PHPackages rylxes/laravel-gdpr - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. rylxes/laravel-gdpr ActiveLibrary[Security](/categories/security) rylxes/laravel-gdpr =================== GDPR and CCPA compliance toolkit for Laravel with data export, right to erasure, consent management, and audit trails v1.0.1(2mo ago)00MITPHPPHP ^8.1CI passing Since Mar 8Pushed 2mo ago1 watchersCompare [ Source](https://github.com/rylxes/laravel-gdpr)[ Packagist](https://packagist.org/packages/rylxes/laravel-gdpr)[ Docs](https://github.com/rylxes/laravel-gdpr)[ RSS](/packages/rylxes-laravel-gdpr/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (12)Versions (3)Used By (0) Laravel GDPR ============ [](#laravel-gdpr) > **[Full Documentation](https://rylxes.com/docs/laravel-gdpr)** — Complete usage guide, configuration reference, and API docs. [![Latest Version](https://camo.githubusercontent.com/750d05c5b3253d1bf77b5b87be9607ce52e41a8dc3305ce4b6f85ecea21a2978/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f72796c7865732f6c61726176656c2d676470722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/rylxes/laravel-gdpr)[![PHP Version](https://camo.githubusercontent.com/c3d372b55ac2d4fcf386a178e11d9788310097b35f3893cf3daae574b6b4cd3e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253545382e312d626c75652e7376673f7374796c653d666c61742d737175617265)](https://php.net)[![Laravel Version](https://camo.githubusercontent.com/8633a273624f91777568896aa34dea64c23830ccb4ec2b0879da059472f383a1/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c61726176656c2d31302e7825323025374325323031312e7825323025374325323031322e782d7265642e7376673f7374796c653d666c61742d737175617265)](https://laravel.com) GDPR and CCPA compliance toolkit for Laravel applications. Provides data export (portability), right to erasure, consent management, and audit trails in a single package. Features -------- [](#features) - **Data Export (Portability)** - Queue-backed export of user data as JSON, CSV, or XML with secure timed download links - **Right to Erasure** - Orchestrated deletion or anonymisation respecting foreign key dependencies - **Consent Management** - Audit-ready consent log with IP, user-agent, and version tracking - **Cooling-Off Period** - Configurable delay before erasure execution, allowing cancellation - **Artisan Commands** - `gdpr:export`, `gdpr:erase`, `gdpr:prune` for compliance officer workflows - **Consent Middleware** - Gate routes by consent type with `gdpr.consent:marketing` - **Signed Download Links** - Time-limited, tamper-proof URLs via Laravel's signed routes - **CCPA Compatible** - "Do not sell" opt-out support via the consent type system - **Event System** - `DataExported`, `DataErased`, `ConsentRecorded`, `ErasureRequested` events - **Retention Policies** - Configurable auto-cleanup for exports and audit logs - **Polymorphic Users** - Works with any authenticatable model, not just `App\Models\User` - **Facade & Trait API** - Use `Gdpr::export($user)` or `$user->recordConsent('marketing')` Installation ------------ [](#installation) ### 1. Install via Composer [](#1-install-via-composer) ``` composer require rylxes/laravel-gdpr ``` ### 2. Run the installer [](#2-run-the-installer) ``` php artisan gdpr:install ``` This publishes the configuration file and runs migrations. ### 3. Implement contracts on your models [](#3-implement-contracts-on-your-models) ``` use Rylxes\Gdpr\Contracts\Exportable; use Rylxes\Gdpr\Contracts\Deletable; use Rylxes\Gdpr\Concerns\HandlesGdpr; class User extends Authenticatable implements Exportable, Deletable { use HandlesGdpr; public function exportData(): array { return $this->only(['name', 'email', 'phone', 'created_at']); } public function eraseData(): void { $this->anonymise(['name', 'email', 'phone', 'address']); } } ``` Apply `Exportable` and `Deletable` to any model containing personal data: ``` class Order extends Model implements Exportable, Deletable { use HandlesGdpr; public function exportData(): array { return $this->only(['id', 'total', 'status', 'created_at']); } public function eraseData(): void { $this->anonymise(['shipping_address', 'billing_address']); } // Child records erased before parent (lower priority = erased first) public function erasurePriority(): int { return 50; } } ``` Usage ----- [](#usage) ### Data Export [](#data-export) ``` use Rylxes\Gdpr\Facades\Gdpr; // Dispatch an export job (user gets email with download link) $export = Gdpr::export($user); $export = Gdpr::export($user, 'csv'); // CSV format // Via Artisan php artisan gdpr:export 42 php artisan gdpr:export 42 --format=csv php artisan gdpr:export 42 --sync // Run synchronously ``` ### Right to Erasure [](#right-to-erasure) ``` // Initiate erasure with cooling-off period $request = Gdpr::erase($user); $request = Gdpr::erase($user, 'delete', 'User requested account deletion'); // Cancel during cooling-off $request->cancel('User changed their mind'); // Via Artisan php artisan gdpr:erase 42 php artisan gdpr:erase 42 --force // Skip cooling-off php artisan gdpr:erase 42 --strategy=delete ``` ### Consent Management [](#consent-management) ``` // Record consent $user->recordConsent('marketing', '1.0', $request->ip()); $user->recordConsent('analytics'); // Or via facade Gdpr::recordConsent($user, 'terms_of_service', $request->ip()); // Check consent $user->hasConsent('marketing'); // true/false Gdpr::hasConsent($user, 'marketing'); // true/false // Revoke consent $user->revokeConsent('marketing'); // Get all active consent types $user->activeConsentTypes(); // ['analytics', 'terms_of_service'] // Query consent