feat: #168 GDPR/CCPA data privacy and compliance system

backend/src/app.module.ts

@@ -34,7 +34,7 @@ import { AllergiesModule } from './modules/allergies/allergies.module';
 import { ConditionsModule } from './modules/conditions/conditions.module';
 
 import { VerificationModule } from './modules/verification/verification.module';
-import { ZkpModule } from './modules/zkp/zkp.module';
+import { GdprModule } from './modules/gdpr/gdpr.module';
 
 // File Upload & Storage Modules
 import { StorageModule } from './modules/storage/storage.module';
@@ -109,7 +109,7 @@ import { WebSocketModule } from './websocket/websocket.module';
     ConditionsModule,
 
     VerificationModule,
-    ZkpModule,
+    GdprModule,
 
     // File Upload, Storage, Security & Processing
     StorageModule,

backend/src/modules/gdpr/dto/gdpr.dto.ts

@@ -0,0 +1,16 @@
+import { IsEnum, IsBoolean, IsOptional, IsString } from 'class-validator';
+import { ConsentType } from '../entities/user-consent.entity';
+
+export class UpdateConsentDto {
+  @IsEnum(ConsentType)
+  type: ConsentType;
+
+  @IsBoolean()
+  granted: boolean;
+}
+
+export class RequestDeletionDto {
+  @IsOptional()
+  @IsString()
+  reason?: string;
+}

backend/src/modules/gdpr/entities/data-deletion-request.entity.ts

@@ -0,0 +1,37 @@
+import {
+  Entity,
+  PrimaryGeneratedColumn,
+  Column,
+  CreateDateColumn,
+} from 'typeorm';
+
+export enum DeletionStatus {
+  PENDING = 'pending',
+  PROCESSING = 'processing',
+  COMPLETED = 'completed',
+  FAILED = 'failed',
+}
+
+@Entity('data_deletion_requests')
+export class DataDeletionRequest {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ name: 'user_id' })
+  userId: string;
+
+  @Column({ type: 'enum', enum: DeletionStatus, default: DeletionStatus.PENDING })
+  status: DeletionStatus;
+
+  @Column({ type: 'text', nullable: true })
+  reason: string | null;
+
+  @Column({ type: 'jsonb', nullable: true, name: 'deleted_entities' })
+  deletedEntities: Record<string, number> | null;
+
+  @Column({ type: 'timestamptz', nullable: true, name: 'completed_at' })
+  completedAt: Date | null;
+
+  @CreateDateColumn({ name: 'created_at' })
+  createdAt: Date;
+}

backend/src/modules/gdpr/entities/user-consent.entity.ts

@@ -0,0 +1,41 @@
+import {
+  Entity,
+  PrimaryGeneratedColumn,
+  Column,
+  CreateDateColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+
+export enum ConsentType {
+  MARKETING = 'marketing',
+  ANALYTICS = 'analytics',
+  DATA_SHARING = 'data_sharing',
+  ESSENTIAL = 'essential',
+}
+
+@Entity('user_consents')
+export class UserConsent {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ name: 'user_id' })
+  userId: string;
+
+  @Column({ type: 'enum', enum: ConsentType })
+  type: ConsentType;
+
+  @Column({ default: false })
+  granted: boolean;
+
+  @Column({ type: 'inet', nullable: true, name: 'ip_address' })
+  ipAddress: string | null;
+
+  @Column({ nullable: true, name: 'user_agent' })
+  userAgent: string | null;
+
+  @CreateDateColumn({ name: 'created_at' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ name: 'updated_at' })
+  updatedAt: Date;
+}

backend/src/modules/gdpr/gdpr.controller.ts

@@ -0,0 +1,70 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Patch,
+  Body,
+  Param,
+  Req,
+  HttpCode,
+  HttpStatus,
+  Headers,
+} from '@nestjs/common';
+import { Request } from 'express';
+import { GdprService } from './gdpr.service';
+import { UpdateConsentDto, RequestDeletionDto } from './dto/gdpr.dto';
+
+@Controller('gdpr')
+export class GdprController {
+  constructor(private readonly gdprService: GdprService) {}
+
+  /** GET /gdpr/users/:userId/consents */
+  @Get('users/:userId/consents')
+  getConsents(@Param('userId') userId: string) {
+    return this.gdprService.getConsents(userId);
+  }
+
+  /** POST /gdpr/users/:userId/consents/init */
+  @Post('users/:userId/consents/init')
+  @HttpCode(HttpStatus.CREATED)
+  initConsents(@Param('userId') userId: string) {
+    return this.gdprService.initDefaultConsents(userId);
+  }
+
+  /** PATCH /gdpr/users/:userId/consents */
+  @Patch('users/:userId/consents')
+  updateConsent(
+    @Param('userId') userId: string,
+    @Body() dto: UpdateConsentDto,
+    @Req() req: Request,
+    @Headers('user-agent') userAgent?: string,
+  ) {
+    const ip = (req.headers['x-forwarded-for'] as string)?.split(',')[0] ?? req.socket.remoteAddress ?? null;
+    return this.gdprService.updateConsent(userId, dto, ip ?? undefined, userAgent);
+  }
+
+  /** POST /gdpr/users/:userId/deletion-request */
+  @Post('users/:userId/deletion-request')
+  @HttpCode(HttpStatus.CREATED)
+  requestDeletion(@Param('userId') userId: string, @Body() dto: RequestDeletionDto) {
+    return this.gdprService.requestDeletion(userId, dto);
+  }
+
+  /** POST /gdpr/deletion-requests/:requestId/process */
+  @Post('deletion-requests/:requestId/process')
+  processDeletion(@Param('requestId') requestId: string) {
+    return this.gdprService.processDeletion(requestId);
+  }
+
+  /** GET /gdpr/users/:userId/deletion-status */
+  @Get('users/:userId/deletion-status')
+  getDeletionStatus(@Param('userId') userId: string) {
+    return this.gdprService.getDeletionStatus(userId);
+  }
+
+  /** GET /gdpr/users/:userId/export */
+  @Get('users/:userId/export')
+  exportData(@Param('userId') userId: string) {
+    return this.gdprService.exportUserData(userId);
+  }
+}

backend/src/modules/gdpr/gdpr.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { UserConsent } from './entities/user-consent.entity';
+import { DataDeletionRequest } from './entities/data-deletion-request.entity';
+import { GdprService } from './gdpr.service';
+import { GdprController } from './gdpr.controller';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([UserConsent, DataDeletionRequest])],
+  controllers: [GdprController],
+  providers: [GdprService],
+  exports: [GdprService],
+})
+export class GdprModule {}