@tantainnovative/ndpr-toolkit 3.4.1 → 3.5.1

package/dist/hooks.d.mts

@@ -1,30 +1,2174 @@
-export { C as ConsentOption, a as ConsentSettings, b as ConsentStorageOptions, L as LawfulBasisType } from './consent-CmVzqZUk.mjs';
-export { D as DSRRequest, a as DSRStatus, b as DSRType } from './dsr-yKbqX531.mjs';
-export { a as DPIAResult, b as DPIARisk } from './dpia-c9GiiOq0.mjs';
-export { a as BreachReport, N as NotificationRequirement, b as RiskAssessment } from './breach-Eu9byel8.mjs';
-export { O as OrganizationInfo, P as PolicySection, c as PrivacyPolicy } from './privacy-Ca6te9Ir.mjs';
-export { L as LawfulBasis, a as LawfulBasisSummary, P as ProcessingActivity } from './lawful-basis-Cv1VmDLn.mjs';
-export { C as CrossBorderSummary, a as CrossBorderTransfer } from './cross-border-UyT00llA.mjs';
-export { P as ProcessingRecord, R as ROPASummary, a as RecordOfProcessingActivities } from './ropa-CFHuT7jE.mjs';
-export { u as useConsent } from './useConsent-DCNkIJHR.mjs';
-export { u as useDSR } from './useDSR-WvHk8_iu.mjs';
-export { u as useDPIA } from './useDPIA-B6180UQn.mjs';
-export { u as useBreach } from './useBreach-CPr86Yan.mjs';
-export { u as useDefaultPrivacyPolicy, a as usePrivacyPolicy } from './useDefaultPrivacyPolicy-Cs2WQSYQ.mjs';
-export { u as useLawfulBasis } from './useLawfulBasis-CKJ-kw84.mjs';
-export { u as useCrossBorderTransfer } from './useCrossBorderTransfer-DixjLjN1.mjs';
-export { U as UseROPAOptions, a as UseROPAReturn, u as useROPA } from './useROPA-C2hjaBTz.mjs';
-import { C as ComplianceInput, b as ComplianceReport } from './compliance-score-racQe_E_.mjs';
-export { U as UseAdaptivePolicyWizardOptions, a as UseAdaptivePolicyWizardReturn, u as useAdaptivePolicyWizard } from './useAdaptivePolicyWizard-BSLyltzZ.mjs';
-import './types-DK2CoKOC.mjs';
-import './lawful-basis-C2eGaoHM.mjs';
-import './cross-border-BBi9rZyO.mjs';
-import './ropa-NIgxd8uP.mjs';
-import './policy-engine-5qTfp2z4.mjs';
-
-interface UseComplianceScoreOptions {
-    input: ComplianceInput;
-}
-declare function useComplianceScore({ input }: UseComplianceScoreOptions): ComplianceReport;
-
-export { ComplianceInput, ComplianceReport, useComplianceScore };
+/**
+ * Adequacy status of a destination country
+ */
+declare type AdequacyStatus = 'adequate' | 'inadequate' | 'pending_review' | 'unknown';
+
+/**
+ * Breach notification types aligned with NDPA 2023 Section 40
+ * Data controllers must notify the NDPC within 72 hours of becoming aware of a breach
+ * Data subjects must be notified without undue delay when breach is likely to result in high risk
+ */
+/**
+ * Represents a data breach category
+ */
+declare interface BreachCategory {
+    /** Unique identifier for the category */
+    id: string;
+    /** Display name for the category */
+    name: string;
+    /** Description of this breach category */
+    description: string;
+    /** Default severity level for this category */
+    defaultSeverity: 'low' | 'medium' | 'high' | 'critical';
+}
+
+declare type BreachCompositeState = {
+    reports: BreachReport[];
+    assessments: RiskAssessment[];
+    notifications: RegulatoryNotification[];
+};
+
+/**
+ * Represents a data breach report
+ */
+export declare interface BreachReport {
+    /** Unique identifier for the breach report */
+    id: string;
+    /** Title/summary of the breach */
+    title: string;
+    /** Detailed description of the breach */
+    description: string;
+    /** Category of the breach */
+    category: string;
+    /** Timestamp when the breach was discovered */
+    discoveredAt: number;
+    /** Timestamp when the breach occurred (if known) */
+    occurredAt?: number;
+    /** Timestamp when the breach was reported internally */
+    reportedAt: number;
+    /** Person who reported the breach */
+    reporter: {
+        name: string;
+        email: string;
+        department: string;
+        phone?: string;
+    };
+    /** Systems or data affected by the breach */
+    affectedSystems: string[];
+    /** Types of data involved in the breach */
+    dataTypes: string[];
+    /** Whether sensitive personal data is involved (NDPA Section 27) */
+    involvesSensitiveData?: boolean;
+    /** Estimated number of data subjects affected */
+    estimatedAffectedSubjects?: number;
+    /** Whether the breach is ongoing or contained */
+    status: 'ongoing' | 'contained' | 'resolved';
+    /** Initial actions taken to address the breach */
+    initialActions?: string;
+    /** Attachments related to the breach */
+    attachments?: Array<{
+        id: string;
+        name: string;
+        type: string;
+        url: string;
+        addedAt: number;
+    }>;
+}
+
+/** A single gap found during NDPA compliance evaluation. */
+declare interface ComplianceGap {
+    /** Machine-readable requirement identifier. */
+    requirementId: string;
+    /** Human-readable name of the requirement. */
+    requirement: string;
+    /** Reference to the relevant NDPA section. */
+    ndpaSection: string;
+    /** How severe the gap is. */
+    severity: 'critical' | 'important' | 'recommended';
+    /** Explanation of what is missing. */
+    message: string;
+    /** Suggested fix type for the UI. */
+    fixType: 'add_section' | 'add_content' | 'fill_field';
+    /** Label for the fix action button. */
+    fixLabel: string;
+    /** Pre-written content the user can insert to close the gap. */
+    suggestedContent?: string;
+}
+
+export declare interface ComplianceInput {
+    consent: {
+        hasConsentMechanism: boolean;
+        hasPurposeSpecification: boolean;
+        hasWithdrawalMechanism: boolean;
+        hasMinorProtection: boolean;
+        consentRecordsRetained: boolean;
+    };
+    dsr: {
+        hasRequestMechanism: boolean;
+        supportsAccess: boolean;
+        supportsRectification: boolean;
+        supportsErasure: boolean;
+        supportsPortability: boolean;
+        supportsObjection: boolean;
