Secure storage for personal records built to comply with GDPR

Databunker solution

Databunker

Databunker is a Personally Identifiable Information (PII) Data Storage Service built to Comply with GDPR and CCPA Privacy Requirements.

Slack

Project demo is available at: https://demo.databunker.org/. Please add a star if you like our project.

We live in a world where the privacy of our information is nonexistent. The EU has been working to remediate this fallacy with GDPR, and the US (California) follows with a first sparrow called CCPA.

Data Bunker Project is intended to ease the acceptance of GDPR and CCPA regulations while giving organizations an easy to implement API's, secure Database to store PII, and privacy portal. This will give all of us, the real data owners, control of our data, and allow us to know who is using our data, what is he doing with it, and have the freedom to decide if we agree to that or not.

This project, when deployed correctly, replaces all the customer's personal records (PII) scattered in the organization's different internal databases and log files with a single, randomly generated token managed by the Data Bunker service.

By deploying this project and moving all personal information to one place, you will comply with the following GDPR statement: Personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including for preventing unauthorized access to or use of personal data and the equipment used for the processing.

Diagram of old-style solution.

picture

Diagram of Solution with Paranoid Guy Data Bunker

picture

Other documents: INSTALLATION

Demo

Project demo is available at: https://demo.databunker.org/

You can see management for Natural person (data subject) account access:

Phone: 4444
Code: 4444

Email: [email protected]
Code: 4444

Demo Admin access token: DEMO

Working example with Node.js

Full working example implementing Databunker, Passport.js, and Magic.link is available here:

https://github.com/securitybunker/databunker-nodejs-example

Production systems.

Send us a note if you are running Databunker.

This project resolves most** of the GDPR requirements for you including:

NOTE: Implementing this project does not make you fully compliant with GDPR requirements and you still need to consult with an attorney specializing in privacy.

NOTE: When we use the term "Customer" we mean the data of the end-user that his information is being stored, shared, and deleted.

Right of access

Databunker extracts customer email, customer phone values out of the customers' personal records granting passwordless access for the customer into their Databunker personal account. This is done by generating a random access key that Databunker sends to your customer by email or by SMS. Your customer can login and view all the information collected and saved by Databunker in connection to his profile.

login form login with email verify login with code

Right to restrict processing / Consent withdrawal

Databunker can manage all of the customer's consents. A customer can Withdraw consent/restrict processing in his personal account at Databunker. For example, to block newsletter service. Your backend site can work with Databunker using our API to add, or cancel consents and a callback operation will be fired when a customer's action takes place.

Consent management Consent withdrawal

NOTE: Data bunker can call your backend script on a consent withdrawal (callback). You will have to handle these requests and remove the customer records from other 3rd party processing companies. For example: web recording services, email gateways, etc...

Privacy by design

This product, from the architecture level and down to code was built to comply with strict privacy laws such as GDPR and CCPA. Deploying this project can make your architecture privacy by design compliant.

Transparency and Accountability principle

Any system or customer connecting to Databunker must provide an access token to authorize any operation, otherwise, the operation will be aborted. An end customer can login to his profile with a random authorization code sent by email or SMS.

All operations with personal records are saved in the audit log.

Any customer can log in to his account at Data Bunker and view the full audit of activities performed on his profile.

Forget me

Right to be forgotten / Right to erasure

When your customer requests to exercise his right to be forgotten, his private records will be wiped out of the Data Bunker database, giving you the possibility to leave all internal databases intact while not impacting any of your other systems.

Upon customer removal request, Data bunker can call your backend script (callback) with the customer details. You will have to handle these requests and remove other customer records from 3rd party processing companies. For example from web recording services, email gateways, etc...

Forget me

NOTE: You will need to make sure that you do not have any customer identifiable information (PII) in your other databases, logs, files, etc...

