diff --git a/content/docs/guides/(authentication)/quickstart-guides/sample-app.mdx b/content/docs/guides/(authentication)/quickstart-guides/sample-app.mdx
index 8b3175e..c2b9b05 100644
--- a/content/docs/guides/(authentication)/quickstart-guides/sample-app.mdx
+++ b/content/docs/guides/(authentication)/quickstart-guides/sample-app.mdx
@@ -1,5 +1,5 @@
---
-title: "Sample App"
+title: "Sample app"
slug: "sample-app"
excerpt: "Set up an instance of UserClouds in less than 5 minutes!"
hidden: false
diff --git a/content/docs/guides/(authorization)/overview/modelling-hierarchy-with-attribute-types.mdx b/content/docs/guides/(authorization)/overview/modelling-hierarchy-with-attribute-types.mdx
index c4e3660..01208d6 100644
--- a/content/docs/guides/(authorization)/overview/modelling-hierarchy-with-attribute-types.mdx
+++ b/content/docs/guides/(authorization)/overview/modelling-hierarchy-with-attribute-types.mdx
@@ -1,11 +1,12 @@
---
-title: "Modeling Hierarchy with Attribute Scopes"
+title: "Modeling hierarchy with attribute scopes"
slug: "modelling-hierarchy-with-attribute-types"
excerpt: ""
hidden: false
createdAt: "Thu Aug 03 2023 23:14:02 GMT+0000 (Coordinated Universal Time)"
updatedAt: "Fri Jun 21 2024 16:55:25 GMT+0000 (Coordinated Universal Time)"
---
+
In this article, you will learn how to model relationships and arbitrarily deep hierarchy between objects in your system with attribute scopes. By the end of this article, you will understand the fundamentals of modeling:
- **Folder-like structures** where objects contain other objects (ad infinitum)
@@ -16,26 +17,24 @@ The article assumes you know what object, edgeattribute name (like `edit`) and an attribute scope. The value describes the permission and the scope describes which two objects are affected by the attribute. There are three scopes of attribute: direct, inherit and propagate.
+Attributes give one object permissions on another object. Each attribute has an attribute name (like `edit`) and an attribute scope. The value describes the permission and the scope describes which two objects are affected by the attribute. There are three scopes of attribute: direct, inherit and propagate.
## Direct Attributes
-The direct scope is the simplest attribute scope. It gives the source object the permission on the target object. It is used for non-hierarchical relationships.
+The direct scope is the simplest attribute scope. It gives the source object the permission on the target object. It is used for non-hierarchical relationships.
-
## Inherit Attributes
The inherit attribute scope states:
> Inherit: if the target object has the attribute on a third object, the source object ‘inherits’ that attribute on the third object.
-**Inherit attributes are used to pass a permission from one user or group to another**. In the example below, Gloria is a member of a department that owns a particular project. This is modeled by giving the department direct view access on the project, and passing that view access to Gloria with an inherit attribute.
+**Inherit attributes are used to pass a permission from one user or group to another**. In the example below, Gloria is a member of a department that owns a particular project. This is modeled by giving the department direct view access on the project, and passing that view access to Gloria with an inherit attribute.
-
## Propagate Attributes
The propagate attribute scope states:
diff --git a/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/2-sql-shim.mdx b/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/2-sql-shim.mdx
index a36f4b4..c98ae4c 100644
--- a/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/2-sql-shim.mdx
+++ b/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/2-sql-shim.mdx
@@ -1,11 +1,12 @@
---
-title: "Quickstart Guide"
+title: "Quickstart guide"
slug: "sql-shim"
excerpt: ""
hidden: false
createdAt: "Thu Jun 13 2024 13:53:04 GMT+0000 (Coordinated Universal Time)"
updatedAt: "Thu Sep 19 2024 19:09:40 GMT+0000 (Coordinated Universal Time)"
---
+
## In the UserClouds Console:
1. **Create a Tenant**: Set up your tenant if you haven't already.
@@ -16,7 +17,7 @@ updatedAt: "Thu Sep 19 2024 19:09:40 GMT+0000 (Coordinated Universal Time)"
## In Your Application Codebase:
-1. **Repoint Connection Strings**:
+1. **Repoint Connection Strings**:
- **For SQL Proxies**: Replace the existing database URI and port with the SQL proxy host name and proxy port.
- **For NoSQL Proxies**: Replace the NoSQL connection details with the NoSQL proxy host name and port.
