The General Data Protection Regulation (GDPR) is the European Union’s data protection law, in effect since May 2018. It governs how organizations collect, process, and store personal data of individuals in the EU.
Full text: Regulation (EU) 2016/679
Article Mapping
The table below maps specific GDPR articles to Rediacc’s technical capabilities.
| Article | Requirement | Rediacc Capability |
|---|---|---|
| Art. 5, Principles | Data minimization, integrity, confidentiality | CoW clones (cp --reflink=always) duplicate data on the same machine without network transfer. LUKS2 AES-256 encrypts all data at rest. |
| Art. 17, Right to erasure | Delete personal data on request | rdc repo destroy cryptographically erases the LUKS volume. Deleting a fork removes the cloned copy entirely. |
| Art. 25, Data protection by design | Privacy by default | Encryption is mandatory, not optional. Each repository gets an isolated Docker daemon and network. No data sharing between repositories. The config store uses zero-knowledge encryption: configs are encrypted client-side with AES-256-GCM before upload, so the server cannot read any plaintext data. |
| Art. 28, Processor | Third-party data processing obligations | Self-hosted: Rediacc runs on your infrastructure. No data leaves your machine during fork, clone, or backup operations. No SaaS component processes personal data. |
| Art. 30, Records of processing | Maintain processing activity records | Audit logging tracks 70+ event types: authentication, API tokens, config store operations, licensing, and CLI machine operations (repo lifecycle, backup, sync, terminal). Export via admin dashboard, portal activity page, or rdc audit CLI. |
| Art. 32, Security of processing | Appropriate technical measures | LUKS2 AES-256 encryption at rest, network isolation via iptables and separate Docker daemons, loopback IP subnets (/26) per repository. Config store uses triple-layer encryption: time-windowed SDK keys, split-key CEK derivation (passkey + server secret), and org passphrase encryption. |
| Art. 33, Breach notification | 72-hour notification with forensic trail | Audit logs provide a forensic trail of all operations. Self-hosted architecture limits blast radius to individual repositories. |
Data Residency
CoW clones never leave the source machine. The rdc repo fork command creates a filesystem-level copy using reflinks. No data is transferred over the network.
For cross-machine operations, rdc repo backup push/pull transfers data over SSH. The backup destination receives LUKS-encrypted volumes that cannot be read without the operator’s credentials.
Environment Cloning and Data Masking
When cloning production environments for development or testing, the Rediaccfile up() lifecycle hook runs sanitization scripts after a fork is created: strip PII from databases, replace real emails with test addresses, remove API tokens and session data, anonymize log files. The development environment gets production structure without production identities, satisfying the data minimization principle (Art. 5(1)(c)).
Zero-Knowledge Config Store
The optional config store allows syncing CLI configurations across devices. It is designed so the server has zero knowledge of config contents:
- Client-side encryption: Configs are encrypted with AES-256-GCM before upload. The encryption key (CEK) is derived from a passkey PRF secret and a server-held secret using HKDF with domain separation. Neither party alone can derive the key.
- Server sees only opaque blobs: SSH keys, credentials, IP addresses, network topology. None of this is visible to the server. Only metadata (config IDs, versions, timestamps) is stored in plaintext.
- Member access via X25519: When a team member is added, the CEK is encrypted with their X25519 public key and relayed by the server. The server never sees the CEK in plaintext.
- Immediate revocation: Removing a member deletes their wrapped CEK and revokes their tokens. Future configs use new SDK epochs inaccessible to the removed member.
- Rotating tokens: CLI authentication uses single-use rotating tokens (3-request grace window), IP-bound on first use, with 24-hour auto-expiry.
Even a full server compromise cannot expose config contents. The server never has the key.
For details, see Config Storage.
Data Controller and Processor
Because Rediacc is self-hosted software, your organization is both the data controller and data processor. Rediacc (the company) does not access, process, or store your data. There is no data processing agreement required with Rediacc for the self-hosted product, as no personal data flows to Rediacc’s infrastructure.
The config store is the one component that touches Rediacc’s servers (for sync), but its zero-knowledge design means the server stores only encrypted blobs it cannot decrypt.