-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathdata_retention.yml
217 lines (206 loc) · 8.19 KB
/
data_retention.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# yaml-language-server: $schema=https://raw.githubusercontent.com/transcend-io/cli/main/transcend-yml-schema-latest.json
# This file outlines an example of how one may define a workflow for deleting data with Transcend.
# In this example, we want to define a pipeline for deleting a set of video files associated with an account.
# Manage at: https://app.transcend.io/infrastructure/api-keys
# See https://docs.transcend.io/docs/authentication
# Define API keys that may be used to integrate into Transcend from a custom
# web service or script.
# When creating new data silos through the yaml
# cli, it is possible to specify which API key should be associated
# with the newly created data silo.
api-keys:
- title: 'Server Integration: Server Webhook'
# Manage at: https://app.transcend.io/privacy-requests/identifiers
# See https://docs.transcend.io/docs/identity-enrichment
# Define enricher or pre-flight check webhooks that will be executed
# prior to privacy request workflows. Some examples may include:
# - identity enrichment: look up additional identifiers for that request.
# i.e. map an email address to a user ID, s3 keys
# or other identifiers required to make the request
# - fraud check: auto-cancel requests if account or user flagged for fraudulent behavior
# - customer check: auto-cancel request for some custom business criteria
enrichers:
- title: Fetch Identifiers for Video Deletion
description: Fetch the collection of identifiers that should be used for the deletion job.
url: https://enterprise.acme.com/transcend-enrichment-webhook
input-identifier: coreIdentifier
output-identifiers:
- amazonS3Key
- zoomVideoId
- email
- googleCloudStorageKey
- title: Account Freeze Check
description: Auto cancel job is account or user is under investigation
url: https://identity.acme.com/transcend-fraud-check-webhook
input-identifier: email
output-identifiers:
- email
# Manage at: https://app.transcend.io/privacy-requests/connected-services
# See https://docs.transcend.io/docs/the-data-map#data-silos
# Define the data silos in your data map. A data silo can be a database,
# or a web service that may use a collection of different data stores under the hood.
# You can manage data silos on the Transcend admin dashboard or in your codebase.
data-silos:
# ################# #
# SaaS Integrations #
# ################# #
# We will want to delete data from zoom for both a customer deletion request
# as well as an enterprise deletion request
- title: Zoom
integrationName: zoom
identity-keys:
- email
- zoomVideoId
owners:
# ############ #
# File Storage #
# ############ #
# For Google Cloud Storage, Amazon S3, or other file services
# Object keys can be provided to Transcend, and Transcend will handle
# the coordination of deleting those objects.
# Transcend can extended the integrations in our catalog as needed to meet your use case.
# This can include things like file deletion, folder deletion, unstructured
# search for an email address.
- title: Google Cloud Storage
integrationName: promptAPerson
identity-keys:
- googleCloudStorageKey
owners:
datapoints:
- title: Enterprise Video Bucket
description: Bucket containing the video files for enterprise customers.
key: _global
privacy-actions:
- ERASURE
- title: Amazon S3
description: >-
Amazon Simple Storage Service (Amazon S3) is an object storage service
that offers industry-leading scalability, data availability, security, and
performance.
integrationName: promptAPerson
identity-keys:
- amazonS3Key
datapoints:
- title: Enterprise Video Backup Bucket
description: Bucket containing the backup video files for enterprise customers.
key: _global
privacy-actions:
- ERASURE
# If for some reason you needed to do something manually
# you could specify a job to manually notify someone to delete from a particular system
- title: Manual Deletion from Desktop
description: Joe stores a lot of videos on his desktop, remind him to delete them.
integrationName: promptAPerson
identity-keys:
- coreIdentifier
deletion-dependencies: []
owners: []
disabled: false
datapoints:
- title: Prompt Manual Entry
description: Manually entered request data.
key: _global
privacy-actions:
- ERASURE
# ########### #
# Custom Code #
# ########### #
# Integrate in a custom deletion script that is triggered by a webhook
- title: Server Webhook
description: Notify a server to run a custom deletion script against the primary database.
integrationName: server
url: https://enterprise.acme.com/transcend-webhook
api-key-title: 'Server Integration: Server Webhook'
identity-keys:
- coreIdentifier
# Only delete the metadata from the database after the videos are deleted from the other tools
deletion-dependencies:
- Google Cloud Storage
- Amazon S3
owners: []
datapoints:
- title: Webhook Notification
description: >-
We will send your server a notification to perform an action for one
of your users.
key: _global
privacy-actions:
- ERASURE
# Integrate in a custom deletion script that polls for outstanding
# files to be deleted on some cadence
# see: https://docs.transcend.io/docs/api-reference/GET/v1/data-silo/(id)/pending-requests/(type)
- title: Daily Batched Job
description: Run a job daily that polls the Transcend API to check outstanding video files that need to be deleted
integrationName: cron
api-key-title: 'Server Integration: Server Webhook' # re-use the same API key
# job will batch over IDs to delete
# this is likely not needed if there is a direct connector to file storage
# is used instead, but can be used as an example as to how to integrate
# in batched deletion jobs
identity-keys:
- amazonS3Key
- zoomVideoId
- email
- googleCloudStorageKey
datapoints:
- title: Deletion Job
description: Run custom batched deletion job
key: _global
privacy-actions:
- ERASURE
# ############### #
# Direct Database #
# ############### #
# Transcend can connect directly to your database and run SQL statements.
# These statements can be managed in your codebase and pushed up to Transcend.
# Any changes will require approval on the Transcend dashboard by an administrator
# before they get enabled in production workflows.
- title: Database - MySQL
description: Integrate into the MySQL database to delete any metadata
integrationName: database
identity-keys:
- zoomVideoId
deletion-dependencies:
- Zoom
- Google Cloud Storage
datapoints:
- title: Video Files
key: schema.videos
description: 'Video file metadata'
privacy-action-queries:
ERASURE: DELETE FROM schema.videos WHERE video_id IN (?);
privacy-actions:
- ERASURE
- title: Video Files Backup
key: schema.video_backups
description: 'Video file metadata'
privacy-action-queries:
ERASURE: DELETE FROM schema.video_backups WHERE video_id IN (?);
privacy-actions:
- ERASURE
- title: Database - Snowflake
description: Integrate with your own databases, such as Amazon Redshift or PostgreSQL.
integrationName: database
identity-keys:
- coreIdentifier
deletion-dependencies:
- Zoom
- Google Cloud Storage
- Database - MySQL
datapoints:
- title: Video Files
key: schema.videos
description: 'Video file metadata'
privacy-action-queries:
ERASURE: DELETE FROM schema.videos WHERE video_id IN (?);
privacy-actions:
- ERASURE
- title: Video Files Backup
key: schema.video_backups
description: 'Video file metadata'
privacy-action-queries:
ERASURE: DELETE FROM schema.video_backups WHERE video_id IN (?);
privacy-actions:
- ERASURE