← Compliance hub
Privacy-by-design (contributors)
PR checklist before merging features touching personal data.
Engineering hygiene supports privacy programs — not legal sign-off.
Checklist
- Purpose: Document why each new field exists.
- Minimization: Avoid collecting identifiers “just in case.”
- Sensitive classes: Flag health, biometric, children’s data — escalate.
- Retention: Tie to retention classes.
- Logging: Redact tokens/secrets from audit payload examples.
- Cross-border: Note new subprocessors or regions.
Markdown copy: docs/compliance/PR-PRIVACY-CHECKLIST.md