Privacy / Compliance
GDPR EU baseline
Consent-purpose binding, PII masking, 2-year retention cap, breach notification queue.
What this package does
GDPR-aligned guardrails for any product processing EU personal data. Binds every data processing operation to the user's declared consent purpose, masks PII before it reaches logs or downstream processors, enforces a 2-year retention maximum, and triggers a DPO review queue whenever a potential breach is detected (GDPR Article 33: 72-hour notification window).
Designed for
- Any product with EU users
- Data processors under GDPR
- AI products targeting the European market
What's included
- Consent-purpose binding: marketing, analytics, service delivery
- PII masking (email, phone, IP address)
- 2-year retention maximum (data minimization principle)
- Breach notification queue with 72-hour SLA (Art. 33)
- Immutable 3-year audit for regulatory examination
Controls in this bundle
Profile tiers
Switch profiles in Studio to retune default thresholds across the whole bundle without rewriting any control by hand. This package ships at strict — anything you've already tightened by hand is preserved on switch.
Every control in this package uses identical parameters across all four profiles. Switching profile in Studio has no effect here.
Attestation
The canonical hash of these bundle bytes is sha256:beaaa2c9c008544831b9bd3bcbdf3c9ff1b4d4af5002b48cef33113da82ec512. The same hash is computed at lock time, at Stripe checkout, and again on the runtime side before any byte is honored.
Want to customize first? Opening this package in Studio prefills the canvas with the 8 controls above. You can add, remove, or retune any of them before you lock the hash and pay.