GeneralBots/botserver
2
1
Fork 0
Code Issues Pull requests Projects Releases 323 Packages Wiki Activity Actions
botserver/templates/compliance/privacy.gbai/README.md
Rodrigo Rodriguez (Pragmatismo) 48c1ae0b51 , dt.month, dt.hour, dt.is_weekend, etc.) 
- Add startup wizard module for first-run configuration
- Add white-label branding system with .product file support
- Add bot manager for lifecycle, MinIO buckets, and templates
- Add version tracking registry for component updates
- Create comparison doc: BASIC vs n8n/Zapier/Make/Copilot
- Add WhatsApp-style sample dialogs to template documentation
- Add data traceability SVG diagram ```
2025-11-30 15:07:29 -03:00

5.8 KiB
Raw Blame History

Privacy Rights Center Template (privacy.gbai)

A comprehensive LGPD/GDPR compliance template for General Bots that enables organizations to handle data subject rights requests automatically.

Overview

This template provides a complete privacy portal that helps organizations comply with:

  • LGPD (Lei Geral de Proteção de Dados - Brazil)
  • GDPR (General Data Protection Regulation - EU)
  • CCPA (California Consumer Privacy Act - US)
  • Other privacy regulations with similar data subject rights

Features

Data Subject Rights Implemented

Right LGPD Article GDPR Article Dialog File
Access Art. 18 Art. 15 request-data.bas
Rectification Art. 18 III Art. 16 rectify-data.bas
Erasure (Deletion) Art. 18 VI Art. 17 delete-data.bas
Data Portability Art. 18 V Art. 20 export-data.bas
Consent Management Art. 8 Art. 7 manage-consents.bas
Object to Processing Art. 18 IV Art. 21 object-processing.bas

Key Capabilities

  • Identity Verification - Email-based verification codes before processing requests
  • Audit Trail - Complete logging of all privacy requests for compliance
  • Multi-format Export - JSON, CSV, XML export options for data portability
  • Consent Tracking - Granular consent management with history
  • Email Notifications - Automated confirmations and reports
  • SLA Tracking - Response time monitoring (default: 72 hours)

Installation

  1. Copy the template to your bot's packages directory:
cp -r templates/privacy.gbai /path/to/your/bot/packages/
  1. Configure the bot settings in privacy.gbot/config.csv:
name,value
Company Name,Your Company Name
Privacy Officer Email,privacy@yourcompany.com
DPO Contact,dpo@yourcompany.com
  1. Restart General Bots to load the template.

Configuration Options

Required Settings

Setting Description Example
Company Name Your organization name Acme Corp
Privacy Officer Email Contact for privacy matters privacy@acme.com
DPO Contact Data Protection Officer dpo@acme.com

Optional Settings

Setting Default Description
Session Timeout 900 Session timeout in seconds
Response SLA Hours 72 Max hours to respond to requests
Data Retention Days 30 Days to retain completed request data
Enable HIPAA Mode false Enable PHI handling features
Require 2FA false Require two-factor authentication

File Structure

privacy.gbai/
├── README.md                    # This file
├── privacy.gbdialog/
│   ├── start.bas               # Main entry point
│   ├── request-data.bas        # Data access requests
│   ├── delete-data.bas         # Data erasure requests
│   ├── export-data.bas         # Data portability
│   └── manage-consents.bas     # Consent management
├── privacy.gbot/
│   └── config.csv              # Bot configuration
└── privacy.gbui/
    └── index.html              # Web portal UI

Usage Examples

Starting the Privacy Portal

Users can access the privacy portal by saying:

  • "I want to access my data"
  • "Delete my information"
  • "Export my data"
  • "Manage my consents"
  • Or selecting options 1-6 from the menu

API Integration

The template exposes REST endpoints for integration:

POST /api/privacy/request      - Submit a new request
GET  /api/privacy/requests     - List user's requests
GET  /api/privacy/request/:id  - Get request status
POST /api/privacy/consent      - Update consents

Webhook Events

The template emits webhook events for integration:

  • privacy.request.created - New request submitted
  • privacy.request.completed - Request fulfilled
  • privacy.consent.updated - Consent preferences changed
  • privacy.data.deleted - User data erased

Customization

Adding Custom Consent Categories

Edit manage-consents.bas to add new consent categories:

consent_categories = [
    {
        "id": "custom_category",
        "name": "Custom Category Name",
        "description": "Description for users",
        "required": FALSE,
        "legal_basis": "Consent"
    }
]

Branding the UI

Modify privacy.gbui/index.html to match your branding:

  • Update CSS variables for colors
  • Replace logo and company name
  • Add custom legal text

Email Templates

Customize email notifications by editing the SEND MAIL blocks in each dialog file.

Compliance Notes

Response Deadlines

Regulation Standard Deadline Extended Deadline
LGPD 15 days -
GDPR 30 days 90 days (complex)
CCPA 45 days 90 days

Data Retention

Some data may need to be retained for legal compliance:

  • Financial records (tax requirements)
  • Legal dispute documentation
  • Fraud prevention records
  • Regulatory compliance data

The template handles this by anonymizing retained records while deleting identifiable information.

Audit Requirements

All requests are logged to privacy_requests and consent_history tables with:

  • Timestamp
  • User identifier
  • Request type
  • IP address
  • Completion status
  • Legal basis

Support

For questions about this template:

License

This template is part of General Bots and is licensed under AGPL-3.0.

Note: This template provides technical implementation for privacy compliance. Organizations should consult with legal counsel to ensure full compliance with applicable regulations.