RoPA Log

Record of Processing Activities — append-only audit log required by GDPR Article 30.

Source: docs/SYSTEM_OVERVIEW.md § GDPR.

Schema

CREATE TABLE "RoPA_Log" (
  id          SERIAL PRIMARY KEY,
  timestamp   TIMESTAMPTZ DEFAULT NOW(),
  "tableName" TEXT,
  operation   TEXT,
  "recordId"  TEXT,
  description TEXT
);

Append-only contract

Note

No UPDATE or DELETE grants in production. The DB role used by the application has only INSERT on this table. This is enforced at the role level, not application level — the application could not delete even if buggy.

Operations logged

• INSERT — new enriched company persisted
• UPDATE — re-enrichment overwrote enriched_data
• SKIP — enrichV7 returned blocked due to Reklamspärr or Opt-Out Hashes hit
• EXPORT — data exported by API
• ERASE — opt-out request honoured

Where written

• enrichV7 step 1 (skip due to reklamspärr) — see EnrichV7
• Update_Job (success path) — see Pipeline

See also

GDPR Legitimate Interest, Reklamspärr, Opt-Out Hashes, Article 14, Database Schema, Pipeline.

See also

• Compliance MOC