Struct DataSubjectService 

pub struct DataSubjectService {
    index: SqliteBackend,
    vector: Option<Arc<dyn VectorBackend + Send + Sync>>,
}

Service for GDPR data subject rights operations.

Provides:

• export_user_data(): Export all user data (Article 20)
• delete_user_data(): Delete all user data (Article 17)

Storage Layers

Operations affect all three storage layers:

1. Persistence (SQLite) - Authoritative storage
2. Index (SQLite FTS5) - Full-text search index
3. Vector (usearch) - Embedding vectors

Audit Logging

All operations are logged for compliance:

• gdpr.export - Data export requests
• gdpr.delete - Data deletion requests

Fields

index: SqliteBackend

SQLite index backend for listing and deleting memories.

vector: Option<Arc<dyn VectorBackend + Send + Sync>>

Optional vector backend for deleting embeddings.

Implementations

impl DataSubjectService

pub const fn new(index: SqliteBackend) -> Self

Creates a new data subject service with an index backend.

Arguments

• index - SQLite index backend for memory operations

pub fn with_vector(self, vector: Arc<dyn VectorBackend + Send + Sync>) -> Self

Adds a vector backend for complete deletion of embeddings.

pub fn export_user_data(&self) -> Result<UserDataExport>

Exports all user data in a portable format.

Implements GDPR Article 20 (Right to Data Portability).

Returns

A UserDataExport containing all memories in JSON-serializable format.

Errors

Returns an error if:

• The index backend fails to list memories
• Memory retrieval fails

Audit

Logs a gdpr.export event with the count of exported memories.

Example

let service = DataSubjectService::new(index);
let export = service.export_user_data()?;

// Serialize to JSON for download
let json = serde_json::to_string_pretty(&export)?;
std::fs::write("my_data.json", json)?;

pub fn delete_user_data(&self) -> Result<DeletionResult>

Deletes all user data from all storage layers.

Implements GDPR Article 17 (Right to Erasure / “Right to be Forgotten”).

Storage Layers Affected

1. Index (SQLite) - Memory metadata and FTS index
2. Vector (usearch) - Embedding vectors (if configured)
3. Persistence (SQLite) - Authoritative storage (if configured)

Returns

A DeletionResult with counts and any failures.

Errors

Returns an error if:

• The index backend fails to list memories
• Critical deletion operations fail

Note: Individual memory deletion failures are captured in the result rather than causing the entire operation to fail.

Audit

Logs a gdpr.delete event with the count of deleted memories.

Warning

This operation is irreversible. All user data will be permanently deleted.

Example

let service = DataSubjectService::new(index)
    .with_vector(vector_backend);

let result = service.delete_user_data()?;

if result.complete {
    println!("Successfully deleted {} memories", result.deleted_count);
} else {
    eprintln!("Partial deletion: {} failed", result.failed_count);
}

fn delete_memory_from_all_layers(&self, id: &MemoryId) -> Result<()>

Deletes a single memory from all storage layers.

Deletion Order

1. Vector backend (if configured) - Delete embedding
2. SQLite Index - Delete from search index (authoritative)

pub fn record_consent(&self, record: &ConsentRecord) -> Result<()>

Records consent for a specific purpose.

Implements GDPR Article 7 (Conditions for Consent).

Arguments

• record - The consent record to store

Audit

Logs a gdpr.consent event with the purpose and grant status.

Example

use subcog::services::{DataSubjectService, ConsentRecord, ConsentPurpose};

let service = DataSubjectService::new(index);
let record = ConsentRecord::grant(ConsentPurpose::DataStorage, "1.0")
    .with_method("cli");
service.record_consent(&record)?;

Errors

Returns an error if consent recording fails.

pub fn revoke_consent( &self, purpose: ConsentPurpose, policy_version: &str, ) -> Result<()>

Revokes consent for a specific purpose.

Creates a revocation record and logs the event for audit.

Arguments

• purpose - The purpose for which consent is being revoked
• policy_version - The current policy version

Audit

Logs a gdpr.consent_revoked event.

Errors

Returns an error if consent revocation fails.

pub fn has_consent(&self, purpose: ConsentPurpose) -> bool

Checks if consent is granted for a specific purpose.

Returns

true if consent is currently granted for the purpose.

Note

Default implementation returns true for backward compatibility. Production systems should check persistent consent records.

pub fn consent_status(&self) -> ConsentStatus

Returns the current consent status for all purposes.

Returns

A ConsentStatus with the current state of all consents.

fn log_consent_event(record: &ConsentRecord)

Logs a consent event to the audit log.

fn log_export_event(memory_count: usize)

Logs an export event to the audit log.

fn log_deletion_event(deleted_count: usize, failed_count: usize)

Logs a deletion event to the audit log.

fn record_metrics( operation: &str, start: Instant, success_count: usize, failure_count: usize, )

Records metrics for the operation.