Data privacy, retention, and compliance procedures for TwinMind meeting transcriptions including PII redaction, GDPR data subject requests, consent management, and data anonymization.
Define RetentionPolicy with configurable retention days for transcripts (default 90), summaries (linked to transcript), action items (180 days), and user profiles (30 days post-deletion). Implement auto-cleanup job for expired data.
Build PII detection with regex patterns for SSN, credit card, email, phone, and IP address. Create redactPII() function returning redacted text and a count of redactions by type. Enable automatic redaction via TwinMind settings API.
Implement GDPRHandler with right to access (Article 15), right to erasure (Article 17), and right to data portability (Article 20). Track DSR requests with 30-day deadline and compliance team notifications.
Build ConsentManager tracking consent per purpose (transcription, aiProcessing, storage, sharing, marketing). Add Express middleware requireConsent() that blocks processing without valid consent.
Implement transcript anonymization using HMAC-based ID hashing, PII redaction, and speaker name replacement for analytics exports.
See detailed implementation for complete retention policy, PII patterns, GDPR handlers, consent manager, and anonymization code.
| Issue | Cause | Solution |
|---|---|---|
| DSR deadline missed | Processing delay | Automate DSR handling |
| PII not redacted | Pattern not matched | Update regex patterns |
| Consent invalid | Version mismatch | Re-request consent |
| Data not deleted | Cascade failure | Verify deletion recursively |
Basic usage: Apply twinmind data handling to a standard project setup with default configuration options.
Advanced scenario: Customize twinmind data handling for production environments with multiple constraints and team-specific requirements.
For enterprise access control, see twinmind-enterprise-rbac.
