Chapter 11 of 12 · 2 min read
Consent, Privacy, Security, and Retention
Data minimization, transient analysis, receipts, deletion, RLS, and revocation.
Word Wallet Web · v0.2 · Moses Sam Paul
Consent, Privacy, Security, and Retention
Consent is scoped
Consent is not a one-time acceptance of a platform. An expression version declares a consent scope for a particular action and modality. The participant should know what will be analyzed, which handler will process it, what may be retained, and how to revoke future use.
Authentication proves control of a session; it does not prove consent to analysis. Workshop participation does not imply consent to publish identity facets. These boundaries must remain separate in code and interface language.
Data minimization
Phase 1 is designed so raw submitted text is transient. The service retains an HMAC-based receipt for idempotency and audit purposes without retaining the original input. If the participant chooses to save an observation, the saved record is sanitized and bounded by the consent contract.
This design reduces exposure but does not eliminate risk. Hash-like receipts may still become sensitive when linked with timestamps or identities. Secrets require rotation, logs require redaction, and retention periods require enforcement.
Access controls
Supabase Row Level Security restricts member-owned records. Service-role access remains server-side. Public registry reads are separated from protected identity, consent, invocation, and save routes. Secure cookies and same-site deployment support authenticated browser flows.
User control
Participants need usable controls to:
- inspect active consent and saved observations;
- delete saved observations;
- revoke a consent grant;
- end the authenticated session;
- understand what audit material remains and for how long;
- request correction of public profile claims.
Deletion promises must state their scope. A minimal security audit record may have a different retention basis from participant content, but that distinction must be explicit.
Security is a continuing process
The implementation uses versioned keys, signed receipts, request identifiers, RLS, input limits, and error boundaries. Production readiness also requires monitoring, secret rotation, dependency updates, rate limits, incident response, restore testing, and independent review.