Regulatory Compliance
GDPR, CCPA, PCI DSS, DEA, and state-specific compliance documentation.
GDPRGeneral Data Protection Regulation
CompliantScope: EU data subjects
Lawful basis for processing
Data subject rights (access, erasure, portability)
72-hour breach notification
Data Protection Officer (if applicable)
Privacy by design
CCPACalifornia Consumer Privacy Act
CompliantScope: California residents
Right to know
Right to delete
Right to opt-out of sale
Non-discrimination
Privacy policy disclosures
PCI DSSPayment Card Industry Data Security Standard
Compliant (SAQ-A)Scope: Payment card data
No storage of raw card data
Tokenization via PCI-compliant processor
TLS 1.2+ for all transmissions
SAQ-A eligible deployment
DEADrug Enforcement Administration
CompliantScope: Controlled substances
Perpetual inventory tracking
Chain of custody logging
Authorized personnel only
Immutable audit trail
Disposal documentation
State RegulationsState-specific animal welfare laws
ConfigurableScope: Varies by jurisdiction
Hold period tracking
Rabies vaccination requirements
Bite quarantine compliance
Dangerous animal registration
Licensing requirements
Audit Capabilities
Built on Canon Doctrine 1 (Ledger Supremacy) for regulatory-grade auditability.
| Capability | Description |
|---|---|
| Event-level audit trail | Every state change recorded with actor, timestamp, and reason |
| Immutable ledger | No destructive updates; corrections via compensating events |
| Time-travel queries | Reconstruct state at any point in time |
| Export on demand | Regulatory-grade exports for auditors |
| Retention policies | Configurable retention with crypto-shredding |
Data Retention Schedule
| Data Category | Retention | Deletion Method |
|---|---|---|
| Animal records | Indefinite | Archive |
| Medical records | 7 years | Crypto-shred PII |
| Financial transactions | 7 years | Archive (no PII) |
| Controlled substance logs | Permanent | No deletion |
| Audit logs | 7 years | Archive |