MATIH Platform is in active MVP development. Documentation reflects current implementation status.
7. Tenant Lifecycle
Privacy & Compliance
Overview

Privacy & Compliance

The MATIH platform includes a comprehensive privacy subsystem that enables tenants to comply with GDPR, CCPA, and other data protection regulations. The privacy module covers consent management, data subject request (DSR) processing, encryption key lifecycle management, and a unified privacy dashboard.

Components

ComponentControllerBase Path
Consent ManagementConsentController/api/v1/privacy/consent
Data Subject RequestsDataSubjectRequestController/api/v1/privacy/dsr
Encryption KeysEncryptionController/api/v1/encryption
Privacy DashboardPrivacyDashboardController/api/v1/privacy/dashboard

Tenant Scoping

All privacy APIs are tenant-scoped via the X-Tenant-ID request header. This ensures complete data isolation between tenants:

curl http://localhost:8082/api/v1/privacy/consent \
  -H "X-Tenant-ID: {tenantId}" \
  -H "Authorization: Bearer $TOKEN"

Supported Regulations

RegulationScopeKey Requirements
GDPREU/EEAConsent, DSR rights, data minimization, breach notification
CCPACaliforniaOpt-out rights, data deletion, disclosure
LGPDBrazilConsent, data portability, DPO requirement
POPIASouth AfricaLawful processing, data subject participation
PIPEDACanadaConsent, access rights, accuracy

Privacy Posture Score

The privacy dashboard calculates an overall posture score (0-100) based on:

  • Consent coverage: Percentage of data subjects with valid consent
  • DSR compliance: Average response time vs regulatory deadlines
  • Key management: Encryption key rotation compliance
  • Data mapping: Completeness of data inventory
  • Policy implementation: Active compliance policies vs requirements

Source Files

FilePath
Consent Controllercontrol-plane/tenant-service/src/main/java/com/matih/tenant/privacy/controller/ConsentController.java
DSR Controllercontrol-plane/tenant-service/src/main/java/com/matih/tenant/privacy/controller/DataSubjectRequestController.java
Encryption Controllercontrol-plane/tenant-service/src/main/java/com/matih/tenant/privacy/controller/EncryptionController.java
Dashboard Controllercontrol-plane/tenant-service/src/main/java/com/matih/tenant/privacy/controller/PrivacyDashboardController.java
Cost DashboardConsent Management