Legal Policies - akeeba/panopticon GitHub Wiki

Legal Policies (Terms of Service / Privacy Policy)

Panopticon includes built-in support for publishing a Terms of Service (ToS) and a Privacy Policy. These documents are displayed publicly (no login required) and are linked from the footer of every page as well as the login screen.

Where They Appear

  • Footer: Every page includes links to the ToS and Privacy Policy in the bottom footer bar.
  • Login page: Links appear below the login form.
  • User consent page: When user registration is enabled, users are required to review and accept these policies before they can use the application. The policies are displayed in an expandable accordion on the consent page.

Editing Policies

Navigate to Administration > Legal Policies in the main menu (requires Super User permissions), or go to index.php?view=policies&task=edit.

The editor provides:

  • Policy Type selector: Switch between editing the Terms of Service and the Privacy Policy.
  • Language selector: Each policy can have separate content per language. When a user views a policy page, Panopticon looks for content in their current language first, then falls back to English (en-GB), then to the wildcard (*) language.
  • Content editor: A TinyMCE rich text editor for the policy HTML content.
  • Preview links: Open the public-facing policy pages in a new tab to preview the current content.

Per-Language Support

Policies are stored per-language in the #__akeeba_common database table with keys in the format {type}.{language} (e.g., tos.en-GB, privacy.de-DE).

The language fallback order when displaying a policy is:

  1. {type}.{current_language} (e.g., tos.fr-FR)
  2. {type}.en-GB (English fallback)
  3. {type}.* (wildcard fallback)

To add a translation, simply select the target language in the editor and save. The content for that language will be created automatically.

Default Content

During database setup (or upgrade), Panopticon seeds default Terms of Service and Privacy Policy content in English. These defaults contain common sections that serve as a template:

  • Terms of Service: Acceptance of terms, service description, user accounts, acceptable use, data and privacy, service availability, limitation of liability, changes to terms, account termination, and contact information.
  • Privacy Policy: Data controller, personal data collected, purpose of processing, legal basis, data retention, data sharing, user rights (GDPR), data security, cookies, changes to policy, and contact information.

Important: The default content is generic and should be customised by the site administrator to reflect the specific terms and practices of their installation.

Technical Details

  • Policies are stored in the #__akeeba_common table (key-value store).
  • The policies view is listed in NO_LOGIN_VIEWS, meaning it can be accessed without authentication.
  • The policies view is also included in the MFA allowed views list, so it remains accessible during the MFA captive flow.
  • Public tasks (default, tos, privacy) have the # ACL privilege (public access).
  • Edit tasks (edit, save, cancel) require the super privilege.