logs $user->consentLogs()->active()->get(); ``` ### Consent Middleware [](#consent-middleware) Gate routes that require specific consent: ``` Route::middleware('gdpr.consent:marketing')->group(function () { Route::get('/promotional-offers', [OffersController::class, 'index']); }); Route::middleware('gdpr.consent:analytics,tracking')->group(function () { // Requires both analytics AND tracking consent }); ``` ### Data Cleanup [](#data-cleanup) ``` // Prune expired exports and old audit logs php artisan gdpr:prune php artisan gdpr:prune --force // Skip confirmation // Schedule automatic pruning (in app/Console/Kernel.php) $schedule->command('gdpr:prune --force')->daily(); ``` Configuration ------------- [](#configuration) Publish the config file: ``` php artisan vendor:publish --tag=gdpr-config ``` ### Key Configuration Options [](#key-configuration-options) OptionDefaultDescription`export.default_format``json`Default export format (json, csv, xml)`export.storage_disk``local`Filesystem disk for export files`export.download_link_expiry_minutes``60`Download link lifetime`erasure.strategy``anonymize`Default: anonymize or delete`erasure.cooling_off_days``14`Days before erasure executes`consent.version``1.0`Current consent version`consent.log_ip_address``true`Log IP with consent events`queue.enabled``true`Queue export/erasure jobs`queue.queue_name``gdpr`Queue name for GDPR jobs`audit.consent_logs_retention_days``2555`~7 years retention### Per-Model Strategy Overrides [](#per-model-strategy-overrides) ``` // config/gdpr.php 'erasure' => [ 'strategy' => 'anonymize', // default 'model_strategies' => [ App\Models\Comment::class => 'delete', App\Models\Order::class => 'anonymize', ], ], ``` ### Environment Variables [](#environment-variables) ``` GDPR_ENABLED=true GDPR_QUEUE_ENABLED=true GDPR_QUEUE_NAME=gdpr GDPR_ERASURE_STRATEGY=anonymize GDPR_COOLING_OFF_DAYS=14 GDPR_EXPORT_FORMAT=json GDPR_DOWNLOAD_EXPIRY=60 GDPR_CONSENT_VERSION=1.0 GDPR_LOG_IP=true GDPR_CCPA_ENABLED=false ``` Events ------ [](#events) Listen to GDPR events for custom integrations: EventWhen`DataExported`After a data export is completed`DataErased`After user data has been erased`ConsentRecorded`When a user gives consent`ErasureRequested`When an erasure request is created``` // EventServiceProvider protected $listen = [ \Rylxes\Gdpr\Events\DataErased::class => [ \App\Listeners\NotifyDpoOfErasure::class, ], ]; ``` Database Schema --------------- [](#database-schema) TablePurpose`gdpr_consent_logs`Consent events with timestamps, IP, and version`gdpr_erasure_requests`Erasure request lifecycle and audit trail`gdpr_data_exports`Export records with download tokens and statusAll tables use a configurable prefix (`gdpr_` by default). Testing ------- [](#testing) ``` composer test ``` ### Local Development [](#local-development) Add the package as a path repository in your Laravel app's `composer.json`: ``` { "repositories": [ { "type": "path", "url": "../path/to/laravel-gdpr" } ], "require": { "rylxes/laravel-gdpr": "*" } } ``` Then run: ``` composer update rylxes/laravel-gdpr php artisan gdpr:install ``` Security -------- [](#security) - Download links use Laravel's `URL::temporarySignedRoute()` for tamper-proof, time-limited access - Export files are stored on a configurable disk (default: `local`, not publicly accessible) - Consent logs record IP addresses for audit trail compliance - The cooling-off period prevents accidental data loss - All GDPR operations are logged with metadata for compliance audits Contributing ------------ [](#contributing) Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE) for more information. Credits ------- [](#credits) - [Sherriff Agboola](https://github.com/rylxes) - [All Contributors](../../contributors) Support ------- [](#support) - [Issues](https://github.com/rylxes/laravel-gdpr/issues) - [Discussions](https://github.com/rylxes/laravel-gdpr/discussions) - Email: ### Health Score 36 — LowBetter than 82% of packages Maintenance87 Actively maintained with recent releases Popularity0 Limited adoption so far Community7 Small or concentrated contributor base Maturity43 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 63d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/8102778abfe9dfee27e418fd9f73a66272ac9ed13df456b5186c5b88676f7ce6?d=identicon)[rylxes](/maintainers/rylxes) --- Top Contributors [![rylxes](https://avatars.githubusercontent.com/u/1958058?v=4)](https://github.com/rylxes "rylxes (3 commits)") --- Tags laravelgdprcomplianceprivacyrylxesconsentdata protectionCCPAdata-exportright-to-erasure ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/rylxes-laravel-gdpr/health.svg) ``` [![Health](https://phpackages.com/badges/rylxes-laravel-gdpr/health.svg)](https://phpackages.com/packages/rylxes-laravel-gdpr) ``` ### Alternatives [roots/acorn Framework for Roots WordPress projects built with Laravel components. 9682.1M97](/packages/roots-acorn)[laravel/pulse Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application. 1.7k12.1M99](/packages/laravel-pulse)[laravel/cashier Laravel Cashier provides an expressive, fluent interface to Stripe's subscription billing services. 2.5k25.9M107](/packages/laravel-cashier)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 255.2k](/packages/aedart-athenaeum)[yadahan/laravel-authentication-log Laravel Authentication Log provides authentication logger and notification for Laravel. 416632.8k5](/packages/yadahan-laravel-authentication-log)[flarum/core Delightfully simple forum software. 211.3M1.9k](/packages/flarum-core) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)