@zanii/retention
v0.2.0
Published
Provable data-deletion attestations for GDPR Art. 17 - signed, timestamped receipts that reference the erased subject by a salted commitment, never raw PII. Zero deps.
Readme
@zanii/retention
Provable data-deletion attestations for GDPR Art. 17 (right to erasure) and
similar. You can't cryptographically prove an absence, so a deletion proof is a
signed, timestamped, tamper-evident attestation — which is exactly what a
Zanii receipt is. This builds a well-structured data.retention.<action> receipt
that references the erased subject by a salted commitment, never raw PII.
npm install @zanii/retentionUsage
import { buildRetentionAttestation } from '@zanii/retention';
import { ZaniiAgent } from '@zanii/sdk';
const agent = new ZaniiAgent({ /* … */ });
const { target, payload, salt } = buildRetentionAttestation({
subject: 'user:42', // committed, never stored raw
policy: 'gdpr-erasure',
scope: ['profile', 'orders'],
executedAt: new Date().toISOString(),
method: 'hard-delete',
});
await agent.record({ target, payload }); // anchored, tamper-evident proof of deletion
// keep `salt` to later prove the attestation was about user:42, without it ever
// being in the receipt: verifySubject('user:42', salt, payload.subject_commitment)The receipt leaks nothing about who was erased. When a regulator asks, reveal the
salt for the specific subject and verifySubject proves the match against the
immutable, anchored entry. verifyRetention(payload) structurally validates an
attestation.
Changelog
- 0.2.0 — added
buildRetentionHold/verifyRetentionHold— the inverse attestation: prove records were kept to aretain_until(UAE Companies Law / FTA 5-yr retention). - 0.1.0 — initial release:
buildRetentionAttestation,verifyRetention,commitSubject,verifySubject.
License
Apache-2.0.