+        /** Expected max response time in days (>30 counts as a gap) */
+        responseTimelineDays: number;
+    };
+    dpia: {
+        conductedForHighRisk: boolean;
+        documentedRisks: boolean;
+        mitigationMeasures: boolean;
+    };
+    breach: {
+        hasNotificationProcess: boolean;
+        notifiesWithin72Hours: boolean;
+        hasRiskAssessment: boolean;
+        hasRecordKeeping: boolean;
+    };
+    policy: {
+        hasPrivacyPolicy: boolean;
+        isPubliclyAccessible: boolean;
+        /** ISO date string (YYYY-MM-DD); >13 months old counts as a gap */
+        lastUpdated: string;
+        coversAllSections: boolean;
+    };
+    lawfulBasis: {
+        documentedForAllProcessing: boolean;
+        hasLegitimateInterestAssessment: boolean;
+    };
+    crossBorder: {
+        hasTransferMechanisms: boolean;
+        adequacyAssessed: boolean;
+        ndpcApprovalObtained: boolean;
+    };
+    ropa: {
+        maintained: boolean;
+        includesAllProcessing: boolean;
+        /** ISO date string (YYYY-MM-DD); >6 months since review counts as a gap */
+        lastReviewed: string;
+    };
+}
+
+/**
+ * Compliance Score Engine
+ *
+ * Evaluates an organisation's NDPA compliance posture across eight modules and
+ * returns a scored, rated report with per-module breakdowns and sorted
+ * recommendations.
+ *
+ * Pure utility — zero React dependency.
+ */
+declare type ComplianceRating = 'excellent' | 'good' | 'needs-work' | 'critical';
+
+export declare interface ComplianceReport {
+    /** Overall compliance score, 0–100 */
+    score: number;
+    /** Rating bucket */
+    rating: ComplianceRating;
+    /** Per-module breakdown keyed by module name */
+    modules: Record<string, ModuleScore>;
+    /** Recommendations sorted by priority (critical first) */
+    recommendations: Recommendation[];
+    /** Top-level regulatory references */
+    regulatoryReferences: RegulatoryReference[];
+    /** ISO date of when the report was generated */
+    generatedAt: string;
+}
+
+/** Result of evaluating a policy against NDPA requirements. */
+declare interface ComplianceResult {
+    /** Points earned. */
+    score: number;
+    /** Maximum achievable points (115). */
+    maxScore: number;
+    /** Percentage score (0-100). */
+    percentage: number;
+    /** Overall compliance rating. */
+    rating: 'compliant' | 'nearly_compliant' | 'not_compliant';
+    /** List of identified compliance gaps. */
+    gaps: ComplianceGap[];
+    /** List of requirement ids that passed. */
+    passed: string[];
+}
+
+/**
+ * Consent types aligned with NDPA 2023 Section 25-26
+ * Consent must be freely given, specific, informed, and unambiguous
+ */
+/**
+ * Represents a consent option that can be presented to users
+ */
+export declare interface ConsentOption {
+    /** Unique identifier for the consent option */
+    id: string;
+    /** Display label for the consent option */
+    label: string;
+    /** Detailed description of what this consent option covers */
+    description: string;
+    /** Whether this consent option is required (cannot be declined) */
+    required: boolean;
+    /**
+     * The specific purpose for which data will be processed
+     * NDPA Section 25(2) requires consent to be specific to each purpose
+     */
+    purpose: string;
+    /**
+     * Default state of the consent option
+     * @default false
+     */
+    defaultValue?: boolean;
+    /**
+     * Categories of personal data covered by this consent option
+     */
+    dataCategories?: string[];
+}
+
+/**
+ * Represents the user's consent settings
+ */
+export declare interface ConsentSettings {
+    /** Map of consent option IDs to boolean values indicating consent status */
+    consents: Record<string, boolean>;
+    /** Timestamp when consent was last updated */
+    timestamp: number;
+    /** Version of the consent form that was accepted */
+    version: string;
+    /** Method used to collect consent (e.g., "banner", "settings", "api") */
+    method: string;
+    /** Whether the user has actively made a choice (as opposed to default settings) */
+    hasInteracted: boolean;
+    /**
+     * The lawful basis under which processing is conducted
+     * Required by NDPA Section 25(1)
+     */
+    lawfulBasis?: LawfulBasisType;
+}
+
+/**
+ * Represents the storage mechanism for consent settings
+ */
+export declare interface ConsentStorageOptions {
+    /**
+     * Storage key for consent settings
+     * @default "ndpr_consent"
+     */
+    storageKey?: string;
+    /**
+     * Storage type to use
+     * @default "localStorage"
+     */
+    storageType?: 'localStorage' | 'sessionStorage' | 'cookie';
+    /**
+     * Cookie options (only used when storageType is "cookie")
+     */
+    cookieOptions?: {
+        /** Domain for the cookie */
+        domain?: string;
+        /**
+         * Path for the cookie
+         * @default "/"
+         */
+        path?: string;
+        /**
+         * Expiration days for the cookie
+         * @default 365
+         */
+        expires?: number;
+        /**
+         * Whether the cookie should be secure
+         * @default true
+         */
+        secure?: boolean;
+        /**
+         * SameSite attribute for the cookie
+         * @default "Lax"
+         */
+        sameSite?: 'Strict' | 'Lax' | 'None';
+    };
+}
+
+/**
+ * Summary of cross-border transfer compliance
+ */
+export declare interface CrossBorderSummary {
+    /** Total number of active transfers */
+    totalActiveTransfers: number;
+    /** Breakdown by transfer mechanism */
+    byMechanism: Record<TransferMechanism, number>;
+    /** Breakdown by adequacy status */
+    byAdequacy: Record<AdequacyStatus, number>;
+    /** Transfers pending NDPC approval */
+    pendingApproval: CrossBorderTransfer[];
+    /** Transfers due for review */
+    dueForReview: CrossBorderTransfer[];
+    /** Transfers missing TIA */
+    missingTIA: CrossBorderTransfer[];
