docs: add GDPR Data Practices section to About page

Added transparency section documenting Tractatus internal data practices: - What personal data collected (audit logs: usernames, timestamps, session IDs) - Why needed (framework governance audit trails) - Retention policy (configurable, default 90 days) - User rights (GDPR/DSGVO/RGPD Articles 15, 17, 20) Architectural principle emphasized: Data minimization as system constraint, not policy hope. BoundaryEnforcer prevents PII exposure structurally. Files updated: - public/about.html: Added "Tractatus Data Practices" section - public/locales/en/about.json: Added data_practices i18n content - public/locales/de/about.json: Added data_practices (DSGVO compliance) - public/locales/fr/about.json: Added data_practices (RGPD compliance) Compliance: Cultural DNA Refinement 1 (GDPR Consciousness - internal practices) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-28 20:36:37 +13:00 · 2025-10-28 20:36:37 +13:00 · 3413f6bd4d
commit 3413f6bd4d
parent c3691aa2fe
4 changed files with 87 additions and 0 deletions
--- a/public/about.html
+++ b/public/about.html
@ -176,6 +176,51 @@
      </div>
    </section>

+    <!-- Data Practices Section -->
+    <section class="mb-16">
+      <h2 class="text-3xl font-bold text-gray-900 mb-6" data-i18n="data_practices.heading">Tractatus Data Practices</h2>
+      <div class="prose prose-lg text-gray-600 mb-6">
+        <p data-i18n="data_practices.intro">
+          We practice what we preach—transparent data handling with architectural constraints:
+        </p>
+      </div>
+
+      <div class="grid md:grid-cols-2 gap-6 mb-6">
+        <div class="border-l-4 border-blue-600 pl-4">
+          <h3 class="text-xl font-bold text-gray-900 mb-2" data-i18n="data_practices.what_data_title">What Personal Data?</h3>
+          <p class="text-gray-700" data-i18n="data_practices.what_data_desc">
+            Audit logs may contain: usernames, timestamps, session IDs, action descriptions. No tracking cookies, no behavioral profiling, no cross-site data collection.
+          </p>
+        </div>
+
+        <div class="border-l-4 border-blue-600 pl-4">
+          <h3 class="text-xl font-bold text-gray-900 mb-2" data-i18n="data_practices.why_needed_title">Why Needed?</h3>
+          <p class="text-gray-700" data-i18n="data_practices.why_needed_desc">
+            Framework operation requires audit trails for governance decisions. BoundaryEnforcer logs blocked actions, CrossReferenceValidator logs instruction conflicts.
+          </p>
+        </div>
+
+        <div class="border-l-4 border-blue-600 pl-4">
+          <h3 class="text-xl font-bold text-gray-900 mb-2" data-i18n="data_practices.retention_title">How Long Retained?</h3>
+          <p class="text-gray-700" data-i18n="data_practices.retention_desc">
+            Configurable retention (default 90 days). Organizations can set retention based on their compliance requirements.
+          </p>
+        </div>
+
+        <div class="border-l-4 border-blue-600 pl-4">
+          <h3 class="text-xl font-bold text-gray-900 mb-2" data-i18n="data_practices.rights_title">Your Rights (GDPR)</h3>
+          <p class="text-gray-700">
+            <span data-i18n="data_practices.rights_desc">Access (Article 15), Deletion (Article 17), Portability (Article 20).</span>
+            Contact: <a href="mailto:john.stroh.nz@pm.me" class="text-blue-600 hover:underline" data-i18n="data_practices.contact_email">john.stroh.nz@pm.me</a>
+          </p>
+        </div>
+      </div>
+
+      <p class="text-sm text-gray-600 italic" data-i18n="data_practices.architectural_note">
+        Architectural principle: Data minimization is a system constraint, not a policy hope. BoundaryEnforcer prevents PII exposure structurally—audit trails provide compliance evidence.
