Privacy Feature Flags - Nudj Platform Documentation

Overview

Privacy feature flags provide comprehensive control over user data visibility and anonymization across the platform. These features help organizations comply with privacy regulations and protect user identities while maintaining platform functionality.

Available Features

Anonymize Leaderboard

Key: anonymise-leaderboard
Default: Disabled
Category: Privacy

Purpose: Hide real user identities specifically on leaderboards and ranking displays. Privacy Protection:

Masks usernames with pattern: First letter + 8 asterisks (e.g., “j********”)
Hides profile pictures for other users (shows initials instead)
Preserves ranking positions and scores
Users always see their own complete information

Implementation:

// Username masking
const displayName = isAnonymised && user.userId !== currentUserId
  ? `${user.username[0]}${"*".repeat(8)}`
  : user.username;

// Avatar hiding
const avatarUrl = isAnonymised && user.userId !== currentUserId
  ? "" // Forces fallback to initials
  : user.profilePictureUrl;

Use Cases:

Public competitions with privacy requirements
Educational environments protecting student identities
Corporate leaderboards with confidentiality needs
GDPR compliance for public rankings

Anonymize User Data

Key: anonymise-user-data
Default: Disabled
Category: Privacy

Purpose: Mask personal identifiable information across all platform components. Comprehensive Coverage:

Leaderboards and rankings
Post comments and discussions
User profiles and avatars
Activity feeds
Social interactions

Privacy Hierarchy:

// Either flag triggers anonymization
const isAnonymised = 
  isUserDataAnonymised || isLeaderboardAnonymous;

Data Protection Scope:

Hidden: Real names, profile pictures, full usernames
Preserved: User positions, scores, achievements, activity
Exception: Users always see their own data

Implementation Details

Client-Side Anonymization

Security Note: The examples below show client-side masking, which protects the UI display but the original data is still present in the network payload and DOM. For strict privacy requirements where PII must never reach the client, server-side anonymization should be implemented instead.

Leaderboard Component:

// From: leaderboard-content.tsx
<AvatarImage
  src={
    isAnonymised && user.userId !== userId
      ? "" // Hide profile picture
      : user.profilePictureUrl || ""
  }
/>

<span>
  {isAnonymised && user.userId !== userId
    ? `${user.username[0]}${"*".repeat(8)}`
    : user.username}
</span>

Comment System:

// From: comment-card.tsx
const isUserDataAnonymised = ff(FeatureKeyEnum.AnonymiseUserData);

{isUserDataAnonymised && !isCurrentUser
  ? `${comment.displayName[0]}${"*".repeat(8)}`
  : comment.displayName}

Server-Side Data Deletion

For complete GDPR compliance, the platform also supports full user data deletion:

// Complete PII removal
await userService.deleteUserData(userId);

// Results in:
{
  email: "deleted-user-[uuid]@deleted.local",
  username: "deleted-user-[uuid]",
  fullName: undefined,
  displayName: undefined,
  bio: undefined,
  profilePictureUrl: undefined,
  socialHandles: undefined,
  birthDate: undefined
}

Privacy Patterns

Current User Exemption

Users always see their own complete information:

const shouldAnonymize = isAnonymised && user.userId !== currentUserId;

This maintains user experience while protecting others’ privacy.

Consistent Masking Format

All masked usernames follow the same pattern:

First character visible for recognition
Eight asterisks for consistency
Predictable length for UI layout

Visual Indicators

When privacy features are enabled, users see:

“You” badges on their own content
Masked usernames for others
Initials-based avatars instead of photos
Their full information in their own profile

Configuration Strategies

Maximum Privacy

{
  "anonymise-leaderboard": true,
  "anonymise-user-data": true
}

Best for: Public platforms, educational environments, GDPR compliance

Leaderboard Privacy Only

{
  "anonymise-leaderboard": true,
  "anonymise-user-data": false
}

Best for: Competitive environments with privacy concerns

No Privacy Features

{
  "anonymise-leaderboard": false,
  "anonymise-user-data": false
}

Best for: Internal corporate platforms, closed communities

Compliance & Regulations

Privacy features support GDPR requirements:

Right to Privacy: Anonymization features protect user identities
Data Minimization: Only necessary data displayed
Right to be Forgotten: Complete data deletion available
Consent Management: Users control their data visibility

Educational Privacy (FERPA/COPPA)

Features support educational privacy laws:

Student names and photos can be hidden
Performance data remains trackable
Parental controls supported
Age-appropriate privacy defaults

Corporate Compliance

Support for corporate privacy requirements:

Employee anonymity in competitions
Confidential performance metrics
Department-level privacy controls
Audit trail maintenance