Right to rectification/ Data Accuracy

Your customer can log in to his personal account at Data Bunker and change his records, for example, change his Name. Databunker can fire a callback operation with customer's details when a customer action takes place.

Change profile

Right to data portability

Your customer can log in to his personal account at Data Bunker and view and extract all his records stored at Data Bunker.

NOTE: You will need to provide your customers with a way to extract data from other internal databases.

Integrity and confidentiality

All personal data is encrypted. An audit log is written for all operations with personal records. All-access to Data Bunker API is done using an HTTPS SSL certificate. Enterprise version supports Shamir's Secret Sharing algorithm to split the master key into a number of keys. A number of keys (that can be saved in different hands in the organization) are required to bring up the system.

NOTE

Implementing this project does not make you fully compliant with GDPR requirements and you still need to consult with an attorney specializing in privacy.

Databunker use cases

Detailed information can be found at https://databunker.org/use-case/

  • Personal information tokenization and storage
  • Pseudonymized user identity for cross-border information transfer
  • Personal information consolidation
  • Critical data segregation
  • Trace customer profile changes and access
  • Temporary customer/app/session identity for 3rd party services
  • Data minimization and GDPR Scope reduction
  • Consent management, i.e. withdrawal
  • Encrypted session storage
  • GDPR compliant logging
  • DPO friendly service
  • User privacy portal
  • Passport.js support

Databunker quick start guide

Follow this article.

Contact us

For any questions, you can talk with us at [email protected]

Join the project slack channel to talk with developers: https://paranoidguy.slack.com/

Owner
null
https://github.com/paranoidguy/databunker https://databunker.org/
Comments
  • Bump github.com/tidwall/gjson from 1.5.0 to 1.6.5 in /src

    Bump github.com/tidwall/gjson from 1.5.0 to 1.6.5 in /src

    Bumps github.com/tidwall/gjson from 1.5.0 to 1.6.5.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump go.mongodb.org/mongo-driver from 1.3.0 to 1.5.1 in /src

    Bump go.mongodb.org/mongo-driver from 1.3.0 to 1.5.1 in /src

    Bumps go.mongodb.org/mongo-driver from 1.3.0 to 1.5.1.

    Release notes

    Sourced from go.mongodb.org/mongo-driver's releases.

    MongoDB Go Driver 1.5.1

    The MongoDB Go driver team is pleased to release 1.5.1 of the official Go driver.

    This release contains several bug fixes. Due to the issue below, we recommend all users upgrade to this version of the driver.

    Documentation can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver Jira where a list of current issues can be found.

    This CVE describes a security issue with the driver's BSON marshalling system. BSON marshalling functions would incorrectly handle null bytes embedded in BSON key names and the pattern/options fields of a BSON regex value. BSON marshalling functions now correctly validate and error if there is an embedded null byte in BSON key names or the pattern/options fields of a BSON regex value. We recommend all users of the driver upgrade to this version.

    CVE ID: CVE-2021-20329 Title: Specific cstrings input may not be properly validated in the MongoDB Go Driver Description: Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0. CVSS score: 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Affected products and versions, MongoDB Go Driver versions <= 1.5.0 Underlying operating systems affected: All

    For a full list of tickets included in this release, please see the links below:

    Bugs

    Tasks

    MongoDB Go Driver 1.5.0

    The MongoDB Go driver team is pleased to release 1.5.0 of the official Go driver.

    This release contains several new features and usability improvements for the driver.

    Documentation can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver Jira where a list of current issues can be found.

    This release contains a new errors API for the primary mongo package. Users can now detect duplicate key errors, timeouts, and network errors via the mongo.IsDuplicateKeyError, mongo.IsTimeout, and mongo.IsNetworkError functions, respectively. Additionally, a new UpdateByID function has been added to the mongo.Collection type to update a single document with a given _id value.