- **For API Proxies**: This is not yet implemented.
diff --git a/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/6-userclouds-browser-plug-in-documentation.mdx b/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/6-userclouds-browser-plug-in-documentation.mdx
index e6621e4..2d6f3a7 100644
--- a/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/6-userclouds-browser-plug-in-documentation.mdx
+++ b/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/6-userclouds-browser-plug-in-documentation.mdx
@@ -1,11 +1,12 @@
---
-title: "Browser Plug-in"
+title: "Browser plug-in"
slug: "userclouds-browser-plug-in-documentation"
excerpt: ""
hidden: false
createdAt: "Thu Jun 13 2024 13:49:30 GMT+0000 (Coordinated Universal Time)"
updatedAt: "Fri Jun 28 2024 22:21:26 GMT+0000 (Coordinated Universal Time)"
---
+
### What Does It Do?
The UserClouds Browser Plug-in is designed to help you minimize, control, and log data access within web applications. It can be deployed in 15 minutes with no code changes, so is particularly useful in scenarios where:
@@ -19,11 +20,11 @@ Since the plug-in is installed locally, it is primarily aimed at internal data a
In combination with the UserClouds Proxy, the UserClouds Browser Plug-in allows you to:
-- Tokenize and de-tokenize data in web applications without changing the application code.
+- Tokenize and de-tokenize data in web applications without changing the application code.
- Control data access with fully expressive, context-aware access policies
- Log the who, when, why and how of data access
-This can be achieved with minimal code changes or disruption to your development team or colleagues.
+This can be achieved with minimal code changes or disruption to your development team or colleagues.
The approach helps:
@@ -43,7 +44,6 @@ The plug-in performs four core functions:
-
## Quickstart Guide
### In the UserClouds Console:
diff --git a/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/index.mdx b/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/index.mdx
index 503bc13..ac87f59 100644
--- a/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/index.mdx
+++ b/content/docs/guides/(data-access)/proxy-and-plug-in-implementation/index.mdx
@@ -1,5 +1,5 @@
---
-title: "Proxy and Plug-In Implementation"
+title: "Proxy and plug-in implementation"
slug: "proxy-and-plug-in-implementation"
excerpt: ""
hidden: false
diff --git a/content/docs/guides/(data-storage)/data-lifecycle.mdx b/content/docs/guides/(data-storage)/data-lifecycle.mdx
index e38bc69..86cde7e 100644
--- a/content/docs/guides/(data-storage)/data-lifecycle.mdx
+++ b/content/docs/guides/(data-storage)/data-lifecycle.mdx
@@ -1,38 +1,39 @@
---
-title: "Data Lifecycle"
+title: "Data lifecycle"
slug: "data-lifecycle"
excerpt: ""
hidden: false
-metadata:
+metadata:
image: []
robots: "index"
createdAt: "Tue Aug 15 2023 20:17:32 GMT+0000 (Coordinated Universal Time)"
updatedAt: "Fri Aug 25 2023 21:26:25 GMT+0000 (Coordinated Universal Time)"
---
-import { Step, Steps } from 'fumadocs-ui/components/steps';
+
+import { Step, Steps } from "fumadocs-ui/components/steps";
Purpose lifetimes and data deletion mechanisms play a crucial role in ensuring compliance with regulations like GDPR (General Data Protection Regulation). For example, a key principle of GDPR is storage limitation, which dictates that personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
This articles explains the mechanisms and configurations related to data deletion in UserClouds, especially in the context of user-defined data processing purposes and purpose lifetimes. The article assumes you are familiar with:
- How purposes are used to track, enforce and audit user consent in User Store. Learn more [here](/docs/guides/definitions/purpose-and-consent).
-- How the User Store is built from columns and populated with user records. Learn more [here](/docs/manage-your-columns).
-- How mutators and accessors are used to write data to, and retrieve data from, the store. Learn more [here](/docs/accessors-read-apis).
+- How the User Store is built from columns and populated with user records. Learn more [here](/docs/manage-your-columns).
+- How mutators and accessors are used to write data to, and retrieve data from, the store. Learn more [here](/docs/accessors-read-apis).
## Introduction
-Each piece of data in UserClouds is stored in an end user record and a column. It is also associated with a set of purposes, which describe the consents the end user has given for data processing. Data can exist in UserClouds in two lifecycle states:
+Each piece of data in UserClouds is stored in an end user record and a column. It is also associated with a set of purposes, which describe the consents the end user has given for data processing. Data can exist in UserClouds in two lifecycle states:
- **Live data** is data that has not been deleted or marked for deletion
- **Soft-deleted data** is data that has been marked for deletion but is retained in a recoverable state for a specified period and set of purposes (like fraud detection), before being permanently erased
-Data accessors must exclusively retrieve either live data _or_ soft-deleted data. No accessor can retrieve both. Only tenant admins can create and edit accessors for soft-deleted data.
+Data accessors must exclusively retrieve either live data _or_ soft-deleted data. No accessor can retrieve both. Only tenant admins can create and edit accessors for soft-deleted data.
When a live piece of data changes, the old value becomes soft-deleted for the associated purposes if they have a non-zero post-deletion retention duration. Similarly, if a purpose is removed for a live piece of data, the data and purpose are soft-deleted if the post-deletion retention duration is non-zero. In either case the old value (or old purpose) will no longer be retrievable via a pre-deletion accessor.
