Privacy
Granit.Privacy implements GDPR data subject rights (Art. 15–18): data export orchestration via saga, right to erasure with cascading notifications, and legal agreement tracking.
Package structure
Section titled “Package structure”- Granit.Privacy GDPR data export saga, legal agreements, data provider registry
| Package | Role | Depends on |
|---|---|---|
Granit.Privacy | GDPR data export/deletion orchestration, legal agreements | Granit.Core |
[DependsOn(typeof(GranitPrivacyModule))]public class AppModule : GranitModule{ public override void ConfigureServices(ServiceConfigurationContext context) { context.Services.AddGranitPrivacy(privacy => { privacy.RegisterDataProvider("PatientModule"); privacy.RegisterDataProvider("BlobStorageModule"); privacy.RegisterDocument( "privacy-policy", "2.1", "Privacy Policy"); privacy.RegisterDocument( "terms-of-service", "1.0", "Terms of Service"); }); }}Data provider registry
Section titled “Data provider registry”Modules register themselves as data providers to participate in GDPR data export and deletion workflows:
privacy.RegisterDataProvider("PatientModule");When a data subject requests export or deletion, the saga queries all registered providers and waits for each to complete.
GDPR data export saga
Section titled “GDPR data export saga”stateDiagram-v2
[*] --> Requested: PersonalDataRequestedEvent
Requested --> Collecting: Query all providers
Collecting --> Prepared: PersonalDataPreparedEvent
Prepared --> Completed: ExportCompletedEvent
Collecting --> TimedOut: ExportTimedOutEvent
Completed --> [*]
TimedOut --> [*]
The export saga orchestrates data collection across all registered data providers. Each provider prepares its data independently, and the saga assembles the final export package.
GDPR deletion
Section titled “GDPR deletion”sequenceDiagram
participant User
participant API
participant Saga
participant Identity
participant BlobStorage
participant Notifications
User->>API: DELETE /privacy/my-data
API->>Saga: PersonalDataDeletionRequestedEvent
Saga->>Identity: DeleteByIdAsync (hard delete)
Saga->>BlobStorage: Delete user blobs
Saga->>Notifications: Delete delivery records
Identity-->>Saga: IdentityUserDeletedEvent
Saga->>User: Acknowledgment notification
Legal agreements
Section titled “Legal agreements”Track consent to legal documents (privacy policy, terms of service):
privacy.RegisterDocument("privacy-policy", "2.1", "Privacy Policy");Provide a store implementation to persist agreement records:
privacy.UseLegalAgreementStore<EfCoreLegalAgreementStore>();ILegalAgreementChecker verifies if a user has signed the current version of a
document — useful for middleware that blocks access until consent is renewed after
a policy update.
Configuration reference
Section titled “Configuration reference”{ "Privacy": { "ExportTimeoutMinutes": 5, "ExportMaxSizeMb": 100 }}Public API summary
Section titled “Public API summary”| Category | Key types | Package |
|---|---|---|
| Module | GranitPrivacyModule | — |
| Registry | IDataProviderRegistry, ILegalDocumentRegistry, ILegalAgreementChecker | Granit.Privacy |
| Builder | GranitPrivacyBuilder, GranitPrivacyOptions | Granit.Privacy |
| Events | PersonalDataRequestedEvent, PersonalDataDeletionRequestedEvent, ExportCompletedEvent, ExportTimedOutEvent | Granit.Privacy |
| Extensions | AddGranitPrivacy() | Granit.Privacy |
See also
Section titled “See also”- Cookies module — GDPR cookie categories, consent management, Klaro CMP
- Authentication module — Authentication, authorization
- Identity module — GDPR erasure and pseudonymization on user cache
- Core module —
ISoftDeletable, data filter interfaces