+    /** High-risk transfers */
+    highRiskTransfers: CrossBorderTransfer[];
+    /** Last updated timestamp */
+    lastUpdated: number;
+}
+
+/**
+ * Represents a cross-border data transfer record
+ */
+export declare interface CrossBorderTransfer {
+    /** Unique identifier */
+    id: string;
+    /** Destination country or territory */
+    destinationCountry: string;
+    /** ISO country code */
+    destinationCountryCode?: string;
+    /** Adequacy status of the destination */
+    adequacyStatus: AdequacyStatus;
+    /** The transfer mechanism being relied upon */
+    transferMechanism: TransferMechanism;
+    /** Categories of personal data being transferred */
+    dataCategories: string[];
+    /** Whether sensitive personal data is included */
+    includesSensitiveData: boolean;
+    /** Estimated number of data subjects whose data is transferred */
+    estimatedDataSubjects?: number;
+    /** Name of the recipient organization */
+    recipientOrganization: string;
+    /** Contact details of the recipient */
+    recipientContact: {
+        name: string;
+        email: string;
+        phone?: string;
+        address?: string;
+    };
+    /** Purpose of the data transfer */
+    purpose: string;
+    /** Safeguards in place to protect the data */
+    safeguards: string[];
+    /** Risk assessment summary */
+    riskAssessment: string;
+    /** Risk level of the transfer */
+    riskLevel: 'low' | 'medium' | 'high';
+    /** NDPC approval details (required for some transfer mechanisms) */
+    ndpcApproval?: {
+        required: boolean;
+        applied: boolean;
+        approved?: boolean;
+        referenceNumber?: string;
+        appliedAt?: number;
+        approvedAt?: number;
+    };
+    /** Whether a Transfer Impact Assessment has been conducted */
+    tiaCompleted: boolean;
+    /** Reference to the TIA document */
+    tiaReference?: string;
+    /** Frequency of the transfer */
+    frequency: 'one_time' | 'periodic' | 'continuous';
+    /** Start date of the transfer */
+    startDate: number;
+    /** End date of the transfer (if applicable) */
+    endDate?: number;
+    /** Status of the transfer */
+    status: 'active' | 'suspended' | 'terminated' | 'pending_approval';
+    /** Timestamp when the record was created */
+    createdAt: number;
+    /** Timestamp when the record was last updated */
+    updatedAt: number;
+    /** Next review date */
+    reviewDate?: number;
+}
+
+/** A user-defined section added to the policy outside the generated ones. */
+declare interface CustomSection {
+    id: string;
+    title: string;
+    content: string;
+    order: number;
+    required: false;
+}
+
+/** A logical category of personal data the organisation may collect. */
+declare interface DataCategory {
+    /** Machine-readable identifier. */
+    id: string;
+    /** Human-readable label shown in the wizard. */
+    label: string;
+    /** Grouping for display and compliance checks. */
+    group: 'identity' | 'financial' | 'behavioral' | 'sensitive' | 'children';
+    /** Specific data points within this category. */
+    dataPoints: string[];
+    /** Whether this category is currently selected by the user. */
+    selected: boolean;
+}
+
+/** Options for DOCX export of the finalised policy. */
+declare interface DOCXExportOptions {
+    includeTOC?: boolean;
+    filename?: string;
+}
+
+/** A map of question IDs to their answer values */
+declare type DPIAAnswerMap = Record<string, DPIAAnswerValue>;
+
+/** Possible value types for a DPIA answer */
+declare type DPIAAnswerValue = string | number | boolean | string[];
+
+/**
+ * Data Protection Impact Assessment types aligned with NDPA 2023 Sections 38-39
+ * A DPIA is required when processing is likely to result in high risk to data subjects
+ */
+/**
+ * Represents a question in the DPIA questionnaire
+ */
+declare interface DPIAQuestion {
+    /** Unique identifier for the question */
+    id: string;
+    /** The text of the question */
+    text: string;
+    /** Additional guidance for answering the question */
+    guidance?: string;
+    /** Type of input required for the answer */
+    type: 'text' | 'textarea' | 'select' | 'radio' | 'checkbox' | 'scale';
+    /** Options for select, radio, or checkbox questions */
+    options?: Array<{
+        value: string;
+        label: string;
+        riskLevel?: 'low' | 'medium' | 'high';
+    }>;
+    /** For scale questions, the minimum value */
+    minValue?: number;
+    /** For scale questions, the maximum value */
+    maxValue?: number;
+    /** For scale questions, labels for the scale points */
+    scaleLabels?: Record<number, string>;
+    /** Whether the question is required */
+    required: boolean;
+    /** Risk level associated with this question */
+    riskLevel?: 'low' | 'medium' | 'high';
+    /** Whether this question triggers additional questions based on the answer */
+    hasDependentQuestions?: boolean;
+    /** Conditions that determine when this question should be shown */
+    showWhen?: Array<{
+        questionId: string;
+        operator: 'equals' | 'contains' | 'greaterThan' | 'lessThan';
+        value: string | number | boolean;
+    }>;
+}
+
+/**
+ * Represents the result of a completed DPIA
+ */
+export declare interface DPIAResult {
+    /** Unique identifier for the DPIA */
+    id: string;
+    /** Title of the DPIA */
+    title: string;
+    /** Description of the processing activity being assessed */
+    processingDescription: string;
+    /** Timestamp when the DPIA was started */
+    startedAt: number;
+    /** Timestamp when the DPIA was completed */
+    completedAt?: number;
+    /** Person responsible for conducting the DPIA */
+    assessor: {
+        name: string;
+        role: string;
+        email: string;
+    };
+    /** Answers to all questions in the DPIA */
+    answers: Record<string, string | number | boolean | string[]>;
+    /** Risks identified in the DPIA */
