← overview

User portal — GDPR articles 15-22

Layer 4 · employee-facing · access + rectification + erasure + portability + objection

Employee accesses via browser · self-service · data local to the customer cluster · no external middleware EMPLOYEE [email protected] browser · private session no cloud account 1. SIGN UP POST /v1/user/signup admin email-domain whitelist rate limit per IP password hashed (OWASP) 2. VERIFY EMAIL GET /v1/user/verify?token=… SMTP via admin config verified_at := now() → account active 3. LOG IN POST /v1/user/login session cookie password verify → /v1/user/ui USER PORTAL — /v1/user/ui lightweight reactive SPA CONVERSATIONS LLM chat history cross-turn context preserved encrypted in storage MEMORIES auto-extracted facts proprietary long-term layout vector search GDPR ZONE export · rectif · erasure change password self-service GDPR RIGHTS — auto-exposed in the user portal ART. 15 · Right of access GET /v1/user/me GET /v1/user/memories/list GET /v1/user/conversations GET /v1/user/audit → see all my data ART. 16 · Rectification PUT /v1/user/profile POST /v1/user/password/change DELETE /v1/user/memories/{id} (delete a single fact) → correct what is inaccurate ART. 17 · Right to be forgotten POST /v1/user/rgpd/delete-account cascade: conversations + memories audit trail anonymized (uid hash) client_ip := NULL → erase me completely ART. 20 Portability GET /v1/user/rgpd/export-all ZIP: profile + conversations + decrypted memories → standard JSON format 🔒 TECHNICAL GUARANTEES Password hashing (OWASP parameters) Hashed tokens for signup/reset/session · configurable TTL Encrypted user memories in storage GDPR audit append-only (insert only) Email verify required before login Silent anti-enumeration All employee data stays inside the customer cluster No transfer to external services · no third-party cloud · no analytics
Sign-up / email verify (orange)
Authenticated login (blue)
GDPR zone (articles 15-22, violet)

Art. 15 RIGHT OF ACCESS

  • • GET /v1/user/me — profile + verified_at
  • • GET /v1/user/conversations — chat history
  • • GET /v1/user/memories/list — auto-extracted facts
  • • GET /v1/user/audit — every GDPR action ever taken
  • • Transparent pagination · no hidden access

Art. 17 RIGHT TO BE FORGOTTEN

  • • POST /v1/user/rgpd/delete-account
  • • Cascade DELETE: conversations + memories + sessions
  • • Employee row: anonymized (uid hash)
  • • client_ip := NULL in audit
  • • Irreversible operation, confirmation required

Art. 20 PORTABILITY

  • • GET /v1/user/rgpd/export-all
  • • Standard JSON/ZIP format
  • • Includes: profile + conversations + decrypted memories
  • • Migrable to another system
  • • On-demand generation, no persistent staging
Cellule-PRO · GDPR user portal · overview · Admin dashboard