Adding CCPA and CPRA to compliance page #543
Conversation
alex72508
added
enhancement
WalkthroughUpdates a single compliance documentation page: adds a new CCPA/CPRA section, updates metadata and keywords, switches all compliance logos to CDN URLs, and adds/download links across several sections (ISO 27001, SOC 2 Type 2, HIPAA, MVSP, PCI-DSS). Includes minor copy clarifications; no API or structural changes. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested reviewers
Poem
✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
This comment was marked as resolved.
This comment was marked as resolved.
Deploying kinde-docs-preview with
|
| Latest commit: |
c506e3e
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://fd57b12c.kinde-docs-preview.pages.dev |
| Branch Preview URL: | https://docs-ccpa-cpra.kinde-docs-preview.pages.dev |
Deploying kinde-docs-previews with
|
| Latest commit: |
4bd7478
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://fa6bd292.kinde-docs-previews.pages.dev |
| Branch Preview URL: | https://docs-ccpa-cpra.kinde-docs-previews.pages.dev |
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/content/docs/trust-center/privacy-and-compliance/compliance.mdx (1)
48-49: Typo: “ISO 27001:2002 certificate” should be “ISO 27001:2022 certificate”.Public‑facing year must match the standard and the linked PDF filename.
Apply:
-You can also download a copy of our [ISO 27001:2002 certificate](/assets/images/docs/certificates/Kinde-Australia-ISO-27001-2022.pdf). +You can also download a copy of our [ISO 27001:2022 certificate](/assets/images/docs/certificates/Kinde-Australia-ISO-27001-2022.pdf).
🧹 Nitpick comments (4)
customHttp.yml (2)
50-53: CSP: Adding 'self' to script-src broadens script permissions—confirm intent.Including 'self' now allows any first‑party script files, not just the hashed inline scripts and explicitly allowed hosts. If this wasn’t intended, consider removing 'self' and keeping only exact hosts + hashes.
Example (keep explicit hosts only):
- 'sha256-13ENHEoc4foVPMgYwApSstLrIGX/6Y5xvroD2DkDFcE=' - 'sha256-yFuBDNMj2fpiA5dUkQrfMrCWmvLpElEv1n2dFVmg3Dg=' 'self' + 'sha256-13ENHEoc4foVPMgYwApSstLrIGX/6Y5xvroD2DkDFcE=' + 'sha256-yFuBDNMj2fpiA5dUkQrfMrCWmvLpElEv1n2dFVmg3Dg='
53-53: Pinning a full CDN URL is good—consider adding SRI on the script tag.You’ve version‑pinned jsdelivr. Also add an integrity attribute on the HTML tag for defense‑in‑depth.
src/content/docs/trust-center/privacy-and-compliance/compliance.mdx (2)
70-72: Grammar fixes in GDPR section.-The General Data Protection Regulation (GDPR) is a European Union (EU) regulation on information privacy. It came into effect on May 25, 2018 and places obligations for any company targeting or collecting data related to people in the EU. It’s goal is to increase privacy protections for individuals and standardise data privacy laws across the various EU member countries. +The General Data Protection Regulation (GDPR) is a European Union (EU) regulation on information privacy. It came into effect on May 25, 2018, and places obligations on any company targeting or collecting data related to people in the EU. Its goal is to increase privacy protections for individuals and standardize data privacy laws across EU member countries.-More information about the GDPR and what Kinde does for comply with it can be found on our [GDPR](/trust-center/privacy-and-compliance/gdpr/) page. +More information about the GDPR and what Kinde does to comply can be found on our [GDPR](/trust-center/privacy-and-compliance/gdpr/) page.
82-83: Minor style improvement (possessive and “U.S.”).-More information about HIPAA can be found on the US Department of Health and Human Services's [health information privacy](https://www.hhs.gov/hipaa/index.html) page. +More information about HIPAA can be found on the U.S. Department of Health and Human Services’ [Health Information Privacy](https://www.hhs.gov/hipaa/index.html) page.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (1)
src/assets/images/compliance/CCPACPRA.pngis excluded by!**/*.png
📒 Files selected for processing (2)
customHttp.yml(1 hunks)src/content/docs/trust-center/privacy-and-compliance/compliance.mdx(4 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: marcosmartini
PR: kinde-oss/documentation#190
File: customHttp.yml:39-40
Timestamp: 2024-09-20T04:56:23.891Z
Learning: The `Strict-Transport-Security` header remains present in `customHttp.yml`; verify carefully before flagging its removal.
Learnt from: marcosmartini
PR: kinde-oss/documentation#190
File: customHttp.yml:39-40
Timestamp: 2024-10-08T23:57:58.113Z
Learning: The `Strict-Transport-Security` header remains present in `customHttp.yml`; verify carefully before flagging its removal.
📚 Learning: 2024-10-08T23:57:58.113Z
Learnt from: marcosmartini
PR: kinde-oss/documentation#190
File: customHttp.yml:39-40
Timestamp: 2024-10-08T23:57:58.113Z
Learning: The `Strict-Transport-Security` header remains present in `customHttp.yml`; verify carefully before flagging its removal.
