| PRIVACY.md | ||
| README.md | ||
Plover
Local-first privacy rights assistant. CCPA/GDPR Data Subject Access Requests (DSARs), erasure requests, regulatory escalation — no cloud required.
Part of the Circuit Forge LLC menagerie — AI for the tasks the system made hard on purpose.
Status: Backlog — not yet started. See the roadmap for priority order.
What it does
Plover manages your privacy rights across companies worldwide: submitting Data Subject Access Requests (DSARs), Right to Erasure requests, data portability requests, opt-out-of-sale notices, and escalating to regulatory bodies when companies stonewall or miss their legal deadlines.
The word "plover" traces to Latin pluvia (rain) — plovers were once believed to detect approaching rain and navigate by it. The common snipe plover probes into mud to find what is buried, hidden, and otherwise inaccessible. That is exactly what this product does: extracts data that companies have buried and are legally required to give you.
Why it is hard
Privacy rights exist on paper but are designed to be abandoned:
- Companies have no incentive to make DSAR submission easy; most bury the form or require accounts
- Legal deadlines are short but enforcement is weak for individuals (30 days GDPR, 45 days CCPA)
- Responses are often partial, evasive, or in formats designed to be unreadable
- Escalation paths (Data Protection Authorities, state Attorneys General, the Federal Trade Commission) require formal complaints with specific formats
- Identity verification requirements vary and are sometimes used as gatekeeping
Legal frameworks supported
| Regulation | Region | Key rights |
|---|---|---|
| GDPR | EU / EEA | Access, erasure, portability, rectification, restrict processing |
| CCPA / CPRA | California, USA | Know, delete, opt-out of sale/sharing, correct, limit sensitive use |
| PIPEDA | Canada | Access, correction, withdrawal of consent |
| LGPD | Brazil | Access, deletion, portability, correction, anonymization |
| UK GDPR | United Kingdom | Post-Brexit GDPR equivalent |
| State privacy laws | USA (VA, CO, CT, TX, OR, MT, and others) | Access, deletion, opt-out (varies by state) |
| APPI | Japan | Disclosure, correction, use limitation |
Core pipeline
Inventory data exposures (companies holding your data and what category)
→ Generate tailored DSAR, erasure, or opt-out letter per company and jurisdiction
→ Submit via verified channel (email, web form, or certified mail)
→ Track legal deadline (GDPR: 30 days; CCPA: 45 days; with grace periods)
→ Monitor for response → Human reviews company response for completeness
→ LLM flags if response does not meet legal minimums
→ If non-compliant or no response: draft DPA or state AG complaint
→ Track escalation status
Response handling
When a company responds, Plover:
- Parses the response (email, PDF, or portal export)
- Checks against your original request: what was addressed, what was dodged
- Flags if the response does not meet legal minimums for the applicable regulation
- Drafts a follow-up or escalation letter as needed
Company database
A structured, community-maintained database of:
- DSAR submission endpoints (email, web form URL, or postal address) per company
- Average response time (crowdsourced)
- Compliance rating: historically responsive, stonewalls, or partial
- Required identity verification documents
MIT-licensed, like the job board scrapers in Peregrine. The community maintains it because company policies change constantly.
Privacy · Safety · Accessibility
Privacy: DSAR responses may contain your own personal information. Plover processes all response analysis locally. Response documents are never routed through a cloud LLM without your explicit consent per-request.
Safety: Plover drafts letters and tracks deadlines. It does not file complaints on your behalf without your review and approval. Legal interpretations are reference material, not legal advice.
Accessibility: Letter templates are available in plain language and formal legal language. Escalation workflows are guided step-by-step. The jurisdiction matrix covers 50+ countries with plain-English summaries of your rights in each.
Tiers
| Tier | What you get |
|---|---|
| Free | DSAR and erasure letter generation, deadline tracker, local LLM response review, company database |
| Paid | Automated submission monitoring, email sync for response tracking, regulatory escalation templates, cloud sync across devices |
| Premium | Multi-person household support, business DSAR compliance tools (for small businesses managing inbound DSARs), fine-tuned response analysis model |
Get involved
Plover is pre-development. The best thing you can do right now is open an issue with:
- A specific company or industry where you have tried to exercise privacy rights and found it difficult
- Regulations or jurisdictions you want prioritized
- Experience with regulatory body complaint processes (what worked, what did not)
- Identity verification gatekeeping tactics you have encountered
Early issues shape what gets built first. Star the repo to follow progress.
Product code
License key format: CFG-PLVR-XXXX-XXXX-XXXX
Tech notes
- Built on the shared circuitforge-core scaffold
- Jurisdiction detection: user location plus company headquarters location determines applicable law
- Letter template library: per-regulation, per-right, per-escalation-level
- Email sync: monitor company responses and flag when deadline approaches
- Response analysis: local LLM review of company responses against legal checklists
- Vision module: scan physical mail responses and PDF exports from companies
- Company database: MIT-licensed, community-maintained DSAR endpoint registry
License
Business Source License 1.1 — free for personal non-commercial self-hosting. Converts to MIT after four years. Commercial use requires a paid license.