Skip to content

Compliance and traceability

Compliance in Minyu is not an add-on or a log file—it is part of the system’s architecture. Personal data handling, access visibility, deletion, and auditing are all implemented directly in the data model and execution pipeline. This makes compliance predictable, structured, and inspectable, even as the system evolves.

GDPR workflows built from the data model

Minyu provides a configurable GDPR module that operates directly on the schema. A GDPR configuration defines:

  • the root entity (such as Person)
  • which fields should be anonymized
  • which tables should be deleted
  • which related data should be included in an export

From this definition, Minyu executes GDPR workflows consistently across the entire relational graph—without scripts, custom queries, or manual cleanup. Everything that happens is driven by the model, and nothing happens that isn’t explicitly configured.

Anonymization and deletion with precise intent

Minyu distinguishes clearly between two operations:

  • Field-level anonymization — replaces selected values but keeps the row and its relations intact. Useful for preserving accounting records or historical aggregates.

  • Row deletion — removes the record entirely, following the defined relational paths. Used when the data must be removed completely.

These behaviors are configured visually: selecting a column means anonymizing it; selecting a table means deleting its rows. There is no hidden logic and no automatic escalation.

Structured personal-data export

Minyu can generate a complete ZIP archive of all personal data defined in a GDPR configuration, including:

  • selected fields and related tables
  • audit-log history
  • access-log history

This export intentionally bypasses read rules, as required by law, but all export activity is itself logged—making it possible to see exactly which employee accessed what data and when.

High-trust execution with full system logging

GDPR actions are explicit, deliberate operations:

  • they require a dedicated high-trust role
  • the user must confirm the action
  • read and write rules are bypassed to ensure full coverage
  • every execution is written to the audit log

Once executed, these actions cannot be rolled back inside the system. Recovery requires external backups, ensuring the seriousness of the operation is never understated.

Immutable, transaction-scoped audit history

Minyu records all data mutations in a transaction-scoped, append-only audit log. Each entry includes:

  • who made the change
  • when it happened
  • which table, row, and column were affected
  • previous and new values
  • the shared transaction reference tying related changes together

This makes it possible to reconstruct complete state transitions—even across multiple tables—in ways external logging cannot match.

Compliance through operational discipline

Minyu does not try to interpret legal requirements. Instead, it provides:

  • consistent and deterministic GDPR execution
  • structured personal data exports
  • precise anonymization and deletion controls
  • immutable audit trails for all changes
  • access logs for personal-data visibility

By embedding these capabilities directly into the platform, Minyu turns compliance into an operational property—not a separate system, not a set of scripts, and not a manual process that can drift over time.

→ Read more: GDPR, Audit log