Personal Data Inventory

Centralized record of all fields containing personal data on the platform, with cross-system search that locates all data for a given subject across the entire Textualiza system.

Mapped categories:

Identification Contact Financial Biometric Location Professional Health Judicial

Sensitive data (Art. 11 LGPD) Personal data

Data Subject Rights (Art. 18 LGPD)

Complete workflow for all requests required by LGPD (Brazil's data protection law), with an automatic 15-day deadline, instantly generated protocol numbers, and automated execution with affected record tracking.

Access

Query all data held about a subject

Correction

Rectification of incorrect data

Deletion

Erasure of personal data

Portability

Export to another controller

Revocation

Withdrawal of consent

Sharing

Information about third parties

15-day deadline (Art. 18, §1º) automatically tracked, with a unique protocol number generated for each request.

Data Portability

Full export of a data subject's information in open, interoperable formats.

Structured JSON

Machine-readable format with complete data hierarchy and export metadata.

Tabular CSV

Tabular format for spreadsheet use, with export date, organization, and total record count.

Data Anonymization

Data-type-specific anonymization strategies, with a dry-run mode for validation before actual execution. Anonymization is cross-system — it covers all subject data across the entire platform.

Anonymized types:

CPF CNPJ Email Phone Names Files JSON fields Addresses

Retention Policies

Configurable policies per organization, application, model, and data category. When data expires, it is automatically anonymized or deleted — no manual intervention required.

Precedence system

The most specific policy wins. If a rule exists for a model, it takes priority over the organization-level rule.

Daily automatic execution

Celery tasks check and apply retention rules every day, with a notification 30 days before deletion.

Default retention even without the module active

180 days for NLP data, 90 days for OCR data — built-in protection out of the box.

Personal Data Access Logs

Immutable record of every access to personal data: viewing, searching, exporting, and API calls. With intelligent deduplication by time window to reduce noise.

Data captured on each access:

User IP Address User-Agent Timestamp Access type Immutable record

DPIA — Data Protection Impact Assessment

Automated generation of the Data Protection Impact Assessment (RIPD under Brazilian law), with version control and an approval workflow.

The report includes:

Complete inventory of processed personal data
Description of processing activities
Data protection risk assessment
Mitigation measures adopted
Structured JSON format for integration

Full Audit Trail

Immutable log of all LGPD-related operations. Each action records the user, IP address, and relevant metadata.

Audited operations:

Policy creation and modification Retention executions Data subject requests Personal data searches Exports and anonymizations DPIA generation and approval

Role-Based Access Control

Three permission levels ensure that each person only accesses what they need.

Member

Compliance dashboard
Access logs
Manage policies

Manager

Compliance dashboard
Access logs
Manage policies

Full

Master

Everything from Manager
Execute requests
DPIA and full audit

Multi-tenancy

Complete isolation per organization across all compliance models. Each company has its own retention policies, access logs, data subject requests, and reports — no data sharing between organizations.

LGPD & GDPR built into the platform