secure_privacy 0.1.1

Privacy controls for classification, consent, retention, pseudonymization, and redaction.
Documentation

secure_privacy

crates.io docs.rs License: MIT OR Apache-2.0

Data-minimization and privacy-control policy engine for OWASP MASVS-PRIVACY. Part of the SunLit Security Libraries workspace.

When to reach for this crate

  • You need a PII classifier that scans free-form fields for emails, phone numbers, IPs, IMEIs, or your own custom regex patterns.
  • You're implementing purpose-bound consent and want a typed state machine instead of a homegrown bool grid.
  • You need time-window data retention with structured expired / due_soon / active decisions.
  • You need reversible pseudonymization for analytics joins without leaking the underlying identifier.

Pure policy engine: storage and UI are yours; this crate provides the state machines, validators, and classifiers.

Install

[dependencies]
secure_privacy = "0.1"

Quick examples

PII classification

use secure_privacy::{PiiClassification, PiiClassifier};

let classifier = PiiClassifier::new();
assert_eq!(classifier.classify("user@example.com"), PiiClassification::Email);
assert_eq!(classifier.classify("(415) 555-0123"),  PiiClassification::PhoneNumber);
assert_eq!(classifier.classify("192.168.1.42"),    PiiClassification::IpAddress);
assert_eq!(classifier.classify("hello world"),     PiiClassification::None);

// Add a custom pattern (e.g. internal account ID).
let mut custom = PiiClassifier::new();
custom.add_pattern("acct_id", r"^acct_[A-Z0-9]{12}$").unwrap();
assert_eq!(custom.classify("acct_AB12CD34EF56"),
           PiiClassification::Custom("acct_id".to_owned()));

Purpose-bound consent

use secure_privacy::{ConsentDecision, ConsentPolicy, ConsentPurpose, ConsentState};

let policy = ConsentPolicy::default();

let decision = policy.evaluate(
    ConsentState::Granted,
    ConsentPurpose::Analytics,
);
match decision {
    ConsentDecision::Allow => { /* track */ }
    ConsentDecision::Deny { .. } => { /* don't track */ }
}

Retention enforcement

use secure_privacy::{RetentionPolicy, RetentionStatus};
use time::{Duration, OffsetDateTime};

let policy = RetentionPolicy::days(30);

let created_at = OffsetDateTime::now_utc() - Duration::days(45);
match policy.evaluate(created_at) {
    RetentionStatus::Expired => { /* delete */ }
    RetentionStatus::Active { .. } => { /* keep */ }
    RetentionStatus::DueSoon { .. } => { /* schedule deletion */ }
}

What's inside

Module Use it for
classifier::PiiClassifier / PiiClassification Detect emails, phone numbers, IPs, IMEIs, and custom-regex PII.
consent::ConsentPolicy / ConsentDecision / ConsentPurpose / ConsentState Typed purpose-bound consent state machine.
pseudonymizer::Pseudonymizer / PseudonymizedValue Reversible pseudonymization for analytics joins.
retention::RetentionPolicy / RetentionStatus Time-window retention with structured outcomes.
error::PrivacyError Structured, redaction-safe errors.

Compatibility

  • MSRV: 1.78
  • #![forbid(unsafe_code)], #![deny(missing_docs)]

Status

Alpha.

Related crates

Part of the SunLit Security Libraries workspace:

Crate Purpose
security_core Shared types, identity, classification, severity, redaction.
security_events Security logging and tamper-evident audit chain.
secure_errors Three-layer error model with redaction-safe public errors.
secure_output Context-aware output encoders (HTML, JSON, URL, JS, CSS, XML, LDAP, shell).
secure_data Secrets, envelope encryption, Argon2id, FIPS, mobile storage.
secure_network TLS policy, SPKI pinning, mTLS, cleartext detection.
secure_device_trust Native-client device trust and session certificates.
secure_resilience RASP and environment-detection policy.
secure_boundary Input validation, security headers, boundary protections.
secure_identity JWT/OIDC, MFA, sessions, biometric step-up.
secure_authz Typed deny-by-default authorization with device-trust predicates.

Getting help

  • Questions, ideas, design discussions — open a GitHub Discussion.
  • Bug reports — use the bug-report template in GitHub Issues.
  • Security issues — please do not open a public issue. See SECURITY.md for the responsible-disclosure process.

Contributing

Contributions are welcome. Please read CONTRIBUTING.md and the Code of Conduct before opening a PR.

License

Dual-licensed under MIT or Apache-2.0 at your option.