docs: initial product stub
This commit is contained in:
commit
4f885f132e
2 changed files with 91 additions and 0 deletions
7
PRIVACY.md
Normal file
7
PRIVACY.md
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
# Privacy Policy
|
||||
|
||||
CircuitForge LLC's privacy policy applies to this product and is published at:
|
||||
|
||||
**<https://circuitforge.tech/privacy>**
|
||||
|
||||
Last reviewed: March 2026.
|
||||
84
README.md
Normal file
84
README.md
Normal file
|
|
@ -0,0 +1,84 @@
|
|||
# Egret — Privacy Rights & Data Request Management
|
||||
|
||||
> *Part of the Circuit Forge LLC "AI for the tasks you hate most" suite.*
|
||||
|
||||
**Status:** Backlog — not yet started. Peregrine must prove the model first.
|
||||
|
||||
## What it does
|
||||
|
||||
Egret manages your privacy rights across companies worldwide: submitting Data Subject Access Requests (DSARs), Right to Erasure requests, data portability requests, opt-out-of-sale notices, and escalating to regulatory bodies when companies stonewall or miss their legal deadlines.
|
||||
|
||||
The name is intentional: *egret* sounds like *egress* — data flowing out of companies' systems and back under your control. Egrets are patient, methodical, and precise. White, clean. That's the goal.
|
||||
|
||||
## Legal frameworks supported
|
||||
|
||||
| Regulation | Region | Key rights |
|
||||
|---|---|---|
|
||||
| GDPR | EU / EEA | Access, erasure, portability, rectification, restrict processing |
|
||||
| CCPA / CPRA | California, USA | Know, delete, opt-out of sale/sharing, correct, limit sensitive use |
|
||||
| PIPEDA | Canada | Access, correction, withdrawal of consent |
|
||||
| LGPD | Brazil | Access, deletion, portability, correction, anonymization |
|
||||
| PDPA | Thailand / Singapore | Access, correction, deletion, portability |
|
||||
| UK GDPR | United Kingdom | Post-Brexit GDPR equivalent |
|
||||
| State privacy laws | USA (VA, CO, CT, TX, OR, MT, +) | Access, deletion, opt-out (varies by state) |
|
||||
| APPI | Japan | Disclosure, correction, use limitation |
|
||||
|
||||
## Why it's hard
|
||||
|
||||
Privacy rights exist on paper but are designed to be abandoned:
|
||||
- Companies have no incentive to make DSAR submission easy — most bury the form or require accounts
|
||||
- Legal deadlines are short but enforcement is weak for individuals (30 days GDPR, 45 days CCPA)
|
||||
- Responses are often partial, evasive, or in formats designed to be unreadable
|
||||
- Escalation paths (DPAs, state AGs, FTC) require formal complaints with specific formats
|
||||
- Identity verification requirements vary and are sometimes used as gatekeeping
|
||||
|
||||
## Core pipeline
|
||||
|
||||
```
|
||||
Inventory data exposures (companies with your data + what category)
|
||||
→ Generate tailored DSAR / erasure / opt-out letter per company
|
||||
→ Submit via verified channel (email / web form / certified mail)
|
||||
→ Track deadline (GDPR: 30 days; CCPA: 45 days; grace periods)
|
||||
→ Monitor for response → Review compliance of response
|
||||
→ If non-compliant / no response: draft DPA / state AG complaint
|
||||
→ Track escalation status
|
||||
```
|
||||
|
||||
## Key differentiators vs. other products
|
||||
|
||||
- Multi-jurisdiction: the correct legal framing, citation, and deadline vary by company location AND your location
|
||||
- Identity verification workflow: guide user through what to submit (and what NOT to overshare)
|
||||
- Partial response detection: AI reviews company response for completeness vs. legal requirements
|
||||
- Escalation chain: ICO → CNIL → Datatilsynet → state AG → FTC → small claims, based on jurisdiction and response
|
||||
|
||||
## Response handling
|
||||
|
||||
When a company responds, Egret:
|
||||
1. Parses the response (email / PDF / portal export)
|
||||
2. Checks against your original request — what was addressed, what was dodged
|
||||
3. Flags if the response doesn't meet legal minimums
|
||||
4. Drafts a follow-up or escalation letter as needed
|
||||
|
||||
## Company database
|
||||
|
||||
A structured, community-maintained database of:
|
||||
- DSAR submission endpoints (email, web form URL, or postal address) per company
|
||||
- Average response time (crowdsourced)
|
||||
- Compliance rating (historically responsive / stonewalls / partial)
|
||||
- Required identity verification documents
|
||||
|
||||
MIT-licensed, like the job board scrapers in Peregrine — the community maintains it because company policies change constantly.
|
||||
|
||||
## Product code (license key)
|
||||
|
||||
`CFG-EGRT-XXXX-XXXX-XXXX`
|
||||
|
||||
## Tech notes
|
||||
|
||||
- Shared `circuitforge-core` scaffold
|
||||
- Jurisdiction detection: user location + company HQ → applicable law
|
||||
- Letter template library: per-regulation, per-right, per-escalation-level
|
||||
- Email sync: monitor company responses, flag when deadline approaches
|
||||
- Response analysis: LLM review of company responses against legal checklists
|
||||
- Vision module: scan physical mail responses, PDF exports from companies
|
||||
- ⚠️ Sensitive data handling: DSAR responses may include PII — local-only processing, never routed through cloud LLM without explicit consent
|
||||
Loading…
Reference in a new issue