Applied to files:
customHttp.yml
🪛 LanguageTool
src/content/docs/trust-center/privacy-and-compliance/compliance.mdx
[grammar] ~90-~90: Ensure spelling is correct
Context: ...ata related to people in California. An ammendment was introduced called the California Pr...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~98-~98: There might be a mistake here.
Context: ...org/star/registry/kinde/services/kinde/) from the Cloud Security Alliance and submitt...
(QB_NEW_EN)
🔇 Additional comments (7)
customHttp.yml (1)
54-55: AI summary inconsistency: HSTS is still present.Strict-Transport-Security remains configured here; it was not removed.
src/content/docs/trust-center/privacy-and-compliance/compliance.mdx (6)
27-29: Keywords updated to include CCPA/CPRA—LGTM.
34-34: Metadata date updated—LGTM.
44-44: CDN image swap—compatible with current CSP img-src.imagedelivery.net is already allowed; no action needed.
96-96: CAIQ section image swap—LGTM.
110-111: MVSP resource link—LGTM.
121-122: PCI resource link—LGTM.
src/content/docs/trust-center/privacy-and-compliance/compliance.mdx
Outdated
Show resolved
Hide resolved
…e.mdx Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (3)
src/content/docs/trust-center/privacy-and-compliance/compliance.mdx (3)
48-48: Fix ISO certificate year (2002 → 2022).The file name already says 2022; the link text says 2002.
-You can also download a copy of our [ISO 27001:2002 certificate](/assets/images/docs/certificates/Kinde-Australia-ISO-27001-2022.pdf). +You can also download a copy of our [ISO 27001:2022 certificate](/assets/images/docs/certificates/Kinde-Australia-ISO-27001-2022.pdf).
70-70: Grammar: It’s → Its.-It’s goal is to increase privacy protections for individuals and standardise data privacy laws across the various EU member countries. +Its goal is to increase privacy protections for individuals and standardize data privacy laws across the various EU member countries.Note: also standardize spelling style (US vs UK) for consistency with “organization” above.
72-72: Grammar: “for comply” → “to comply”.-More information about the GDPR and what Kinde does for comply with it can be found on our [GDPR](/trust-center/privacy-and-compliance/gdpr/) page. +More information about the GDPR and what Kinde does to comply with it can be found on our [GDPR](/trust-center/privacy-and-compliance/gdpr/) page.
♻️ Duplicate comments (1)
src/content/docs/trust-center/privacy-and-compliance/compliance.mdx (1)
84-92: CCPA/CPRA section looks solid and date-accurate.Incorporates amendment relationship and key effective/operative/enforcement dates as previously suggested. Nice.
🧹 Nitpick comments (6)
src/content/docs/trust-center/privacy-and-compliance/compliance.mdx (6)
82-82: Possessive/style: HHS.-More information about HIPAA can be found on the US Department of Health and Human Services's [health information privacy](https://www.hhs.gov/hipaa/index.html) page. +More information about HIPAA can be found on the U.S. Department of Health and Human Services’ [Health Information Privacy](https://www.hhs.gov/hipaa/index.html) page.
92-92: Add direct link to the CPPA site.-More information can be found on the California Attorney General’s [CCPA/CPRA page](https://oag.ca.gov/privacy/ccpa) and the California Privacy Protection Agency’s website. +More information can be found on the California Attorney General’s [CCPA/CPRA page](https://oag.ca.gov/privacy/ccpa) and the California Privacy Protection Agency’s [website](https://cppa.ca.gov/).
54-54: Alt text: add space in “SOC 2”.- +
46-46: Standards naming: use ISO/IEC.-Kinde is [ISO 27001:2022](https://www.iso.org/standard/27001) certified +Kinde is [ISO/IEC 27001:2022](https://www.iso.org/standard/27001) certifiedAlso verify the ISO link points to the correct standard page.
97-97: Smoother phrasing per static analysis hint.-Kinde has completed a [Consensus Assessments Initiative Questionnaire (CAIQ)](https://cloudsecurityalliance.org/star/registry/kinde/services/kinde/) from the Cloud Security Alliance and submitted to their public STAR registry as a Level 1 self-assessment. +Kinde has completed a [Consensus Assessments Initiative Questionnaire (CAIQ)](https://cloudsecurityalliance.org/star/registry/kinde/services/kinde/) from the Cloud Security Alliance and has submitted it to the public STAR registry as a Level 1 self-assessment.
117-117: Hyphenate “Self‑Assessment Questionnaire”.-... preparing the necessary Self Assessment Questionnaire (SAQ) ... +... preparing the necessary Self‑Assessment Questionnaire (SAQ) ...
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (1)
src/content/docs/trust-center/privacy-and-compliance/compliance.mdx(4 hunks)
🧰 Additional context used
🪛 LanguageTool
src/content/docs/trust-center/privacy-and-compliance/compliance.mdx
[grammar] ~97-~97: There might be a mistake here.
Context: ...org/star/registry/kinde/services/kinde/) from the Cloud Security Alliance and submitt...
(QB_NEW_EN)
Description (required)
Adding the CCPA and CPRA privacy frameworks to our compliance page. They are already part of our privacy policy documentation.
Also updated all the images on the compliance page to be Cloudflare CDN images.
Summary by CodeRabbit
New Features
Documentation