FEATURES / GDPR

Compliant
by design.

Consent banner, data export, account deletion with grace period, audit-log anonymization. Engineered to meet GDPR, CCPA, and LGPD without bolting things on.

Built into the deletion lifecycle.

Cookie consent

Granular categories (necessary / analytics / marketing). Stored as a signed cookie; respected by every analytics adapter.

30-day grace deletion

Soft-delete first, hard-delete after 30 days via a cron job. Users can cancel deletion within the window.

Async data export

Queue an export, get a signed S3 URL. Includes every row from every aggregate the user touched.

Audit-log anonymization

After hard-delete, audit log entries get the user replaced by a tombstone token. History preserved, identity erased.

Right to access

Self-serve portal renders every personal data field UseDeploy holds, in plain English.

Data residency

Drop-in support for region-pinned databases. Schema and migrations work the same; just point at a different DB.

Privacy by default.

Defaults are conservative: analytics off until consent, no third-party scripts on landing without flagging, error reports stripped of PII before they leave the server. UseDeploy errs toward not knowing.

Compliance, not a checklist.

GDPR + CCPA + LGPD foundations baked into the schema and lifecycle.

Get Started Read the docs

Compliantby design.