GDPR API
GDPR compliance features for consent management, data export, and account deletion.
Consent Management
Get Consent Status
GET /api/gdpr/consentGet current consent status.
Query Parameters:
| Parameter | Description |
|---|---|
history | Include consent history |
Response
{
"consents": {
"terms": {
"granted": true,
"granted_at": "2024-01-01T00:00:00Z",
"version": "1.0"
},
"privacy": {
"granted": true,
"granted_at": "2024-01-01T00:00:00Z",
"version": "1.0"
},
"marketing": {
"granted": false,
"revoked_at": "2024-01-10T00:00:00Z"
},
"analytics": {
"granted": true,
"granted_at": "2024-01-01T00:00:00Z"
}
}
}Record Consent
POST /api/gdpr/consentRecord user consent.
Single consent:
{
"consentType": "marketing",
"granted": true
}Multiple consents:
{
"consents": [
{ "type": "marketing", "granted": true },
{ "type": "analytics", "granted": true }
]
}Consent Types
| Type | Description | Required |
|---|---|---|
terms | Terms of Service | Yes |
privacy | Privacy Policy | Yes |
marketing | Marketing communications | No |
analytics | Usage analytics | No |
data_processing | Data processing agreement | Org only |
Revoke Consent
DELETE /api/gdpr/consent?type={type}Revoke a specific consent.
Renew Consents
POST /api/gdpr/consent/renewRenew consents for updated policies.
{
"consentTypes": ["terms", "privacy"]
}Check Renewal Needed
GET /api/gdpr/consent/renewal-checkCheck if any consents need renewal.
{
"needs_renewal": true,
"types": ["privacy"],
"reason": "Policy updated"
}Data Export
Request Export
POST /api/gdpr/exportRequest a copy of all your data.
Response
{
"request_id": "export-uuid",
"status": "pending",
"message": "Export request received. You will be notified when ready.",
"estimated_completion": "2024-01-15T12:00:00Z"
}Check Export Status
GET /api/gdpr/exportGet export request status.
Query Parameters:
| Parameter | Description |
|---|---|
requestId | Specific request ID |
Response
{
"request_id": "export-uuid",
"status": "completed",
"file_url": "https://signed-url...",
"file_size": 15000000,
"expires_at": "2024-01-22T00:00:00Z",
"created_at": "2024-01-15T10:00:00Z",
"completed_at": "2024-01-15T10:30:00Z"
}Export Statuses
| Status | Description |
|---|---|
pending | Request queued |
processing | Export being generated |
completed | Ready for download |
failed | Export failed |
expired | Download link expired |
Export Contents
The data export includes:
- Profile information
- Documents and metadata
- Extractions
- Chat history
- Knowledge bases
- API key metadata
- Consent history
- Audit logs
Account Deletion
Request Deletion
POST /api/gdpr/delete-accountRequest account deletion.
{
"reason": "No longer need the service",
"immediate": false
}| Field | Type | Description |
|---|---|---|
reason | string | Deletion reason (optional) |
immediate | boolean | Skip grace period |
Response
{
"request_id": "deletion-uuid",
"status": "scheduled",
"scheduled_at": "2024-01-22T00:00:00Z",
"grace_period_days": 7,
"message": "Your account is scheduled for deletion. You can cancel within 7 days."
}Check Deletion Status
GET /api/gdpr/delete-account{
"request_id": "deletion-uuid",
"status": "scheduled",
"scheduled_at": "2024-01-22T00:00:00Z",
"can_cancel": true
}Cancel Deletion
DELETE /api/gdpr/delete-account?requestId={id}Cancel a pending deletion request.
Deletion Statuses
| Status | Description |
|---|---|
pending | Request received |
scheduled | Scheduled for deletion |
processing | Deletion in progress |
completed | Account deleted |
cancelled | Request cancelled |
Data Retention
Default data retention periods:
| Data Type | Retention |
|---|---|
| Documents | Until deleted |
| Extractions | Until deleted |
| Chat history | 1 year |
| Audit logs | 3 years |
| Analytics | 1 year |
Organizations can configure custom retention periods in settings.
Privacy Audit Log
All GDPR-related actions are logged:
- Consent changes
- Data exports
- Deletion requests
- Profile access
- Data modifications
Access audit logs via the Documents API.
Last updated on