+    risks: DPIARisk[];
+    /** Overall risk level of the processing activity */
+    overallRiskLevel: 'low' | 'medium' | 'high' | 'critical';
+    /** Whether the DPIA concluded that the processing can proceed */
+    canProceed: boolean;
+    /** Reasons why the processing can or cannot proceed */
+    conclusion: string;
+    /** Recommendations for the processing activity */
+    recommendations?: string[];
+    /** Next review date for the DPIA */
+    reviewDate?: number;
+    /** Version of the DPIA questionnaire used */
+    version: string;
+    /**
+     * Whether prior consultation with NDPC is required
+     * Per NDPA Section 39, consultation is required when DPIA indicates high residual risk
+     */
+    ndpcConsultationRequired?: boolean;
+    /** Date when NDPC consultation was initiated */
+    ndpcConsultationDate?: number;
+    /** Reference number from NDPC consultation */
+    ndpcConsultationReference?: string;
+    /**
+     * The lawful basis for the processing activity being assessed
+     */
+    lawfulBasis?: string;
+    /**
+     * Whether this DPIA involves cross-border data transfers
+     */
+    involvesCrossBorderTransfer?: boolean;
+}
+
+/**
+ * Represents a risk identified in the DPIA
+ */
+export declare interface DPIARisk {
+    /** Unique identifier for the risk */
+    id: string;
+    /** Description of the risk */
+    description: string;
+    /** Likelihood of the risk occurring (1-5) */
+    likelihood: number;
+    /** Impact if the risk occurs (1-5) */
+    impact: number;
+    /** Overall risk score (likelihood * impact) */
+    score: number;
+    /** Risk level based on the score */
+    level: 'low' | 'medium' | 'high' | 'critical';
+    /** Measures to mitigate the risk */
+    mitigationMeasures?: string[];
+    /** Whether the risk has been mitigated */
+    mitigated: boolean;
+    /** Residual risk score after mitigation */
+    residualScore?: number;
+    /** Questions that identified this risk */
+    relatedQuestionIds: string[];
+}
+
+/**
+ * Represents a section in the DPIA questionnaire
+ */
+declare interface DPIASection {
+    /** Unique identifier for the section */
+    id: string;
+    /** Title of the section */
+    title: string;
+    /** Description of the section */
+    description?: string;
+    /** Questions in this section */
+    questions: DPIAQuestion[];
+    /** Order of the section in the questionnaire */
+    order: number;
+}
+
+/**
+ * Represents a data subject request
+ */
+export declare interface DSRRequest {
+    /** Unique identifier for the request */
+    id: string;
+    /** Type of request */
+    type: DSRType;
+    /** Current status of the request */
+    status: DSRStatus;
+    /** Timestamp when the request was submitted */
+    createdAt: number;
+    /** Timestamp when the request was last updated */
+    updatedAt: number;
+    /** Timestamp when the request was completed (if applicable) */
+    completedAt?: number;
+    /** Timestamp when the identity was verified (if applicable) */
+    verifiedAt?: number;
+    /**
+     * Due date for responding to the request (timestamp)
+     * NDPA requires response within 30 days of receipt
+     */
+    dueDate?: number;
+    /** Description or details of the request */
+    description?: string;
+    /**
+     * The lawful basis under which the data was originally processed
+     * Relevant for evaluating objection and erasure requests
+     */
+    lawfulBasis?: string;
+    /** Data subject information */
+    subject: {
+        name: string;
+        email: string;
+        phone?: string;
+        identifierValue?: string;
+        identifierType?: string;
+    };
+    /** Additional information provided by the data subject */
+    additionalInfo?: Record<string, string | number | boolean | null>;
+    /** Notes added by staff processing the request */
+    internalNotes?: Array<{
+        timestamp: number;
+        author: string;
+        note: string;
+    }>;
+    /** Verification status */
+    verification?: {
+        verified: boolean;
+        method?: string;
+        verifiedAt?: number;
+        verifiedBy?: string;
+    };
+    /** Reason for rejection (if status is 'rejected') */
+    rejectionReason?: string;
+    /** Files attached to the request */
+    attachments?: Array<{
+        id: string;
+        name: string;
+        type: string;
+        url: string;
+        addedAt: number;
+    }>;
+    /**
+     * Whether an extension was requested for this DSR
+     * NDPA allows a one-time extension of 30 days with justification
+     */
+    extensionRequested?: boolean;
+    /** Reason for the extension, if requested */
+    extensionReason?: string;
+}
+
+/**
+ * Status of a data subject request
+ */
+export declare type DSRStatus = 'pending' | 'awaitingVerification' | 'inProgress' | 'completed' | 'rejected';
+
+/**
+ * Data Subject Rights types aligned with NDPA 2023 Part IV (Sections 29-36)
+ */
+/**
+ * Types of data subject requests per NDPA Part IV
+ * - 'information': Right to be informed (Section 29)
+ * - 'access': Right of access (Section 30)
+ * - 'rectification': Right to rectification (Section 31)
+ * - 'erasure': Right to erasure (Section 32)
+ * - 'restriction': Right to restrict processing (Section 33)
+ * - 'portability': Right to data portability (Section 34)
+ * - 'objection': Right to object (Section 35)
+ * - 'automated_decision_making': Rights related to automated decision-making (Section 36)
+ */
+export declare type DSRType = 'information' | 'access' | 'rectification' | 'erasure' | 'restriction' | 'portability' | 'objection' | 'automated_decision_making';
+
+declare type EffortLevel = 'low' | 'medium' | 'high';
+
+/** Options for HTML export of the finalised policy. */
+declare interface HTMLExportOptions {
+    includeStyles?: boolean;
+    includePrintCSS?: boolean;
+    customCSS?: string;
+    /**
+     * Theme controlling the embedded design tokens.