    The Go Driver now supports using GCP and Azure key management services with the client-side field level encryption feature. In addition, AWS key management support has been enhanced to allow authenticating with temporary AWS credentials. See the MongoDB docs for more information about these improvements. Use of client-side field level encryption requires users to install the latest released version of libmongocrypt. Note: This means that existing applications that use this feature will need to upgrade the libmongocrypt dependency when upgrading to this driver version; otherwise, the application will fail to compile. Users can upgrade to the latest development release of libmongocrypt via the OS-specific instructions for macos, Windows, and Linux.

    Monitoring has now been added for various server events. A ServerMonitor set on a mongo.Client monitors changes on the MongoDB deployment it is connected to and reports the changes in the client's representation of the deployment.

    The driver will now error if a map with more than one key is used as a hint option, sort option, or for index creation. This is to prevent unexpected behavior, for example, an index being created with the keys in the wrong order.

    ... (truncated)

    Commits
    • 40c0e70 Update version to v1.5.1
    • 3a89e6c GODRIVER-1923 Error if BSON cstrings contain null bytes (#622)
    • 1a2534c GODRIVER-1935 Update scram/stringprep dependencies (#624)
    • 6ea353a GODRIVER-1918 Check for zero length in readstring (#613)
    • d5e11aa GODRIVER-1919 Support decoding ObjectIDs from hex strings in BSON (#610)
    • e0ed6d6 Update version to v1.5.1+prerelease
    • 6760875 Update version to v1.5.0
    • 19a368c GODRIVER-1911 Fix Windows/macos test failures for CSFLE (#603)
    • 2a5f9a4 GODRIVER-1879 Apply connectTimeoutMS to TLS handshake (#594)
    • 2c5b75b GODRIVER-1855 Support AWS authentication with temporary credentials in CSFLE ...
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Typo in Data Bunker diagram

    Typo in Data Bunker diagram

    https://raw.githubusercontent.com/securitybunker/databunker/master/images/databunker-solution.png Shows "Encryption is motion", should be "Encryption in motion"

  • PostgreSQL backend?

    PostgreSQL backend?

    Hi @stremovsky, thank you for such as great project. It definitely helps many developers on PII compliance.

    Just wondering is there a plan to support alternate DB like PostgreSQL? It is easier for self-hosting since there's existing tech stacks for this.

    Thanks in advance!

  • ValidateNewApp limits tables created

    ValidateNewApp limits tables created

    Given the line here, https://github.com/securitybunker/databunker/blob/master/src/userapps_api.go#L28 with implementation here: https://github.com/securitybunker/databunker/blob/bd6af1443b35445fc5a7a0c4f4f4c6837c7f020f/src/storage/mysql-storage.go#L871

    Does databunker limit the number of tables that can be created for users given the hardcoded 100 for SQL and 10 for SQLite? We seem to be encountering the 405 db limitation error after a while which gets fixed when databunker is re-upped. Can we get clarity on the purpose of the limit? Thank you!

  • Multiple access tokens?

    Multiple access tokens?

    Hey there, I was able to deploy databunker on a microk8s instance with openfaas. so far things are working fine and I even implemented a simple password less login mechanism. I was wondering if it is possible to generate more than just the root_key to access the databunker api, for example one for each user app, so that it is possible to distinguish the different systems that access a user's data. can other tokens than the root token be generated?

    Thank you for this great peace of software

Related tags
Database golang security privacy encryption database vault application-server compliance passportjs tokenization gdpr legaltech anonymization pii data-anonymization privacy-by-design user-consent piidata ccpa gdpr-requirements
Multitiered file storage API built on Filecoin and IPFS
 Multitiered file storage API built on Filecoin and IPFS

Powergate Powergate is a multitiered file storage API built on Filecoin and IPFS, and an index builder for Filecoin data. It's designed to be modular

Dec 20, 2022
Walrus - Fast, Secure and Reliable System Backup, Set up in Minutes.
 Walrus - Fast, Secure and Reliable System Backup, Set up in Minutes.