+      </p>
+    </section>
+
    <!-- How It Works -->
    <section class="mb-16">
      <h2 class="text-3xl font-bold text-gray-900 mb-6" data-i18n="how_it_works.heading">How It Works</h2>
--- a/public/locales/de/about.json
+++ b/public/locales/de/about.json
@ -43,6 +43,20 @@
      "read_more_link": "Lesen Sie unseren vollständigen Ansatz zu Te Tiriti und indigener Datensouveränität →"
    }
  },
+  "data_practices": {
+    "heading": "Tractatus-Datenpraktiken",
+    "intro": "Wir praktizieren, was wir predigen – transparenter Datenumgang mit architektonischen Beschränkungen:",
+    "what_data_title": "Welche personenbezogenen Daten?",
+    "what_data_desc": "Audit-Protokolle können enthalten: Benutzernamen, Zeitstempel, Sitzungs-IDs, Aktionsbeschreibungen. Keine Tracking-Cookies, keine Verhaltensprofilierung, keine Cross-Site-Datenerfassung.",
+    "why_needed_title": "Warum benötigt?",
+    "why_needed_desc": "Der Framework-Betrieb erfordert Audit-Trails für Governance-Entscheidungen. BoundaryEnforcer protokolliert blockierte Aktionen, CrossReferenceValidator protokolliert Anweisungskonflikte.",
+    "retention_title": "Wie lange aufbewahrt?",
+    "retention_desc": "Konfigurierbare Aufbewahrung (Standard 90 Tage). Organisationen können die Aufbewahrung basierend auf ihren Compliance-Anforderungen festlegen.",
+    "rights_title": "Ihre Rechte (DSGVO)",
+    "rights_desc": "Zugang (Artikel 15), Löschung (Artikel 17), Übertragbarkeit (Artikel 20).",
+    "contact_email": "john.stroh.nz@pm.me",
+    "architectural_note": "Architektonisches Prinzip: Datenminimierung ist eine Systembeschränkung, keine Richtlinienhoffnung. BoundaryEnforcer verhindert strukturell die Offenlegung von personenbezogenen Daten – Audit-Trails liefern Compliance-Nachweise."
+  },
  "how_it_works": {
    "heading": "Wie es funktioniert",
    "intro": "Das Tractatus-Framework besteht aus fünf integrierten Komponenten, die zusammenarbeiten, um strukturelle Sicherheit durchzusetzen:",
--- a/public/locales/en/about.json
+++ b/public/locales/en/about.json
@ -50,6 +50,20 @@
      "read_more_link": "Read our complete approach to Te Tiriti and indigenous data sovereignty →"
    }
  },
+  "data_practices": {
+    "heading": "Tractatus Data Practices",
+    "intro": "We practice what we preach—transparent data handling with architectural constraints:",
+    "what_data_title": "What Personal Data?",
+    "what_data_desc": "Audit logs may contain: usernames, timestamps, session IDs, action descriptions. No tracking cookies, no behavioral profiling, no cross-site data collection.",
+    "why_needed_title": "Why Needed?",
+    "why_needed_desc": "Framework operation requires audit trails for governance decisions. BoundaryEnforcer logs blocked actions, CrossReferenceValidator logs instruction conflicts.",
+    "retention_title": "How Long Retained?",
+    "retention_desc": "Configurable retention (default 90 days). Organizations can set retention based on their compliance requirements.",
+    "rights_title": "Your Rights (GDPR)",
+    "rights_desc": "Access (Article 15), Deletion (Article 17), Portability (Article 20).",
+    "contact_email": "john.stroh.nz@pm.me",
+    "architectural_note": "Architectural principle: Data minimization is a system constraint, not a policy hope. BoundaryEnforcer prevents PII exposure structurally—audit trails provide compliance evidence."
+  },
  "how_it_works": {
    "heading": "How It Works",
    "intro": "The Tractatus Framework consists of six integrated components that work together to enforce structural safety:",
--- a/public/locales/fr/about.json
+++ b/public/locales/fr/about.json
@ -43,6 +43,20 @@
      "read_more_link": "Lire notre approche complète de Te Tiriti et de la souveraineté des données des populations autochtones →"
    }
  },
+  "data_practices": {
+    "heading": "Pratiques de données Tractatus",
+    "intro": "Nous pratiquons ce que nous prêchons — traitement transparent des données avec des contraintes architecturales :",
+    "what_data_title": "Quelles données personnelles ?",
+    "what_data_desc": "Les journaux d'audit peuvent contenir : noms d'utilisateur, horodatages, ID de session, descriptions d'actions. Pas de cookies de suivi, pas de profilage comportemental, pas de collecte de données intersites.",
+    "why_needed_title": "Pourquoi nécessaire ?",
+    "why_needed_desc": "Le fonctionnement du framework nécessite des pistes d'audit pour les décisions de gouvernance. BoundaryEnforcer enregistre les actions bloquées, CrossReferenceValidator enregistre les conflits d'instructions.",
+    "retention_title": "Combien de temps conservé ?",
+    "retention_desc": "Rétention configurable (par défaut 90 jours). Les organisations peuvent définir la rétention en fonction de leurs exigences de conformité.",
+    "rights_title": "Vos droits (RGPD)",
+    "rights_desc": "Accès (Article 15), Suppression (Article 17), Portabilité (Article 20).",
+    "contact_email": "john.stroh.nz@pm.me",
+    "architectural_note": "Principe architectural : La minimisation des données est une contrainte système, pas un espoir de politique. BoundaryEnforcer empêche structurellement l'exposition des DCP — les pistes d'audit fournissent des preuves de conformité."
+  },
  "how_it_works": {
    "heading": "Comment Ça Fonctionne",
    "intro": "Le Cadre Tractatus se compose de cinq composants intégrés qui travaillent ensemble pour appliquer la sécurité structurelle :",