The custom disclaimer is an Enterprise Only feature.
We received feedback recently about the missing “Tag” in our doc and we spent some time last week to insure that the Enterprise Only features are correctly identified in the Doc.
The update will come together with the 2.0.4 release that should be out next week, #documentationIsAlsoCode.
The Home Distribution is meant to share pictures or documents with your friends and family, so you are on the safe side of the law, so:
I don’t think so, GDPR is about gathering, storage and treatment of personal data like: Name, Photo, Email address, Social media posts, Personal medical information, IP addresses, Bank details…
None of these are required to have a user account in one of the instance, and only the IP address of the end user will appear in some logs. If you clean your log regularly, you then have none of the sensitive info.
That said, if you installed the Home Edition for your business and use it to provide services to end users / clients you are already most probably infringing the law due to the quite restrictive AGPL license, so…
The GDPR is by no means only about the collection and retention of the mentioned data. It is an extensive and strict set of regulations relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data (sic)
To boil it down to 1 sentences: As soon as you offer a service via HTTP, you must inform the visitor about his rights, exactly what information is gathered (IP, timestamp, referer… etc), how it is processed and who he needs to talk to if he/she has issues.
It is by no means sufficient to clean logs regularly!