locker-backend 0.1.1

Self-hosted digital encrypted vault with immutable consent receipts for personal documents.
locker-backend-0.1.1 is not a library.

Sponsor

Regulatory‑First Design Demo Suite

License Rust Node

Build privacy‑by‑law systems from day 1. Start with the law, end with trust.

In a world where data‑protection regulations such as GDPR, CCPA, HIPAA and DPDPA dictate how personal information may be collected, stored, and processed, the safest way to launch a product is to make those rules the starting point of the architecture—not an after‑thought.

Table of Contents

  1. What is Regulatory‑First?
  2. Demo Projects
  3. Getting Started
  • Prerequisites
  • Installation & Build
  1. Why These Demos Matter
  2. Roadmap
  3. Contributing
  4. License

What is Regulatory‑First?

  • Start with the law – Every component (database schema, API contract, UI) is engineered to satisfy the relevant legal obligations out of the box.
  • Privacy‑by‑Design & Privacy‑by‑Default – Data‑minimisation, purpose limitation, consent, right‑to‑access, right‑to‑erasure, breach‑notification, and retention policies are enforced automatically.
  • Safety & Trust – Launching a product this way reduces costly retro‑fits, lowers regulatory risk, and gives users confidence that their personal information is protected from the start.

Demo Projects

Demo Goal Core Privacy Controls Legal Touch‑Points
Personal‑Data‑Vault ("My Privacy Locker") Self-hosted digital encrypted vault with immutable consent receipts for personal documents. • Explicit consent receipts (immutable audit log) • DSAR endpoint that streams all user data as a signed ZIP • Soft‑delete flag + background purge • End‑to‑end encryption (AES‑256 per user) • Tamper‑evident append‑only audit log GDPR Art. 7 (consent), Art. 15 (access), Art. 17 (erasure); CCPA right‑to‑delete; Swiss PDPA
Contextual‑Ads‑Free News Portal Personalized article recommendations without profiling or cookies. • No server‑side user profile – all recommendation logic runs in the browser • Respect navigator.doNotTrack and do‑not‑collect IPs beyond host logs • Machine‑readable /privacy-summary endpoint (SPDX‑style) • Opt‑out endpoint that clears any session data • Stateless API, CSP & HSTS headers GDPR Art. 5(1)(b) (purpose limitation), Art. 25 (privacy‑by‑default); CCPA “do not sell” principle; Swiss PDPA
Health‑Check‑In App Daily wellness check‑in that handles PHI securely. • TLS‑protected Rust API (Rocket/Axum) • Column‑level encryption in Postgres (pgcrypto) • Role‑based middleware (employee / manager / admin) • Automated 90‑day retention purge with logged deletions • Signed breach‑notification token • Versioned consent modal with policy hash HIPAA (PHI protection, breach notification) CCPA §1798.105 (retention) GDPR Art. 7, Art. 15, Art. 17 (consent, access, erasure)

Getting Started

Prerequisites

  • Rust ≥ 1.78 (with cargo)
  • Node.js ≥ 20 (for the React front‑ends)
  • Docker (optional, for containerised deployment)
  • Git

Installation & Build

Clone the repo:

git clone https://github.com/sumanjangili/regulatory-first.git
cd regulatory-first

Choose a demo branch

Branch Command
My Privacy Locker git checkout -b my-privacy-locker
News Aggregator git checkout -b news-aggregator
Health Check‑In git checkout -b health-check-in

Build & run the Personal‑Data‑Vault (example)

# Back‑end (Rust)
cd backend                # inside the selected branch
cargo run --release       # launches Actix‑Web / Rocket / Axum server

# Front‑end (React)
cd locker-frontend   # Personal‑Data‑Vault UI
npm install
npm run dev          # Vite dev server → https://localhost:5173

The other demos follow the same pattern – just swap the backend crate (rocket or axum) and the React starter (next.js or create‑react‑app). Docker (optional, all services) Build images without cache:

docker compose build --no-cache regulatory_api db health-ui locker-ui news-ui
docker compose up -d
docker compose logs -f regulatory_api   # wait for “Server listening …”

Why These Demos Matter

  • End‑to‑end privacy engineering – From consent capture in the UI to cryptographic storage and audit trails in the back‑end.
  • Rust’s safety – Strong typing, memory safety, and performant async servers make it ideal for handling regulated data.
  • Modern React UX – Clear consent modals, privacy dashboards, and accessible opt‑out flows give users transparency required by law.
  • Reusable scaffold – Fork a branch, replace the domain‑specific logic, and you already have a regulatory‑first foundation for your own product.

Roadmap

Version Target Highlights
v1.1 Q2 2026 OpenAPI spec generation, CI linting for Rust & TypeScript, automated compliance-report generator.

(Future milestones will be added as the project evolves.)

Contributing

We welcome contributions! Please read our CONTRIBUTING.md for setup instructions, coding standards, and the pull‑request workflow. Typical contribution flow:

git checkout -b feature/<your‑feature>
# make changes
git commit -m "Add <description>"
git push origin feature/<your‑feature>
# open a PR

License

This project is licensed under the MIT License – see the LICENSE file for details.

Quick Links

Feel free to explore the demos, raise issues, or submit pull requests.