Skip to content

noamrazbuilds/dsar-workflow-manager

BranchesTags

Repository files navigation

DSAR Workflow Manager

Manage data subject access requests (DSARs) under GDPR, CCPA/CPRA, and other privacy regulations. Track requests from intake through identity verification, data collection, and response — with auto-calculated deadlines, custodian routing, and a full audit trail.

Getting Started

Option 1: Hosted Version

Coming soon — a hosted instance will be available at a public URL.

Option 2: Run Locally

./start.sh        # macOS/Linux
start.bat          # Windows

This installs dependencies, starts the API and frontend, loads sample data, and opens your browser. No setup required beyond Python 3.11+.

Option 3: Docker

docker compose up

Then open http://localhost:8501 in your browser.

Deploy Your Own

Railway (One-Click Cloud Deploy)

  1. Fork this repository
  2. Create a new project on Railway
  3. Connect your fork — Railway will auto-detect railway.json
  4. Deploy

The app will be available at your Railway-provided URL.

Features

  • DSAR Intake — Submit new requests with requester info, request type, and applicable regulation
  • Auto-Calculated Deadlines — GDPR (30 days), CCPA/CPRA (45 days), or custom deadlines for other jurisdictions
  • Identity Verification Tracking — Track verification status with notes
  • Custodian Routing — Assign data custodians to requests, track task completion
  • Status Workflow — Enforced status transitions with auto-advancement (e.g., verification complete automatically advances the request)
  • Deadline Extensions — Extend deadlines with logged justification (one extension per request)
  • Audit Trail — Append-only log of every action taken on every request
  • DSAR Register — Color-coded dashboard showing all requests with deadline urgency

For Developers

API Documentation

With the API running, visit http://localhost:8000/docs for interactive Swagger documentation.

Project Structure

dwm_app/              # FastAPI backend
  main.py              # App entry point
  config.py            # Settings (pydantic-settings)
  models.py            # SQLAlchemy ORM models
  schemas.py           # Pydantic validation schemas
  database.py          # DB engine and session
  seed.py              # Sample data seeder
  routers/             # API endpoints
  services/            # Business logic (deadline, workflow, audit)

dwm_frontend/          # Streamlit frontend
  app.py               # Main page
  api_client.py        # HTTP client for the API
  pages/               # Multi-page Streamlit app

tests/                 # pytest test suite
data/sample/           # Synthetic sample data

Running Tests

pip install -e ".[dev]"
pytest

Tech Stack

  • Backend: Python 3.11+, FastAPI, SQLAlchemy 2.0, Pydantic v2
  • Frontend: Streamlit
  • Database: SQLite (prototype), designed for PostgreSQL migration
  • Deployment: Docker, Railway

License

MIT — see LICENSE for details.

About

Manage data subject access requests (DSARs) under GDPR, CCPA/CPRA, and other privacy regulations. Tracks requests from intake through identity verification, custodian routing, and response — with auto-calculated deadlines and a full audit trail.

Topics

python sqlalchemy privacy compliance gdpr dsar fastapi legal-tech streamlit ccpa

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages