Compliance posture management across GDPR, CCPA, HIPAA, SOC 2, and PCI-DSS. Handles the operational work: data subject access requests, consent tracking, retention policy enforcement, breach notifications, and immutable audit logging. Designed for self-hosted stacks where you own all the data.
Requires an active ɳSelf+ license.
nself plugin install compliance
nself build
nself start| Area | What ships |
|---|---|
| Data subject requests (DSAR) | Intake form, SLA timer, activity log, export + erasure workflows |
| Consent | Per-user consent records, policy versioning, acceptance audit trail |
| Data retention | Configurable retention policies per data category, automated execution |
| Breach notification | Breach registry, 72-hour DPA notification timer, affected-user tracking |
| Audit log | Immutable compliance-specific audit trail with SIEM export |
| Processing records | GDPR Art. 30 record of processing activities (ROPA) |
| Endpoint | Method | Description |
|---|---|---|
/compliance/dsars | GET / POST | List or create data subject access requests |
/compliance/dsars/:id | GET / PATCH | Read or update DSAR status and activities |
/compliance/consents | GET / POST | Record or query consent for a user and purpose |
/compliance/policies | GET / POST | Privacy policies with version management |
/compliance/policies/:id/accept | POST | Record user acceptance of a policy version |
/compliance/retention | GET / POST | Define retention policies per data category |
/compliance/retention/:id/execute | POST | Trigger a retention policy execution (dry-run or live) |
/compliance/breaches | GET / POST | Log a data breach incident |
/compliance/breaches/:id/notify | POST | Record a breach notification sent to DPA or affected users |
/compliance/audit | GET | Query the compliance-specific immutable audit log |
/compliance/processing-records | GET / POST | Manage ROPA entries (GDPR Art. 30) |
The plugin creates 17 tables in the np_compliance_* namespace covering DSARs, consent, privacy policies, retention policies and executions, processing records, data processors, breach records, notifications, and the compliance audit log.
Most teams implement DSAR handling as an ad-hoc spreadsheet and breach tracking in a shared doc. This plugin makes those workflows structured, auditable, and queryable — so you can show an auditor a complete paper trail without scrambling.
Retention execution deleted more than expected. Run with the dry_run: true flag first. The API returns a count of records that would be affected without touching any data.
Pro Plugin — ɳSelf+ | v1.1.1