-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsimple.yml
267 lines (262 loc) · 11.9 KB
/
simple.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
# yaml-language-server: $schema=https://raw.githubusercontent.com/transcend-io/cli/main/transcend-yml-schema-latest.json
# Manage at: https://app.transcend.io/infrastructure/api-keys
# See https://docs.transcend.io/docs/authentication
# Define API keys that may be shared across data silos
# in the data map. When creating new data silos through the yaml
# cli, it is possible to specify which API key should be associated
# with the newly created data silo.
api-keys:
- title: Webhook Key
- title: Analytics Key
# Manage at: https://app.transcend.io/privacy-requests/email-templates
# See https://docs.transcend.io/docs/privacy-requests/configuring-requests/email-templates
# Define email templates here.
templates:
- title: Your Data Report is Ready
- title: We Love Data Rights And You Do Too
# Manage at: https://app.transcend.io/privacy-requests/identifiers
# See https://docs.transcend.io/docs/identity-enrichment
# Define enricher or pre-flight check webhooks that will be executed
# prior to privacy request workflows. Some examples may include:
# - identity enrichment: look up additional identifiers for that user.
# i.e. map an email address to a user ID
# - fraud check: auto-cancel requests if the user is flagged for fraudulent behavior
# - customer check: auto-cancel request for some custom business criteria
enrichers:
- title: Basic Identity Enrichment
description: Enrich an email address to the userId and phone number
url: https://example.acme.com/transcend-enrichment-webhook
input-identifier: email
output-identifiers:
- userId
- phone
- myUniqueIdentifier
- title: Fraud Check
description: Ensure the email address is not marked as fraudulent
url: https://example.acme.com/transcend-fraud-check
input-identifier: email
output-identifiers:
- email
# Only call the webhook on certain action types
privacy-actions:
- ERASURE
# Note: description is an optional field
- title: Analytics Enrichment
url: https://analytics.acme.com/transcend-enrichment-webhook
input-identifier: userId
output-identifiers:
- advertisingId
# Manage at: https://app.transcend.io/privacy-requests/connected-services
# See https://docs.transcend.io/docs/the-data-map#data-silos
# Define the data silos in your data map. A data silo can be a database,
# or a web service that may use a collection of different data stores under the hood.
data-silos:
# Note: title is the only required top-level field for a data silo
- title: Redshift Data Warehouse
description: The mega-warehouse that contains a copy over all SQL backed databases
# The webhook URL to notify for data privacy requests
url: https://example.acme.com/transcend-webhook
headers:
- name: test
value: value
isSecret: true
- name: dummy
value: dummy
isSecret: false
integrationName: server
# The title of the API key that will be used to respond to privacy requests
api-key-title: Webhook Key
# Specify which data subjects may have personally-identifiable-information (PII) within this system
# This field can be omitted, and the default assumption will be that the system may potentially
# contain PII for any potential data subject type.
data-subjects:
- customer
- employee
- newsletter-subscriber
- b2b-contact
# When this data silo implements a privacy request, these are the identifiers
# that should be looked up within this system.
identity-keys:
- email
- userId
# When a data erasure request is being performed, this data silo should not be deleted from
# until all of the following data silos were deleted first. This list can contain other internal
# systems defined in this file, as well as any of the SaaS tools connected in your Transcend instance.
deletion-dependencies:
- Identity Service
# The email addresses of the employees within your company that are the go-to individuals
# for managing this data silo
owners:
teams:
- Developer
- Request Management
# Datapoints are the different types of data models that existing within your data silo.
# If the data silo is a database, these would be your tables.
# Note: These are currently called "datapoints" in the Transcend UI and documentation.
# See: https://docs.transcend.io/docs/the-data-map#datapoints
datapoints:
- title: Webhook Notification
key: _global
# The types of privacy actions that this webhook can implement
# See "RequestActionObjectResolver": https://github.com/transcend-io/privacy-types/blob/main/src/actions.ts
# AUTOMATED_DECISION_MAKING_OPT_OUT: Opt out of automated decision making
# CONTACT_OPT_OUT: Opt out of all communication
# SALE_OPT_OUT: Opt-out of the sale of personal data
# TRACKING_OPT_OUT: Opt out of tracking
# ACCESS: Data Download request
# ERASURE: Erase the profile from the system
# ACCOUNT_DELETION: Run an account deletion instead of a fully compliant deletion
# RECTIFICATION: Make an update to an inaccurate record
# RESTRICTION: Restrict processing
privacy-actions:
- ACCESS
- ERASURE
- SALE_OPT_OUT
- title: User Model
description: The centralized user model user
# AKA table name
key: users
owners:
teams:
- Platform
- Customer Experience
# The types of privacy actions that this datapoint can implement
# See "InternalDataSiloObjectResolver": https://github.com/transcend-io/privacy-types/blob/main/src/actions.ts
# ACCESS: Data Download request
privacy-actions:
