Over the past weeks, we’ve released a number of improvements to make it easier for Fabman customers to comply with GDPR.
What’s GDPR?
The General Data Protection Regulation (GDPR) is a European privacy law approved by the European Commission in 2016 and will go into effect May 25th 2018.
New tools for you!
We’ve added new tools and features to the Fabman admin interface to help you stay GDPR-compliant:
Storage restrictions for sensitive data
You can now specify in your account settings how long we’ll store equipment activity logs and booking information. Any information older then the specified duration is automatically deleted.
Full data export for members
There’s a new link on each member’s detail page that lets you export all data Fabman has stored about that member in an open-standard data exchange file format, as required by the GDPR access and data portability rules. Previously, you were already able to get this data via our open API (using multiple calls), but the new export makes it much easier.
Find inactive members
We’ve extended our members API to allow you to fetch all inactive members (i.e., members without any active package) with a single request. This can help you determine which members to delete (based on your data retention policies). The same parameters can be used with the member export API to download all those members as a single CSV.
Use the new query parameters packages=none and privileges=member to find all non-admin members without active packages. You might want to append embed=memberPackages to include all their previous packages to see for how long they haven’t been active.
(You can also use these new filters to find all admins or get a list of members having a certain package.)
Anonymized user data
When you delete a member, all their data is immediately removed and any references to the member (for example, as part of activity log records) are replaced with anonymized placeholders. Invoices remain unaffected but all links between invoices and the deleted member are removed to prevent de-anonymization.
Other changes
We’ve released many other improvements and fixes since the last announcement. Here are the most important ones, if you’re curious:
View changelog
- Lots of small design tweaks across the whole app – especially on the booking calendar, package settings, equipment overview and member detail page.
- You could always add notes to a member’s packages – but only via the API. Now the notes are also editable in the web application.
- If you manage multiple spaces with Fabman, you can now filter the activity log by space and sort your equipment by space.
- When you create invoices, the default cutoff-date is now set to the first of the month – to include all package fees for that month.
- We’ve added API keys as another authentication method to our JSON API.
- If you use API keys to tell our API who you are, you can now send them as Basic username with empty password. Why? Because it’s more convenient when playing with the API using cURL. Just use „-u <key>:" (don’t forget the colon) instead of "-H 'Authorization: Bearer <key>‘“.
- Added a new currency „Virtual Points (PTS)“ for spaces that use a virtual currency (e.g., membership points) for pricing.
- We’ve untangled the mixture of net and gross amounts on members’ invoices.
- When you export the activity log as CSV, it now includes the member’s company name.
- Reorganized the member form to make it easier to understand (hopefully).
- Fixed an error when entering very large values into currency or tax fields. You still can’t charge someone $100.000.000, but now we’ll tell you that.
- Fixed an error when trying to delete a package that was assigned at least one member and had already created a charge for them. Plus: We better explain what will happen when you try to delete such a package.
- Fixed an error in the custom bridge API when trying to authenticate a member who has no first name or no last name.
- Changing your own email address caused you to be signed out immediately – not anymore!
- For those few users who need to verify their email address: We’ve previously redirected you to the wrong page, sorry.
- Searching for members by their keycard token now works for em4102 tokens whether or not you include the checksum. (Previously you had to include it.)
- Fixed an error when using API-key authentication without actually providing a key.
Updated terms and policies
In addition to these changes, we’ll release updated terms of service, a rewritten privacy policy and a data processing addendum within the next few days.