# yaml-language-server: $schema=https://raw.githubusercontent.com/transcend-io/cli/main/transcend-yml-schema-latest.json # Manage at: https://app.transcend.io/infrastructure/api-keys # See https://docs.transcend.io/docs/authentication # Define API keys that may be shared across data silos # in the data map. When creating new data silos through the yaml # cli, it is possible to specify which API key should be associated # with the newly created data silo. api-keys: - title: Webhook Key - title: Analytics Key # Manage at: https://app.transcend.io/privacy-requests/email-templates # See https://docs.transcend.io/docs/privacy-requests/configuring-requests/email-templates # Define email templates here. templates: - title: Your Data Report is Ready - title: We Love Data Rights And You Do Too # Manage at: https://app.transcend.io/privacy-requests/identifiers # See https://docs.transcend.io/docs/identity-enrichment # Define enricher or pre-flight check webhooks that will be executed # prior to privacy request workflows. Some examples may include: # - identity enrichment: look up additional identifiers for that user. # i.e. map an email address to a user ID # - fraud check: auto-cancel requests if the user is flagged for fraudulent behavior # - customer check: auto-cancel request for some custom business criteria enrichers: - title: Basic Identity Enrichment description: Enrich an email address to the userId and phone number url: https://example.acme.com/transcend-enrichment-webhook input-identifier: email output-identifiers: - userId - phone - myUniqueIdentifier - title: Fraud Check description: Ensure the email address is not marked as fraudulent url: https://example.acme.com/transcend-fraud-check input-identifier: email output-identifiers: - email # Only call the webhook on certain action types privacy-actions: - ERASURE # Note: description is an optional field - title: Analytics Enrichment url: https://analytics.acme.com/transcend-enrichment-webhook input-identifier: userId output-identifiers: - advertisingId # Manage at: https://app.transcend.io/privacy-requests/connected-services # See https://docs.transcend.io/docs/the-data-map#data-silos # Define the data silos in your data map. A data silo can be a database, # or a web service that may use a collection of different data stores under the hood. data-silos: # Note: title is the only required top-level field for a data silo - title: Redshift Data Warehouse description: The mega-warehouse that contains a copy over all SQL backed databases # The webhook URL to notify for data privacy requests url: https://example.acme.com/transcend-webhook headers: - name: test value: value isSecret: true - name: dummy value: dummy isSecret: false integrationName: server # The title of the API key that will be used to respond to privacy requests api-key-title: Webhook Key # Specify which data subjects may have personally-identifiable-information (PII) within this system # This field can be omitted, and the default assumption will be that the system may potentially # contain PII for any potential data subject type. data-subjects: - customer - employee - newsletter-subscriber - b2b-contact # When this data silo implements a privacy request, these are the identifiers # that should be looked up within this system. identity-keys: - email - userId # When a data erasure request is being performed, this data silo should not be deleted from # until all of the following data silos were deleted first. This list can contain other internal # systems defined in this file, as well as any of the SaaS tools connected in your Transcend instance. deletion-dependencies: - Identity Service # The email addresses of the employees within your company that are the go-to individuals # for managing this data silo owners: - alice@transcend.io teams: - Developer - Request Management # Datapoints are the different types of data models that existing within your data silo. # If the data silo is a database, these would be your tables. # Note: These are currently called "datapoints" in the Transcend UI and documentation. # See: https://docs.transcend.io/docs/the-data-map#datapoints datapoints: - title: Webhook Notification key: _global # The types of privacy actions that this webhook can implement # See "RequestActionObjectResolver": https://github.com/transcend-io/privacy-types/blob/main/src/actions.ts # AUTOMATED_DECISION_MAKING_OPT_OUT: Opt out of automated decision making # CONTACT_OPT_OUT: Opt out of all communication # SALE_OPT_OUT: Opt-out of the sale of personal data # TRACKING_OPT_OUT: Opt out of tracking # ACCESS: Data Download request # ERASURE: Erase the profile from the system # ACCOUNT_DELETION: Run an account deletion instead of a fully compliant deletion # RECTIFICATION: Make an update to an inaccurate record # RESTRICTION: Restrict processing privacy-actions: - ACCESS - ERASURE - SALE_OPT_OUT - title: User Model description: The centralized user model user # AKA table name key: users owners: - test@transcend.io teams: - Platform - Customer Experience # The