Docs / Security / Data Protection
Data protection controls.
Gvner enforces minimization, explicit access scopes, retention, and deletion policies.
How to use
1. Review control
Understand the control definition.
2. Verify implementation
Confirm evidence output exists.
3. Export proof
Generate evidence for auditors.
4. Monitor drift
Track changes to control posture.
Control areas
Data minimization
Policies restrict data exposure to required fields only.
Explicit access scopes
Agents may only access approved datasets and scopes.
Retention controls
Retention windows are policy-driven and auditable.
Deletion safeguards
Deletion actions require elevated approvals and evidence logging.
Evidence outputs
Policy basis tied to data-access decisions
Retention and deletion evidence in exports
Audit trails for data scope changes
Key API endpoints
GET /audit/retention — retention policy