Walrus is a fast, secure and reliable backup system suitable for modern infrastructure. With walrus, you can backup services like MySQL, PostgreSQL, Redis, etcd or a complete directory with a short interval and low overhead. It supports AWS S3, digitalocean spaces and any S3-compatible object storage service.

Jan 5, 2023
moss - a simple, fast, ordered, persistable, key-val storage library for golang

moss moss provides a simple, fast, persistable, ordered key-val collection implementation as a 100% golang library. moss stands for "memory-oriented s

Dec 18, 2022
A MySQL-compatible relational database with a storage agnostic query engine. Implemented in pure Go.

go-mysql-server is a SQL engine which parses standard SQL (based on MySQL syntax) and executes queries on data sources of your choice. A simple in-memory database and table implementation are provided, and you can query any data source you want by implementing a few interfaces.

Dec 27, 2022
A GPU-powered real-time analytics storage and query engine.
A GPU-powered real-time analytics storage and query engine.

AresDB AresDB is a GPU-powered real-time analytics storage and query engine. It features low query latency, high data freshness and highly efficient i

Jan 7, 2023
IceFireDB - Distributed disk storage system based on Raft and RESP protocol.
 IceFireDB - Distributed disk storage system based on Raft and RESP protocol.

Distributed disk storage database based on Raft and Redis protocol.

Dec 27, 2022
Key-Value Storage written in Go.

kvs kvs is an in-memory key-value storage written in Go. It has 2 different usage. It can be used as a package by importing it to your code or as a se

Jun 15, 2022
The lightweight, distributed relational database built on SQLite.
 The lightweight, distributed relational database built on SQLite.

rqlite is a lightweight, distributed relational database, which uses SQLite as its storage engine. Forming a cluster is very straightforward, it grace

Jan 5, 2023
Golang in-memory database built on immutable radix trees

go-memdb Provides the memdb package that implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consi

Jan 7, 2023
Use the tools you know. Respect users' privacy. Forget cookie consents. Comply with GDPR, ePrivacy, COPPA, CalOPPA, PECR, PIPEDA, CASL;
Use the tools you know. Respect users' privacy. Forget cookie consents. Comply with GDPR, ePrivacy, COPPA, CalOPPA, PECR, PIPEDA, CASL;

Privera Community Edition (CE) The Analytics' Anonymization Proxy Use the tools you know. Respect users' privacy. Forget cookie consents.

Dec 15, 2022
This repo introduces a simple server, which provided some APIs for search DAS account's records or reverse records

Prerequisites Install Usage Others Das-Account-Indexer This repo introduces a simple server, which provided some APIs for search DAS account's records

Dec 13, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
 Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Jan 9, 2023
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
 Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Jan 6, 2023
Personal-Solana-Wallet - Create your personal wallet on Solana blockchain

Personal Wallet on Solana using Go ♾️ Setting up environment Installation of Cob

Nov 9, 2022
The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your container orchestrator

fortress-csi The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your co

Jan 23, 2022
Perkeep (née Camlistore) is your personal storage system for life: a way of storing, syncing, sharing, modelling and backing up content.

Perkeep is your personal storage system. It's a way to store, sync, share, import, model, and back up content. Keep your stuff for life. For more, see

Dec 26, 2022
Fast, secure and efficient secure cookie encoder/decoder

Encode and Decode secure cookies This package provides functions to encode and decode secure cookie values. A secure cookie has its value ciphered and

Dec 9, 2022
Secure software enclave for storage of sensitive information in memory.

MemGuard Software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being expos

Dec 30, 2022
Secure software enclave for storage of sensitive information in memory.

MemGuard Software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being expos

Dec 30, 2022
dynflare is a tool to automatically update dns records at Cloudflare, when the ip changes.

dynflare dynflare is a tool to automatically update dns records at Cloudflare, when the ip changes. How it works The current ips are determined by ask

Dec 7, 2021