Skip to main content
IntentLang
← All examples

CustomerDataRequest

examples/CustomerDataRequest.intent

CustomerDataRequest.intent
1mission CustomerDataRequest
2use product
3
4title "Handle a data-subject access request (DSAR) under GDPR / CCPA"
5for PrivacyOfficer
6
7goal
8 Verify the requester, gather only the data they are entitled to, and respond in time.
9
10guarantee a request is fulfilled or refused within the statutory window
11 because a missed DSAR deadline is a reportable compliance failure
12 verify sla-timer test
13
14never disclose one customer's data to another person
15 verify identity-verification test
16
17# Governed data elements: each names why it is held, how long, and on what lawful basis,
18# so the compiler can enforce purpose limitation (see the IL-DATA-* diagnostics).
19data customer.email
20 classification pii
21 purpose "contact the requester and confirm their identity"
22 retention until account closure plus 30 days
23 basis contract
24
25data customer.ssn
26 classification sensitive
27 purpose "verify identity for a data-subject access request"
28 retention 30 days
29 basis legal_obligation
30
31data customer.orderHistory
32 classification confidential
33 purpose "include the customer's own records in the response"
34 retention 7 years
35 basis legal_obligation
36
37# Whether the request can be fulfilled as filed. Run it:
38# intent run CustomerDataRequest.intent
39# --inputs '{"identityVerified":true,"withinWindow":true,"requestType":"access"}'
40decision CanFulfil
41 inputs
42 identityVerified
43 withinWindow
44 requestType
45 rule unverified
46 when identityVerified == false
47 return RefuseUnverified
48 rule expired
49 when withinWindow == false
50 return RefuseOutOfWindow
51 rule erasure
52 when requestType == "erasure"
53 return QueueErasure
54 default
55 return Fulfil
56
57# The life of a request. Walk it: intent simulate CustomerDataRequest.intent
58# --events verify,gather,respond
59lifecycle RequestLifecycle
60 state Received
61 state Verified
62 state Gathering
63 state Responded
64 state Refused
65 transition verify
66 from Received
67 to Verified
68 transition refuse
69 from Received
70 to Refused
71 transition gather
72 from Verified
73 to Gathering
74 transition respond
75 from Gathering
76 to Responded
77 terminal Responded, Refused
78
79# The spec proves itself: intent test CustomerDataRequest.intent
80test CanFulfil
81 case verified in window is fulfilled
82 given identityVerified true, withinWindow true, requestType "access"
83 expect Fulfil
84 case unverified is refused
85 given identityVerified false, withinWindow true, requestType "access"
86 expect RefuseUnverified
87 case out of window is refused
88 given identityVerified true, withinWindow false, requestType "access"
89 expect RefuseOutOfWindow
90 case erasure is queued
91 given identityVerified true, withinWindow true, requestType "erasure"
92 expect QueueErasure
93
94test RequestLifecycle
95 scenario verified and answered
96 events verify, gather, respond
97 expect Responded
98 valid
99 scenario refused up front
100 events refuse
101 expect Refused
102 valid
103 scenario cannot gather before verifying
104 events gather
105 invalid
Draft syntax. This file is illustrative and does not run yet.