consent before any
optional cookie is set. Conformité ePrivacy + CNIL guidance.

Banner (apps/web/src/components/CookieBanner.tsx) :
  * Bottom strip, NOT a modal — public pages remain browsable while
    the user is undecided. Only optional-cookie-using surfaces gate
    on consent.
  * Two equal-weight buttons : "Refuser le non-essentiel" and "Tout
    accepter". No dark patterns / nudging — both actions are full
    size, both have visible borders.
  * Choice persisted in localStorage as
    `{ choice: 'all'|'essential', timestamp: ISO8601 }`.
  * Auto-expires after 13 months (CNIL guidance) — the next visit
    after expiry re-shows the banner.
  * Custom event `veza:cookie-consent-changed` fires on decision so
    analytics wiring can react without polling.
  * Three exported helpers : readCookieConsent (sync) / useCookieConsent
    (React hook) / resetCookieConsent (revoke from settings page).
    Co-located with the banner because they're contextually inseparable
    — splitting would obscure the contract.

Privacy page (apps/web/src/features/legal/pages/PrivacyPage.tsx) :
  * Public minimalist privacy notice — what data, why, how long, who
    we share with, RGPD rights.
  * Hosts the cookie controls : shows current choice + "modifier"
    button that calls resetCookieConsent() to re-prompt.
  * Cross-links DMCA / CGU / mentions (the latter two will land in
    légal item 3).
  * To be reviewed by counsel before v2.0.0 — text is honest baseline,
    not finalised legal copy.

Wired :
  * Lazy-component registry (lazyExports.ts + index.ts + LazyComponent
    facade)
  * Public route /legal/privacy in routeConfig.tsx
  * <CookieBanner /> mounted in App.tsx after AppRouter so it overlays
    every screen including the landing page
  * Lint baseline holds at 754 (the 6 unavoidable warnings —
    react-refresh on co-located helpers + native <button> on a
    standalone-bundle-required component — are suppressed inline with
    specific reasons)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-01 17:33:19 +02:00

web

feat(legal): cookie banner + privacy page (ePrivacy/RGPD consent gate)

2026-05-01 17:33:19 +02:00