ErasureDocs
Guides

Generate evidence

Export consent publish or rights deletion packages.

Generate evidence

Source: app_docs/guide/evidence.md, app_docs/evidence.md, app_docs/api.md.

Goal

Download an evidence package for a consent publish or a rights case.

What Evidence is

TermMeaning
EvidenceExportable proof package (JSON / CSV / report)
ActivityIn-console event timeline (not a portable package)

Evidence answers: Can I prove what happened?
It is not logging, analytics, or debugging.

Packages are assembled on read from existing domain data—not a separate write pipeline and not a separate EvidencePackage table. Package id is deterministic (e.g. rights_deletion:{caseId}, consent_publish:{versionId}).

Package shape (schemaVersion: 1)

FieldPurpose
idDeterministic id for the package
productrights | anumati
kindrights_deletion | consent_publish
statuscomplete / failed / partial / in_progress / cancelled / open
steps[]Lifecycle report steps with honest status
factsHeader key-values for audit
sourcesPointers to underlying rows (no secret material)

Rights lifecycle steps (documented)

  1. Request received
  2. Identity verified
  3. Identifiers matched
  4. Systems selected
  5. Connector execution
  6. Per-system outcome (one step per connector metric prefix)
  7. Completion
  8. Evidence generated

Partial connector failures surface as failed system steps even when overall case state differs.

Anumati publish steps (documented)

  1. Version published
  2. Published by (not stored on version row in schema v1 — marked not_applicable honestly)
  3. Publish timestamp
  4. Configuration snapshot (reuses snapshotJson — not copied)
  5. Consent receipt linkage (counts + latest receipt id)
  6. Evidence generated

When to use it

  • Export after Rights COMPLETED / FAILED / CANCELLED
  • Export after consent publish for “what was live”
  • Attach to internal compliance reviews

Rights deletion (console + API)

  1. Open the case (#/rights/:caseId).
  2. Open Evidence (#/rights/:caseId/evidence).
  3. Export JSON, CSV, or report.

API (session):

MethodPath
GET/api/platform/orgs/:orgId/rights/cases/:caseId/evidence
GETsame ?format=json|csv|report&download=1

Built from the Rights request + Activity events (created, verification, job enqueued/completed/failed, status). Includes System-level outcomes when present in job payloads.

  1. After publish, open project publish evidence UI.
  2. Export as needed.

API (session):

MethodPath
GET/api/platform/projects/:projectId/evidence/publish
GET/api/platform/projects/:projectId/evidence/publish/:versionId
GETsame ?format=…&download=1

Built from published version snapshot + receipt counts for that version.

Retention

Evidence is derived from primary data. Retention = retention of Cases, events, versions, and receipts.
There is no separate “evidence store” TTL in Beta.

Limits

  • Not a SIEM
  • Not a raw application log dump
  • Not a cryptographically sealed legal WORM archive (Beta)
  • Not proof that a third-party system you never connected deleted data

Next

Evidence concept · DPDP evidence