We need explicit privacy statements to comply with the GDPR (Wikipedia), and AFAIK we also need people's explicit concent before they should be allowed to use our services. This will have to be done in the next week, or we risk high fines.
The important bits are:
- Write the privacy statement. This shouldn't be too hard, since we collect a small amount of personal data.
- Get more detail about Sentry, as we do send them user IDs, email addresses and full names. We also could reconsider sending those (that is, change our logging), or consider setting up our own Sentry instance.
- Track whether people have agreed or not to these terms.
- Disallow Cloud and Blender ID usage before agreeing.