Hi.
Im making an app (ACME Client) that communicates with an open third party API directly (meaning, I as a app developer never gets to see or control the data).
That the API is "open" means you do not need a contract or permission with the API owner to make a client or app that accesses said API.
The API will process the following information:
1: A public key created by the user - which would constitute an "User ID". If the public key doesn't exist in the API database, an account will be created automatically.
2: Domains a user want to claim ownership of for the purpose of TLS certificate issuance.
3: The IP adress of the user's device.
I now wonder, how should I fill out the data safety form?
Since my app interfaces a third party directly (like an web browser or client software), I cannot provide interfaces for example account deletion. What I can do, is to link to their
Of course, I will be clear with the data that is shared with the third party - as my app have full control of that - the interface is very well described in RFC 8555 which means theres no risk that the third-party could start collecting "more" data than my app explicity provide them with.
How does other client apps handle this? I mean, clients that directly interface third party APIs, servers or websites, and thus, does not have any "control" of the data processed.
There are a lot of apps that does in this way, for example IRC clients that allows users to select a server from a drop-down list, which would constitute a similiar data sharing thing.