CCPA

How does Areev handle the right to deletion (1798.105)?

Areev implements the CCPA right to deletion through crypto-erasure — calling forget_user() destroys the consumer’s Data Encryption Key, making all associated grain data permanently unrecoverable. This context database uses the same deletion mechanism for AI memory that satisfies GDPR Art. 17, providing a unified erasure path across regulations.

The erasure proof returned by the operation includes the grain count, key fingerprint, and audit trail hash, providing verifiable evidence of deletion for regulatory compliance. The UserErased and KeyDestroyed audit events create an immutable record of when the deletion occurred. The autonomous memory system handles all tiers (hot, warm, cold) in a single operation, ensuring no orphaned data remains in object or archive storage.

import requests

# Delete all data for a consumer (CCPA 1798.105)
resp = requests.post("http://localhost:4009/api/memories/default/forget",
    json={"user_id": "consumer_id_12345"})
proof = resp.json()  # ErasureProof with grain count, key fingerprint

POST /api/memories/default/forget HTTP/1.1
Host: localhost:4009
Content-Type: application/json

{"user_id": "consumer_id_12345"}

areev erase consumer_id_12345

How does opt-out tracking work (1798.120)?

Areev tracks opt-out decisions using Consent grains with an opt-out consent model. Under the CCPA policy preset, processing is permitted unless the consumer has explicitly opted out, unlike GDPR’s opt-in model. This AI agent memory system records when consumers exercise their right to opt out of data sale or sharing.

The ConsentRevoked audit event records opt-out revocations. Consent grains store the subject, relation (opts_out_of), object (e.g., data_sharing), purpose (e.g., “CCPA right to opt-out of sale”), legal basis (ccpa_opt_out), and timestamp. The context database treats these grains as first-class data, queryable and auditable like any other grain.

# Record an opt-out
resp = requests.post("http://localhost:4009/api/memories/default/add", json={
    "type": "consent",
    "subject": "consumer_id_12345",
    "relation": "opts_out_of",
    "object": "data_sharing",
    "purpose": "CCPA right to opt-out of sale",
    "legal_basis": "ccpa_opt_out"
})

areev add --type consent --subject consumer_id_12345 \
  --relation opts_out_of --object data_sharing

How does the right to know work (1798.100)?

Areev supports the right to know through data export that returns all grains associated with a consumer, including content, metadata, and processing history. The export mechanism is shared with GDPR Art. 15 data subject access requests.

The export includes grain content, grain types, timestamps, tags, namespaces, and provenance records. Scopes provide a data inventory view — consumers’ AI memory can be organized by namespace, making it straightforward to identify what categories of data are held. This autonomous memory system logs every export via a UserDataExported audit event with the grain count and portability flag.

import requests

# Export consumer data (CCPA 1798.100)
resp = requests.get("http://localhost:4009/api/memories/default/export/consumer_id_12345")
data = resp.json()

GET /api/memories/default/export/consumer_id_12345 HTTP/1.1
Host: localhost:4009

areev export --user consumer_id_12345 --output consumer-data.json

What CCPA-specific compliance checks does Areev run?

Areev includes 6 compliance checks shared across CCPA, LGPD, and PIPL (the privacy regulations with similar requirements). These checks are evaluated when any of these three policy presets is active in this context database.

Each check maps to a specific CCPA section and verifies that the corresponding AI memory capability is configured and operational. The checks complement the 39 core compliance checks (encryption, erasure, audit, blind index, policy, authz) which also support CCPA requirements.

Related

• Scopes: Data organization and inventory
• Crypto-Erasure: Deletion mechanism
• GDPR: Comparison with GDPR requirements
• Compliance: Compliance verification overview