privacy

GDPR DSAR, account deletion, DPA, retention policy

• POST/v1/privacy/deleteRequest account deletion (GDPR Art. 17, 30-day grace period)
• POST/v1/privacy/delete/{resource_type}/{id}Delete a specific resource (persona, chat session, …)
• GET/v1/privacy/dpaFetch the data processing agreement (current org binding)
• POST/v1/privacy/dpa/signAccept the data processing agreement (org owner only)
• POST/v1/privacy/exportRequest a GDPR Art. 15 data subject access export
• GET/v1/privacy/exportsList my DSAR export requests
• GET/v1/privacy/exports/{id}Fetch a DSAR export bundle (signed URL)
• GET/v1/privacy/retention_policyRead the active retention policy (per-resource TTL)
• PATCH/v1/privacy/retention_policyUpdate the org retention policy (admin)