+     *
+     * - `'light'` (default): emits the light token palette only. No
+     *   `prefers-color-scheme: dark` block is included, so a visitor's OS
+     *   dark-mode setting will NOT recolour the policy. This is the right
+     *   default for an embedded compliance widget — most consumer host sites
+     *   are single-theme and Shadow DOM does not isolate `prefers-color-scheme`.
+     * - `'dark'`: emits the dark token palette as the primary style.
+     * - `'auto'`: emits light tokens plus a `@media (prefers-color-scheme: dark)`
+     *   block that swaps to dark on the user's OS preference. Use this when
+     *   your host site genuinely follows OS dark mode and you want the policy
+     *   to match.
+     *
+     * Pre-3.4.1 the export effectively behaved like `'auto'` unconditionally,
+     * which leaked dark colours into light-only host sites via Shadow DOM.
+     *
+     * @default 'light'
+     */
+    theme?: 'light' | 'dark' | 'auto';
+}
+
+/**
+ * Policy engine types for the adaptive privacy policy generator.
+ * These types power the wizard-driven policy builder, compliance checker,
+ * and export functionality — all aligned with the NDPA 2023.
+ */
+
+/** Industry verticals with sector-specific compliance requirements. */
+declare type Industry = 'fintech' | 'healthcare' | 'ecommerce' | 'saas' | 'education' | 'government' | 'other';
+
+/**
+ * Lawful Basis types aligned with NDPA 2023 Part III (Sections 24-28)
+ * Every processing activity must have a documented lawful basis
+ */
+/**
+ * The six lawful bases for processing personal data per NDPA Section 25(1)
+ */
+export declare type LawfulBasis = 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_interest' | 'legitimate_interests';
+
+/**
+ * Summary of all lawful basis documentation for compliance reporting
+ */
+export declare interface LawfulBasisSummary {
+    /** Total number of processing activities */
+    totalActivities: number;
+    /** Breakdown by lawful basis */
+    byBasis: Record<LawfulBasis, number>;
+    /** Number of activities involving sensitive data */
+    sensitiveDataActivities: number;
+    /** Number of activities involving cross-border transfers */
+    crossBorderActivities: number;
+    /** Activities due for review */
+    activitiesDueForReview: ProcessingActivity[];
+    /** Activities without DPO approval */
+    activitiesWithoutApproval: ProcessingActivity[];
+    /** Last updated timestamp */
+    lastUpdated: number;
+}
+
+/**
+ * Lawful basis for processing personal data per NDPA Section 25(1)
+ */
+export declare type LawfulBasisType = 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_interest' | 'legitimate_interests';
+
+/**
+ * Validation result for a processing activity
+ */
+declare interface LawfulBasisValidationResult {
+    isValid: boolean;
+    errors: string[];
+    warnings: string[];
+}
+
+declare interface ModuleScore {
+    /** Module name (e.g. "consent") */
+    name: string;
+    /** Raw module score 0-100 */
+    score: number;
+    /** Maximum possible score for this module (always 100) */
+    maxScore: number;
+    /** Weighted contribution to the overall score */
+    weightedScore: number;
+    /** NDPA sections this module maps to */
+    ndpaSections: string[];
+    /** Gaps found — list of human-readable gap descriptions */
+    gaps: string[];
+}
+
+/**
+ * Represents notification requirements for a data breach per NDPA Section 40
+ */
+export declare interface NotificationRequirement {
+    /**
+     * Whether NDPC notification is required
+     * Per NDPA Section 40, notification to NDPC is required for all breaches
+     * that pose a risk to data subjects' rights and freedoms
+     */
+    ndpcNotificationRequired: boolean;
+    /**
+     * Deadline for NDPC notification (72 hours from discovery)
+     * NDPA Section 40(1)
+     */
+    ndpcNotificationDeadline: number;
+    /**
+     * Whether data subject notification is required
+     * Per NDPA Section 40(4), required when breach is likely to result in
+     * high risk to rights and freedoms of data subjects
+     */
+    dataSubjectNotificationRequired: boolean;
+    /** Justification for the notification decision */
+    justification: string;
+    /**
+     * @deprecated Use ndpcNotificationRequired instead. Kept for backward compatibility.
+     */
+    nitdaNotificationRequired?: boolean;
+    /**
+     * @deprecated Use ndpcNotificationDeadline instead. Kept for backward compatibility.