## Configuring Purpose Lifetimes
-Purpose lifetimes are set at the purpose-column level. Developers can configure two distinct time-based settings for each purpose-column pair:
+Purpose lifetimes are set at the purpose-column level. Developers can configure two distinct time-based settings for each purpose-column pair:
- **The Pre-deletion Retention Duration** determines how long a specific purpose associated with a piece of data will be retained. Once this duration elapses, the purpose for that data expires. Once all the purposes have expired for the data, the data is soft-deleted. The clock for the purpose is reset can be reset by re-writing the data to the store. This duration is most commonly used to reflect the Storage Limitation principle of legislation like GDPR. The default setting is indefinite, meaning the purpose will not expire and that the value will be accessible for that purpose, until the data is deleted or changed, or the purpose is removed.
- **The Post-deletion Retention Duration** specifies the duration for which data should be retained in a "soft-deleted" state after a deletion event occurs. Once the Post-deletion Retention Duration elapses, the associated purpose expires. When all purposes are deleted for a specific piece of data, the data is no longer accessible by any means. This duration is most commonly used to enable account recovery and fraud/integrity investigations. The default setting is 0, meaning that old data is immediately hard-deleted when it is deleted or changed.
@@ -40,20 +41,40 @@ Purpose lifetimes are set at the purpose-column level. Developers can configure
Any changes to pre- or post-deletion retention durations for a purpose only apply to newly written data. Retention timeouts for existing data cannot be retroactively changed by changing the retention duration associated with that column or purpose. However, if a retention duration is updated, any newly written data after the fact will have a timeout based on the new retention duration.
## Deletion Process Flow
+
End user data is saved to the store with associated purposes.
- Pre-deletion Retention Duration countdown begins for each associated purpose.
- If data is updated with the same purpose before Pre-deletion Retention Duration elapses, the purpose retention clock is reset.
- If the pre-deletion retention duration elapses, the data is no longer visible for that purpose as live, pre-delete data.
- Deletion event occurs (e.g. a value update, a value deletion, a column deletion or a user deletion) triggering the Post-deletion Retention Duration.
- Once Post-deletion Retention Duration elapses, the associated purpose is deleted.
- When all purposes are deleted for a piece of data, the data is no longer accessible by any means.
+
+ Pre-deletion Retention Duration countdown begins for each associated
+ purpose.
+
+
+ If data is updated with the same purpose before Pre-deletion Retention
+ Duration elapses, the purpose retention clock is reset.
+
+
+ If the pre-deletion retention duration elapses, the data is no longer
+ visible for that purpose as live, pre-delete data.
+
+
+ Deletion event occurs (e.g. a value update, a value deletion, a column
+ deletion or a user deletion) triggering the Post-deletion Retention
+ Duration.
+
+
+ Once Post-deletion Retention Duration elapses, the associated purpose is
+ deleted.
+
+
+ When all purposes are deleted for a piece of data, the data is no longer
+ accessible by any means.
+
## Example
- Data: Email address
-- User Consents:
+- User Consents:
- `Marketing` (Pre-deletion Retention: 6 months, Post-deletion Retention: 0 days)
- `FraudAndIntegrity` (Pre-deletion Retention: 1 year, Post-deletion Retention: 3 years)
- If data is re-written with a new `Marketing` or `FraudAndIntegrity` consent within 1 year, the clock for that consent resets.
@@ -62,5 +83,5 @@ Any changes to pre- or post-deletion retention durations for a purpose only appl
- At this point, the data can no longer be accessed for marketing purposes.
- The data is retained in a soft-deleted state for 3 years for `FraudAndIntegrity` purposes
- During this time, it can only be accessed by accessors with the `FraudAndIntegrity` purpose, which are specifically configured by a tenant admin to access soft-deleted data
-- After 3 years, the `FraudAndIntegrity` consent is deleted.
+- After 3 years, the `FraudAndIntegrity` consent is deleted.
- At this point, since this data has no consents for data processing attached to it, it is permanently and irrecoverably deleted from the store.
diff --git a/content/docs/guides/(data-tokenization)/tokenization-overview/demo-video.mdx b/content/docs/guides/(data-tokenization)/tokenization-overview/demo-video.mdx
index 95c7e6d..ce46198 100644
--- a/content/docs/guides/(data-tokenization)/tokenization-overview/demo-video.mdx
+++ b/content/docs/guides/(data-tokenization)/tokenization-overview/demo-video.mdx
@@ -1,11 +1,12 @@
---
-title: "Demo Video"
+title: "Demo video"
slug: "demo-video"
excerpt: "This video covers what tokenization is and why to use it, as well as how to manage your tokenization policies in the UserClouds Console and UserClouds API."
hidden: true
createdAt: "Thu Aug 03 2023 21:54:59 GMT+0000 (Coordinated Universal Time)"
updatedAt: "Wed Jun 19 2024 17:13:12 GMT+0000 (Coordinated Universal Time)"
---
+