Processing Purposes
Purpose registry
Section titled “Purpose registry”Declare processing purposes at application startup:
context.Services.AddGranitPrivacy(privacy =>{ privacy.RegisterProcessingPurpose( "marketing-emails", "Marketing Communications", "Sending promotional emails based on user preferences", "CONSENT", requiresExplicitConsent: true);
privacy.RegisterProcessingPurpose( "order-fulfillment", "Order Processing", "Processing orders placed by the user", "CONTRACT");
privacy.RegisterProcessingPurpose( "analytics", "Usage Analytics", "Tracking application usage for improvement", "LEGITIMATE_INTEREST");});The IProcessingPurposeRegistry is backed by FrozenDictionary for thread-safe,
read-optimized access at runtime.
Legal bases by regulation
Section titled “Legal bases by regulation”| Regulation | Legal bases | | ---------- | ----------- | | GDPR (6) | Consent, Contract, Legal Obligation, Vital Interest, Public Interest, Legitimate Interest | | LGPD (10) | GDPR 6 + Credit Protection, Health Protection, Research, Life Protection | | PIPL (7) | Consent, Contract, Legal Obligation, Vital Interest, Public Interest, HR Management, Statutory Duty | | CCPA | No legal basis concept (consumer rights model) |
Endpoint
Section titled “Endpoint”| Method | Route | Operation | Permission |
| ------ | ----- | --------- | ---------- |
| GET | /purposes | ListProcessingPurposes | Privacy.Purposes.Read |
Returns all registered processing purposes with their legal basis, consent requirement, and optional data category.
See also
Section titled “See also”- Privacy overview — module setup and data provider registry
- Regulations — Art. 6 / Art. 7 mapping per regulation profile
- Legal Agreements — consent records tied to declared purposes
- Data Export — purposes appear as data categories in the export
- Data Deletion — sibling subject-rights flow