跳转到内容
Pidgr Docs

PrivacyService

此内容尚不支持你的语言。

Handles data subject rights under GDPR and LGPD — including data export, deletion, rectification, processing restriction, and existence confirmation. All RPCs extract org_id from the JWT; it is never included in request messages.

Some operations are async (export, delete) and return immediately with a PENDING status. The caller can poll the status or wait for a push notification on completion.

Methods

Section titled “Methods”
MethodDescription
ExportUserDataExport all personal data for a user as a downloadable ZIP
DeleteUserDataDelete or anonymize all personal data for a user
RectifyUserDataCorrect personal data fields for a user
RestrictProcessingRestrict or unrestrict data processing for a user
GetDataExistenceConfirmationConfirm whether personal data exists for a user

ExportUserData

Section titled “ExportUserData”

Export all personal data associated with a user as a downloadable ZIP. This is an async operation — it returns immediately with PENDING status and sends a push notification when the export is ready.

Authorization: Requires JWT. Callable by the user themselves or an org admin.

Request: ExportUserDataRequest

Section titled “Request: ExportUserDataRequest”
FieldTypeDescription
user_idstringInternal user ID whose data is being exported. UUID format.

Response: ExportUserDataResponse

Section titled “Response: ExportUserDataResponse”
FieldTypeDescription
statusPrivacyRequestStatusCurrent status of the export request.
result_urlstringPre-signed S3 URL to download the exported data (ZIP format). Only populated when status is COMPLETED.
export_idstringUnique identifier for this export request. UUID format.

Example

Section titled “Example”

TypeScript (Connect-Web)

const response = await privacyClient.exportUserData({
  userId: "user-uuid",
});
// response.status === "PENDING" initially
// Poll or wait for push notification, then use response.resultUrl

Go (gRPC)

resp, err := privacyClient.ExportUserData(ctx, &pidgrv1.ExportUserDataRequest{
    UserId: "user-uuid",
})
// resp.Status == pidgrv1.PRIVACY_REQUEST_STATUS_PENDING initially
// Poll or wait for push notification, then use resp.ResultUrl

DeleteUserData

Section titled “DeleteUserData”

Delete or anonymize all personal data associated with a user. Deletion has a 30-day grace period during which processing is restricted and the request can be cancelled. After 30 days, deletion is irreversible.

When anonymize is true, PII is replaced with placeholders instead of hard-deleted, preserving audit trail integrity while removing personal data.

Authorization: Requires JWT. Admin only.

Request: DeleteUserDataRequest

Section titled “Request: DeleteUserDataRequest”
FieldTypeDescription
user_idstringInternal user ID whose data is being deleted. UUID format.
anonymizeboolWhen true, PII is replaced with placeholders instead of hard-deleted. Preserves audit trail integrity.

Response: DeleteUserDataResponse

Section titled “Response: DeleteUserDataResponse”
FieldTypeDescription
statusPrivacyRequestStatusCurrent status of the deletion request.
deleted_atTimestampTimestamp when deletion was completed (or scheduled). Only populated when status is COMPLETED.

Example

Section titled “Example”

TypeScript (Connect-Web)

const response = await privacyClient.deleteUserData({
  userId: "user-uuid",
  anonymize: true, // replace PII with placeholders
});

Go (gRPC)

resp, err := privacyClient.DeleteUserData(ctx, &pidgrv1.DeleteUserDataRequest{
    UserId:    "user-uuid",
    Anonymize: true,
})

RectifyUserData

Section titled “RectifyUserData”

Correct personal data for a user. Corrections are propagated to all stored locations (profile, delivery records, analytics metadata).

Authorization: Requires JWT. Callable by the user themselves or an org admin.

Request: RectifyUserDataRequest

Section titled “Request: RectifyUserDataRequest”
FieldTypeDescription
user_idstringInternal user ID whose data is being corrected. UUID format.
correctionsmap<string, string>Map of field names to corrected values. Max 50 corrections per request.