+     */
+    nitdaNotificationDeadline?: number;
+}
+
+/**
+ * Represents organization information for a privacy policy
+ */
+export declare interface OrganizationInfo {
+    /** Name of the organization */
+    name: string;
+    /** Website URL of the organization */
+    website: string;
+    /** Contact email for privacy inquiries */
+    privacyEmail: string;
+    /** Physical address of the organization */
+    address?: string;
+    /** Phone number for privacy inquiries */
+    privacyPhone?: string;
+    /** Name of the Data Protection Officer */
+    dpoName?: string;
+    /** Email of the Data Protection Officer */
+    dpoEmail?: string;
+    /** Industry or sector of the organization */
+    industry?: string;
+    /** NDPC registration number (if registered) */
+    ndpcRegistrationNumber?: string;
+}
+
+/** Organisation size tiers — affects complexity of generated language. */
+declare type OrgSize = 'startup' | 'midsize' | 'enterprise';
+
+/** Options for PDF export of the finalised policy. */
+declare interface PDFExportOptions {
+    includeCoverPage?: boolean;
+    includeTOC?: boolean;
+    includeComplianceBadge?: boolean;
+    logoUrl?: string;
+    filename?: string;
+}
+
+/** Represents an in-progress policy being built in the wizard. */
+declare interface PolicyDraft {
+    /** Unique identifier for the draft. */
+    id: string;
+    /** The template context driving section generation. */
+    templateContext: TemplateContext;
+    /** Custom sections added by the user. */
+    customSections: CustomSection[];
+    /** Per-section content overrides keyed by section id. */
+    sectionOverrides: Record<string, string>;
+    /** Ordered list of section ids defining the final order. */
+    sectionOrder: string[];
+    /** Current wizard step (0-indexed). */
+    currentStep: number;
+    /** Timestamp of the last save. */
+    lastSavedAt: number;
+    /** The draft is always in "draft" status until finalised. */
+    status: 'draft';
+}
+
+/**
+ * Privacy policy types aligned with NDPA 2023
+ * Privacy policies must clearly inform data subjects of their rights under the NDPA
+ */
+/**
+ * Represents a section in a privacy policy
+ */
+export declare interface PolicySection {
+    /** Unique identifier for the section */
+    id: string;
+    /** Title of the section */
+    title: string;
+    /** Description of the section */
+    description?: string;
+    /** Order of the section in the policy */
+    order?: number;
+    /** Whether the section is required by NDPA */
+    required: boolean;
+    /** Template text for the section */
+    template: string;
+    /**
+     * Default content for the section (legacy field)
+     * @deprecated Use template instead
+     */
+    defaultContent?: string;
+    /**
+     * Custom content for the section (overrides default content)
+     * @deprecated Use template instead
+     */
+    customContent?: string;
+    /** Whether the section is included in the policy */
+    included: boolean;
+    /** Variables that can be used in the section content */
+    variables?: string[];
+}
+
+/**
+ * Represents a privacy policy template
+ */
+declare interface PolicyTemplate {
+    /** Unique identifier for the template */
+    id: string;
+    /** Name of the template */
+    name: string;
+    /** Description of the template */
+    description: string;
+    /** Type of organization the template is designed for */
+    organizationType: 'business' | 'nonprofit' | 'government' | 'educational';
+    /** Sections included in the template */
+    sections: PolicySection[];
+    /** Variables used across the template */
+    variables: Record<string, {
+        name: string;
+        description: string;
+        required: boolean;
+        defaultValue?: string;
+    }>;
+    /** Version of the template */
+    version: string;
+    /** Last updated date of the template */
+    lastUpdated: number;
+    /**
+     * Whether this template is NDPA 2023 compliant
+     */
+    ndpaCompliant: boolean;
+}
+
+/**
+ * Represents a generated privacy policy
+ */
+export declare interface PrivacyPolicy {
+    /** Unique identifier for the policy */
+    id: string;
+    /** Title of the policy */
+    title: string;
+    /** Template used to generate the policy */
+    templateId: string;
+    /** Organization information */
+    organizationInfo: OrganizationInfo;
+    /** Sections of the policy */
+    sections: PolicySection[];
+    /** Values for the variables used in the policy */
+    variableValues: Record<string, string>;
+    /** Effective date of the policy */
+    effectiveDate: number;
+    /** Last updated date of the policy */
+    lastUpdated: number;
+    /** Version of the policy */
+    version: string;
+    /**
+     * Applicable legal frameworks
+     */
+    applicableFrameworks?: ('ndpa' | 'ndpr' | 'gdpr' | 'ccpa')[];
+}
+
+/**
+ * Represents a processing activity and its lawful basis
+ */
+export declare interface ProcessingActivity {
+    /** Unique identifier */
+    id: string;
+    /** Name of the processing activity */
+    name: string;
+    /** Description of what processing is performed */
+    description: string;
+    /** The lawful basis for this processing activity */
+    lawfulBasis: LawfulBasis;
+    /** Justification for why this lawful basis applies */
+    lawfulBasisJustification: string;
+    /** Categories of personal data being processed */
+    dataCategories: string[];
+    /** Whether sensitive personal data is involved */
+    involvesSensitiveData: boolean;
+    /** Condition for processing sensitive data (required if involvesSensitiveData is true) */
+    sensitiveDataCondition?: SensitiveDataCondition;
+    /** Categories of data subjects */
+    dataSubjectCategories: string[];
+    /** Purposes of the processing */
+    purposes: string[];
+    /** Data retention period */
+    retentionPeriod: string;
+    /** Justification for the retention period */
+    retentionJustification?: string;
+    /** Recipients or categories of recipients */
+    recipients?: string[];
+    /** Whether data is transferred outside Nigeria */
+    crossBorderTransfer: boolean;
+    /** Timestamp when the record was created */
+    createdAt: number;
+    /** Timestamp when the record was last updated */
+    updatedAt: number;
+    /** Next review date */