- ACCESS
# Provide field-level metadata for this datapoint.
fields:
- key: firstName
title: First Name
description: The first name of the user, inputted during onboarding
# The category of personal data for this datapoint
# See: https://github.com/transcend-io/privacy-types/blob/main/src/objects.ts
# FINANCIAL: Financial information
# HEALTH: Health information
# CONTACT: Contact information
# LOCATION: Geo-location information
# DEMOGRAPHIC: Demographic Information
# ID: Identifiers that uniquely identify a person
# ONLINE_ACTIVITY: The user's online activities on the first party website/app or other websites/apps
# USER_PROFILE: The user’s profile on the first-party website/app and its contents
# SOCIAL_MEDIA: User profile and data from a social media website/app or other third party service
# CONNECTION: Connection information for the current browsing session, e.g. device IDs, MAC addresses, IP addresses, etc.
# TRACKING: Cookies and tracking elements
# DEVICE: Computer or device information
# SURVEY: Any data that is collected through surveys
# OTHER: A specific type of information not covered by the above categories
# UNSPECIFIED: The type of information is not explicitly stated or unclear
categories:
- category: USER_PROFILE
name: Name
# What is the purpose of processing for this datapoint/table?
# See: https://github.com/transcend-io/privacy-types/blob/main/src/objects.ts
# ESSENTIAL: Provide a service that the user explicitly requests and that is part of the product's basic service or functionality
# ADDITIONAL_FUNCTIONALITY: Provide a service that the user explicitly requests but that is not a necessary part of the product's basic service
# ADVERTISING: To show ads that are either targeted to the specific user or not targeted
# MARKETING: To contact the user to offer products, services, or other promotions
# ANALYTICS: For understanding the product’s audience, improving the product, inform company strategy, or general research
# PERSONALIZATION: For providing user with a personalized experience
# OPERATION_SECURITY: For product operation and security, enforcement of terms of service, fraud prevention, protecting users and property, etc.
# LEGAL: For compliance with legal obligations
# TRANSFER: For data that was transferred as part of a change in circumstance (e.g. a merger or acquisition)
# SALE: For selling the data to third parties
# HR: For personnel training, recruitment, payroll, management, etc.
# OTHER: Other specific purpose not covered above
# UNSPECIFIED: The purpose is not explicitly stated or is unclear
purposes:
- purpose: PERSONALIZATION
name: Other
- key: email
title: Email
description: The email address of the user
categories:
- category: CONTACT
name: Email
- category: USER_PROFILE
name: Name
purposes:
- purpose: ESSENTIAL
name: Login
- purpose: OPERATION_SECURITY
name: Other
- title: Demo Request
key: demos
description: A demo request by someone that does not have a formal account
privacy-actions:
- ACCESS
fields:
- key: companyName
title: Company Name
description: The name of the company of the person requesting the demo
categories:
- category: CONTACT
name: Other
purposes:
- purpose: ESSENTIAL
name: Demo
- key: email
title: Email
description: The email address to use for coordinating the demo
categories:
- category: CONTACT
name: Email
purposes:
- purpose: ESSENTIAL
name: Demo
- title: Password
key: passwords
description: A password for a user
fields:
- key: hash
title: Password Hash
description: Hash of the password
categories:
- category: OTHER
name: Password
purposes:
- purpose: OPERATION_SECURITY
name: Other
- key: email
title: Email
description: The email address to use for coordinating the demo
categories:
- category: CONTACT
name: Email
purposes:
- purpose: OPERATION_SECURITY
name: Other
# Defined web services in addition or instead of databases.
# The examples below define a subset of the fields.
# The remainder of the fields will be managed through the Transcend admin dashboard
# at the link: https://app.transcend.io/privacy-requests/connected-services
- title: Identity Service
description: Micro-service that stores user metadata
integrationName: server
# Share the API key between services
api-key-title: Webhook Key
teams:
- Developer
datapoints:
- title: Webhook Notification
key: _global
privacy-actions:
- ACCESS
- CONTACT_OPT_OUT
- title: Auth User
description: The centralized authentication object for a user
key: auth
privacy-actions:
- ACCESS
- title: Analytics Service
integrationName: server
data-subjects:
- customer
# The title of the API key that will be used to respond to privacy requests
api-key-title: Analytics Key
# Specify this flag if the data silo is under development and should not be included
# in production privacy request workflows. Will still sync metadata to app.transcend.io.
disabled: true