Response: RectifyUserDataResponse

Section titled “Response: RectifyUserDataResponse”
FieldTypeDescription
rectified_fieldsstring[]Names of fields that were successfully rectified.

Example

Section titled “Example”

TypeScript (Connect-Web)

const response = await privacyClient.rectifyUserData({
  userId: "user-uuid",
  corrections: {
    display_name: "Alice Johnson",
    email: "alice.johnson@example.com",
  },
});
// response.rectifiedFields === ["display_name", "email"]

Go (gRPC)

resp, err := privacyClient.RectifyUserData(ctx, &pidgrv1.RectifyUserDataRequest{
    UserId: "user-uuid",
    Corrections: map[string]string{
        "display_name": "Alice Johnson",
        "email":        "alice.johnson@example.com",
    },
})

RestrictProcessing

Section titled “RestrictProcessing”

Restrict or unrestrict data processing for a user. When restricted, the API skips this user in campaigns, analytics, and session replay.

Authorization: Requires JWT. Admin only.

Request: RestrictProcessingRequest

Section titled “Request: RestrictProcessingRequest”
FieldTypeDescription
user_idstringInternal user ID whose processing is being restricted. UUID format.
restrictedboolWhen true, processing is restricted. When false, restriction is lifted.

Response: RestrictProcessingResponse

Section titled “Response: RestrictProcessingResponse”
FieldTypeDescription
restrictedboolCurrent restriction status.
restricted_atTimestampTimestamp when the restriction was applied or removed.

Example

Section titled “Example”

TypeScript (Connect-Web)

// Restrict processing
const response = await privacyClient.restrictProcessing({
  userId: "user-uuid",
  restricted: true,
});


// Lift restriction
const response = await privacyClient.restrictProcessing({
  userId: "user-uuid",
  restricted: false,
});

Go (gRPC)

resp, err := privacyClient.RestrictProcessing(ctx, &pidgrv1.RestrictProcessingRequest{
    UserId:     "user-uuid",
    Restricted: true,
})

GetDataExistenceConfirmation

Section titled “GetDataExistenceConfirmation”

Confirm whether personal data exists for a user and list the categories of stored data. This implements the LGPD-specific right of “confirmação de existência” (Art. 18, I).

Authorization: Requires JWT. Admin only.

Request: GetDataExistenceConfirmationRequest

Section titled “Request: GetDataExistenceConfirmationRequest”
FieldTypeDescription
user_idstringInternal user ID to check. UUID format.

Response: GetDataExistenceConfirmationResponse

Section titled “Response: GetDataExistenceConfirmationResponse”
FieldTypeDescription
existsboolWhether any personal data exists for this user.
data_categoriesstring[]Categories of data stored (e.g., "profile", "deliveries", "analytics").

Example

Section titled “Example”

TypeScript (Connect-Web)

const response = await privacyClient.getDataExistenceConfirmation({
  userId: "user-uuid",
});
// response.exists === true
// response.dataCategories === ["profile", "deliveries", "analytics"]

Go (gRPC)

resp, err := privacyClient.GetDataExistenceConfirmation(ctx, &pidgrv1.GetDataExistenceConfirmationRequest{
    UserId: "user-uuid",
})
// resp.Exists == true
// resp.DataCategories == []string{"profile", "deliveries", "analytics"}

PrivacyRequestStatus Enum

Section titled “PrivacyRequestStatus Enum”

Tracks the lifecycle of async privacy requests (export, delete).

ValueDescription
PRIVACY_REQUEST_STATUS_UNSPECIFIEDDefault value; should not be used explicitly.
PRIVACY_REQUEST_STATUS_PENDINGRequest has been created but not yet started.
PRIVACY_REQUEST_STATUS_PROCESSINGRequest is currently being processed.
PRIVACY_REQUEST_STATUS_COMPLETEDRequest completed successfully.
PRIVACY_REQUEST_STATUS_FAILEDRequest failed during processing.