+    reviewDate?: number;
+    /** Status of the processing activity */
+    status: 'active' | 'inactive' | 'under_review' | 'archived';
+    /** DPO approval details */
+    dpoApproval?: {
+        approved: boolean;
+        approvedBy: string;
+        approvedAt: number;
+        notes?: string;
+    };
+}
+
+/** Lawful processing purposes recognised under the NDPA. */
+declare type ProcessingPurpose = 'service_delivery' | 'marketing' | 'analytics' | 'research' | 'legal_compliance' | 'fraud_prevention';
+
+/**
+ * Record of Processing Activities (ROPA) types aligned with NDPA 2023
+ * Data controllers must maintain comprehensive records of all processing activities
+ */
+
+/**
+ * Represents a single processing record in the ROPA
+ */
+export declare interface ProcessingRecord {
+    /** Unique identifier */
+    id: string;
+    /** Name of the processing activity */
+    name: string;
+    /** Detailed description of the processing */
+    description: string;
+    /** Data controller details */
+    controllerDetails: {
+        name: string;
+        contact: string;
+        address: string;
+        registrationNumber?: string;
+        dpoContact?: string;
+    };
+    /** Joint controller details (if applicable) */
+    jointControllerDetails?: {
+        name: string;
+        contact: string;
+        address: string;
+        responsibilities: string;
+    };
+    /** Data processor details (if processing is outsourced) */
+    processorDetails?: {
+        name: string;
+        contact: string;
+        address: string;
+        contractReference?: string;
+    };
+    /** Lawful basis for the processing */
+    lawfulBasis: LawfulBasis;
+    /** Justification for the chosen lawful basis */
+    lawfulBasisJustification: string;
+    /** Purposes of the processing */
+    purposes: string[];
+    /** Categories of personal data processed */
+    dataCategories: string[];
+    /** Categories of sensitive personal data (if any) */
+    sensitiveDataCategories?: string[];
+    /** Categories of data subjects */
+    dataSubjectCategories: string[];
+    /** Recipients or categories of recipients */
+    recipients: string[];
+    /** Cross-border transfer details */
+    crossBorderTransfers?: Array<{
+        destinationCountry: string;
+        countryCode?: string;
+        safeguards: string;
+        transferMechanism: string;
+    }>;
+    /** Data retention period */
+    retentionPeriod: string;
+    /** Justification for the retention period */
+    retentionJustification?: string;
+    /** Technical and organizational security measures */
+    securityMeasures: string[];
+    /** Data source (directly from data subject or from third party) */
+    dataSource: 'data_subject' | 'third_party' | 'public_source' | 'other';
+    /** Third-party source details (if dataSource is 'third_party') */
+    thirdPartySourceDetails?: string;
+    /** Whether a DPIA is required for this processing */
+    dpiaRequired: boolean;
+    /** Reference to the DPIA (if conducted) */
+    dpiaReference?: string;
+    /** Whether automated decision-making is involved */
+    automatedDecisionMaking: boolean;
+    /** Details of automated decision-making (if applicable) */
+    automatedDecisionMakingDetails?: string;
+    /** Status of the processing record */
+    status: 'active' | 'inactive' | 'archived';
+    /** Department or business unit responsible */
+    department?: string;
+    /** System or application used for processing */
+    systemsUsed?: string[];
+    /** Timestamp when the record was created */
+    createdAt: number;
+    /** Timestamp when the record was last updated */
+    updatedAt: number;
+    /** Timestamp when the record was last reviewed */
+    lastReviewedAt?: number;
+    /** Next review date */
+    nextReviewDate?: number;
+}
+
+declare interface Recommendation {
+    module: string;
+    key: string;
+    label: string;
+    priority: RecommendationPriority;
+    effort: EffortLevel;
+    recommendation: string;
+    ndpaSection: string;
+}
+
+declare type RecommendationPriority = 'critical' | 'high' | 'medium' | 'low';
+
+/**
+ * Represents a complete Record of Processing Activities
+ */
+export declare interface RecordOfProcessingActivities {
+    /** Unique identifier */
+    id: string;
+    /** Organization name */
+    organizationName: string;
+    /** Organization contact information */
+    organizationContact: string;
+    /** Organization address */
+    organizationAddress: string;
+    /** Data Protection Officer details */
+    dpoDetails?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
+    /** NDPC registration number */
+    ndpcRegistrationNumber?: string;
+    /** All processing records */
+    records: ProcessingRecord[];
+    /** Timestamp when the ROPA was last updated */
+    lastUpdated: number;
+    /** Version of the ROPA */
+    version: string;
+    /** Export format options */
+    exportFormats?: ('pdf' | 'csv' | 'json' | 'xlsx')[];
+}
+
+/**
+ * Represents a notification sent to the NDPC (Nigeria Data Protection Commission)
+ */
+declare interface RegulatoryNotification {
+    /** Unique identifier for the notification */
+    id: string;
+    /** ID of the breach this notification is for */
+    breachId: string;
+    /** Timestamp when the notification was sent */
+    sentAt: number;
+    /** Method used to send the notification */
+    method: 'email' | 'portal' | 'letter' | 'other';
+    /** Reference number assigned by the NDPC (if available) */
+    referenceNumber?: string;
+    /** Contact person at the NDPC */
+    ndpcContact?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
+    /** Content of the notification */
+    content: string;
+    /** Attachments included with the notification */
+    attachments?: Array<{
+        id: string;
+        name: string;
+        type: string;
+        url: string;
+    }>;
+    /** Follow-up communications with the NDPC */
+    followUps?: Array<{
+        timestamp: number;
+        direction: 'sent' | 'received';
+        content: string;
+        attachments?: Array<{
+            id: string;
+            name: string;
+            type: string;
+            url: string;
+        }>;
+    }>;
+    /**
+     * @deprecated Use ndpcContact instead. Kept for backward compatibility.