types of privacy actions that this datapoint can implement # See "InternalDataSiloObjectResolver": https://github.com/transcend-io/privacy-types/blob/main/src/actions.ts # ACCESS: Data Download request privacy-actions: - ACCESS # Provide field-level metadata for this datapoint. fields: - key: firstName title: First Name description: The first name of the user, inputted during onboarding # The category of personal data for this datapoint # See: https://github.com/transcend-io/privacy-types/blob/main/src/objects.ts # FINANCIAL: Financial information # HEALTH: Health information # CONTACT: Contact information # LOCATION: Geo-location information # DEMOGRAPHIC: Demographic Information # ID: Identifiers that uniquely identify a person # ONLINE_ACTIVITY: The user's online activities on the first party website/app or other websites/apps # USER_PROFILE: The user’s profile on the first-party website/app and its contents # SOCIAL_MEDIA: User profile and data from a social media website/app or other third party service # CONNECTION: Connection information for the current browsing session, e.g. device IDs, MAC addresses, IP addresses, etc. # TRACKING: Cookies and tracking elements # DEVICE: Computer or device information # SURVEY: Any data that is collected through surveys # OTHER: A specific type of information not covered by the above categories # UNSPECIFIED: The type of information is not explicitly stated or unclear categories: - category: USER_PROFILE name: Name # What is the purpose of processing for this datapoint/table? # See: https://github.com/transcend-io/privacy-types/blob/main/src/objects.ts # ESSENTIAL: Provide a service that the user explicitly requests and that is part of the product's basic service or functionality # ADDITIONAL_FUNCTIONALITY: Provide a service that the user explicitly requests but that is not a necessary part of the product's basic service # ADVERTISING: To show ads that are either targeted to the specific user or not targeted # MARKETING: To contact the user to offer products, services, or other promotions # ANALYTICS: For understanding the product’s audience, improving the product, inform company strategy, or general research # PERSONALIZATION: For providing user with a personalized experience # OPERATION_SECURITY: For product operation and security, enforcement of terms of service, fraud prevention, protecting users and property, etc. # LEGAL: For compliance with legal obligations # TRANSFER: For data that was transferred as part of a change in circumstance (e.g. a merger or acquisition) # SALE: For selling the data to third parties # HR: For personnel training, recruitment, payroll, management, etc. # OTHER: Other specific purpose not covered above # UNSPECIFIED: The purpose is not explicitly stated or is unclear purposes: - purpose: PERSONALIZATION name: Other - key: email title: Email description: The email address of the user categories: - category: CONTACT name: Email - category: USER_PROFILE name: Name purposes: - purpose: ESSENTIAL name: Login - purpose: OPERATION_SECURITY name: Other - title: Demo Request key: demos description: A demo request by someone that does not have a formal account privacy-actions: - ACCESS fields: - key: companyName title: Company Name description: The name of the company of the person requesting the demo categories: - category: CONTACT name: Other purposes: - purpose: ESSENTIAL name: Demo - key: email title: Email description: The email address to use for coordinating the demo categories: - category: CONTACT name: Email purposes: - purpose: ESSENTIAL name: Demo - title: Password key: passwords description: A password for a user fields: - key: hash title: Password Hash description: Hash of the password categories: - category: OTHER name: Password purposes: - purpose: OPERATION_SECURITY name: Other - key: email title: Email description: The email address to use for coordinating the demo categories: - category: CONTACT name: Email purposes: - purpose: OPERATION_SECURITY name: Other # Defined web services in addition or instead of databases. # The examples below define a subset of the fields. # The remainder of the fields will be managed through the Transcend admin dashboard # at the link: https://app.transcend.io/privacy-requests/connected-services - title: Identity Service description: Micro-service that stores user metadata integrationName: server # Share the API key between services api-key-title: Webhook Key teams: - Developer datapoints: - title: Webhook Notification key: _global privacy-actions: - ACCESS - CONTACT_OPT_OUT - title: Auth User description: The centralized authentication object for a user key: auth privacy-actions: - ACCESS - title: Analytics Service integrationName: server data-subjects: - customer # The title of the API key that will be used to respond to privacy requests api-key-title: Analytics Key # Specify this flag if the data silo is under development and should not be included # in production privacy request workflows. Will still sync metadata to app.transcend.io. disabled: true