Transparency Report
Last updated: 2026-05-29
In our Privacy Policy (§14) we committed to publishing an annual aggregated report of: judicial preservation and disclosure orders received, data-subject requests handled under LGPD / GDPR / CCPA, and any personal-data incidents notified under the deadlines in §10. This page is that report.
Counts are aggregated; no individual case identifies a user. Where the count is zero we still list the row, so the absence of a category is itself a transparency signal.
How to verify
The application source code is public at github.com/commoditizationstack/commoditization-stack. The audit-log structure that produces the counts below is defined in api/db/models.py (table audit_log) and its retention + PII-redaction rules in scripts/sweep.py. The deletion-decision events that prove a request was honoured remain in the audit log (with PII redacted after two years) and can be produced on a verified request.
Reports
Year 0 — pre-launch (initial deployment)
| Category | Count | Note |
|---|---|---|
| Judicial preservation orders received (Marco Civil art. 22) | 0 | Service had no users; no order was technically possible. |
| Judicial disclosure orders received | 0 | — |
| Non-judicial government data requests received | 0 | We do not act on non-judicial requests; this number is reported for completeness. |
| LGPD/GDPR access requests (art. 18 II / art. 15) | 0 | — |
| LGPD/GDPR deletion requests (art. 18 VI / art. 17) | 0 | — |
| LGPD/GDPR rectification requests (art. 18 III / art. 16) | 0 | — |
| Automated-decision human-review requests (art. 20 / art. 22) | 0 | — |
| Personal-data incidents notified to supervisory authority | 0 | — |
Commitments going forward
- A new annual report will be added to this page each January, covering the previous calendar year. The previous reports are kept on the page in chronological order so an external reader can audit the trend.
- If, in a given year, we receive zero requests in every category, we will still publish that year's report stating zero. Silence is not transparency.
- If the operator ever receives a non-judicial demand under gag conditions, we will commit to publishing a warrant canary in the next report — i.e., the absence of a specific affirmative statement will itself be the signal, to the extent legally permissible.
- Any change to the methodology (e.g. introducing a new processor that handles user data) will be noted in the changelog and reflected in the next report.
Questions about this report: contact the administrator.