Implementation Guide

Assess Privacy Requirements

Review applicable regulations and organizational policies

Configure Privacy Features

Enable appropriate privacy flags in Settings → Features

Test User Experience

Verify privacy protection while maintaining usability

Communicate Changes

Inform users about privacy protections in place

Monitor Compliance

Regular audits to ensure privacy settings remain appropriate

User Experience Impact

What Users See

With Privacy Enabled:

Their own complete profile and data
Masked identities of other users
Maintained competitive elements (scores, rankings)
Clear “You” indicators on their content

Privacy Indicators:

// Show privacy notice
{isAnonymised && (
  <Alert>
    <Shield className="h-4 w-4" />
    <AlertDescription>
      User identities are protected for privacy
    </AlertDescription>
  </Alert>
)}

Maintaining Engagement

Privacy features preserve engagement mechanics:

Competition remains through anonymous rankings
Social proof via activity without identities
Achievement celebrations without revealing users
Progress tracking remains fully functional

Monitoring & Analytics

Privacy Metrics

Metric	Description	Monitoring Goal
Anonymized Views	Pages viewed with privacy enabled	Track feature usage
User Opt-outs	Users requesting additional privacy	Identify concerns
Data Requests	GDPR data access requests	Compliance tracking
Deletion Requests	Right to be forgotten requests	Legal compliance

Audit Logging

// Log privacy-related actions
logger.info('Privacy feature toggled', {
  feature: 'anonymise-user-data',
  enabled: true,
  adminUser: admin.id,
  timestamp: new Date()
});

logger.info('User data deletion requested', {
  userId: user.id,
  requestType: 'gdpr-deletion',
  status: 'completed'
});

Troubleshooting

Some users still visible despite privacy settings

Check if users are viewing their own data. The current user exemption always shows personal information.

Inconsistent anonymization across components

Ensure both privacy flags are properly configured. Some components check both flags.

Performance impact with privacy enabled

Privacy features have minimal impact. Check React Query cache settings if experiencing slowdowns.

Legal compliance questions

Consult legal counsel for specific regulatory requirements. These features provide tools but not legal advice.

Best Practices

Default to Privacy

Enable privacy features by default for new deployments

Clear Communication

Inform users about privacy protections in place

Regular Audits

Periodically review privacy settings and compliance

User Control

Consider user-level privacy preferences

Technical Architecture

Performance Optimization

Privacy features are designed for minimal performance impact:

Client-side masking uses memoization
No additional API calls required
Cached privacy settings (5-minute TTL)
Efficient string operations for masking

Security Considerations

Privacy flags fetched securely from server
No client-side manipulation possible
Masking applied at render time
Original data never exposed to client when anonymized

API Reference

curl -X GET https://your-subdomain.nudj.cx/api/v2/integration/feature-flags \
  -H "x-api-token: YOUR_API_TOKEN" \
  | jq '.featureConfig[] | select(.key | contains("anonymis"))'

GDPR Compliance

Complete GDPR implementation guide

User Data Management

Managing user information

Security Best Practices

Data protection guidelines

Legal Policies

Configure privacy policies

Getting Started

Dashboard & People

Ways to Engage

Gamification System

Organization Settings

​Overview

​Available Features

​Anonymize Leaderboard

Anonymize Leaderboard

​Anonymize User Data

Anonymize User Data

​Implementation Details

​Client-Side Anonymization

​Server-Side Data Deletion

​Privacy Patterns

​Current User Exemption

​Consistent Masking Format

​Visual Indicators

​Configuration Strategies

​Maximum Privacy

​Leaderboard Privacy Only

​No Privacy Features

​Compliance & Regulations

​GDPR Compliance

​Educational Privacy (FERPA/COPPA)

​Corporate Compliance

​Implementation Guide

​User Experience Impact

​What Users See

​Maintaining Engagement

​Monitoring & Analytics

​Privacy Metrics

​Audit Logging

​Troubleshooting

​Best Practices

Default to Privacy

Clear Communication

Regular Audits

User Control

​Technical Architecture

​Performance Optimization

​Security Considerations

​API Reference

​Related Resources

GDPR Compliance

User Data Management

Security Best Practices

Legal Policies

Overview

Available Features

Anonymize Leaderboard

Anonymize User Data

Implementation Details

Client-Side Anonymization

Server-Side Data Deletion

Privacy Patterns

Current User Exemption

Consistent Masking Format

Visual Indicators

Configuration Strategies

Maximum Privacy

Leaderboard Privacy Only

No Privacy Features

Compliance & Regulations

GDPR Compliance

Educational Privacy (FERPA/COPPA)

Corporate Compliance

Implementation Guide

User Experience Impact

What Users See

Maintaining Engagement

Monitoring & Analytics

Privacy Metrics

Audit Logging

Troubleshooting

Best Practices

Technical Architecture

Performance Optimization

Security Considerations

API Reference

Related Resources