+     */
+    nitdaContact?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
+}
+
+declare interface RegulatoryReference {
+    section: string;
+    title: string;
+    url?: string;
+}
+
+/**
+ * Legacy status of a data subject request
+ * @deprecated Use DSRStatus instead
+ */
+declare type RequestStatus = 'pending' | 'verifying' | 'processing' | 'completed' | 'rejected';
+
+/**
+ * Represents a type of data subject request (detailed configuration)
+ */
+declare interface RequestType {
+    /** Unique identifier for the request type */
+    id: string;
+    /** Display name for the request type */
+    name: string;
+    /** Description of what this request type entails */
+    description: string;
+    /**
+     * NDPA section reference (e.g., "Section 30" for access requests)
+     */
+    ndpaSection?: string;
+    /**
+     * Estimated time to fulfill this type of request (in days)
+     * NDPA requires response within 30 days
+     */
+    estimatedCompletionTime: number;
+    /** Whether additional information is required for this request type */
+    requiresAdditionalInfo: boolean;
+    /** Custom fields required for this request type */
+    additionalFields?: Array<{
+        id: string;
+        label: string;
+        type: 'text' | 'textarea' | 'select' | 'checkbox' | 'file';
+        options?: string[];
+        required: boolean;
+        placeholder?: string;
+    }>;
+}
+
+/**
+ * Represents a risk assessment for a data breach
+ */
+export declare interface RiskAssessment {
+    /** Unique identifier for the risk assessment */
+    id: string;
+    /** ID of the breach this assessment is for */
+    breachId: string;
+    /** Timestamp when the assessment was conducted */
+    assessedAt: number;
+    /** Person who conducted the assessment */
+    assessor: {
+        name: string;
+        role: string;
+        email: string;
+    };
+    /** Confidentiality impact (1-5) */
+    confidentialityImpact: number;
+    /** Integrity impact (1-5) */
+    integrityImpact: number;
+    /** Availability impact (1-5) */
+    availabilityImpact: number;
+    /** Likelihood of harm to data subjects (1-5) */
+    harmLikelihood: number;
+    /** Severity of potential harm to data subjects (1-5) */
+    harmSeverity: number;
+    /** Overall risk score */
+    overallRiskScore: number;
+    /** Risk level based on the overall score */
+    riskLevel: 'low' | 'medium' | 'high' | 'critical';
+    /** Whether the breach is likely to result in a risk to rights and freedoms */
+    risksToRightsAndFreedoms: boolean;
+    /** Whether the breach is likely to result in a high risk to rights and freedoms */
+    highRisksToRightsAndFreedoms: boolean;
+    /** Justification for the risk assessment */
+    justification: string;
+}
+
+/**
+ * Compliance gap found in a processing record
+ */
+declare interface ROPAComplianceGap {
+    recordId: string;
+    recordName: string;
+    gaps: string[];
+}
+
+/**
+ * Summary statistics for the ROPA
+ */
+export declare interface ROPASummary {
+    /** Total number of processing records */
+    totalRecords: number;
+    /** Active processing records */
+    activeRecords: number;
+    /** Records by lawful basis */
+    byLawfulBasis: Record<LawfulBasis, number>;
+    /** Records involving sensitive data */
+    sensitiveDataRecords: number;
+    /** Records involving cross-border transfers */
+    crossBorderRecords: number;
+    /** Records requiring DPIA */
+    dpiaRequiredRecords: number;
+    /** Records involving automated decision-making */
+    automatedDecisionRecords: number;
+    /** Records due for review */
+    recordsDueForReview: ProcessingRecord[];
+    /** Departments with most processing activities */
+    topDepartments: Array<{
+        department: string;
+        count: number;
+    }>;
+    /** Last updated timestamp */
+    lastUpdated: number;
+}
+
+/**
+ * Additional conditions required for processing sensitive personal data
+ * per NDPA Section 27
+ */
+declare type SensitiveDataCondition = 'explicit_consent' | 'employment_law' | 'vital_interests_incapable' | 'nonprofit_legitimate' | 'publicly_available' | 'legal_claims' | 'substantial_public_interest' | 'health_purposes' | 'public_health' | 'archiving_research';
+
+declare interface StorageAdapter<T = unknown> {
+    /** Load persisted data. Called once on hook mount. */
+    load(): T | null | Promise<T | null>;
+    /** Persist data. Called on every state change. */
+    save(data: T): void | Promise<void>;
+    /** Clear persisted data. Called on reset. */
+    remove(): void | Promise<void>;
+}
+
+/** Full context used to generate an adaptive privacy policy. */
+declare interface TemplateContext {
+    /** Organisation details, extended with industry and size. */
+    org: OrganizationInfo & {
+        industry: Industry;
+        orgSize: OrgSize;
+        country: string;
+    };
+    /** Data categories the organisation collects. */
+    dataCategories: DataCategory[];
+    /** Processing purposes relevant to the organisation. */
+    purposes: ProcessingPurpose[];
+    /** Whether the organisation processes children's data. */
+    hasChildrenData: boolean;
+    /** Whether the organisation processes sensitive/special-category data. */
+    hasSensitiveData: boolean;
+    /** Whether the organisation processes financial data. */
+    hasFinancialData: boolean;
+    /** Whether data is transferred outside Nigeria. */
+    hasCrossBorderTransfer: boolean;
+    /** Whether automated decision-making or profiling is used. */
+    hasAutomatedDecisions: boolean;
+    /** Third-party processors that receive personal data. */
+    thirdPartyProcessors: ThirdPartyProcessor[];
+}
+
+/** A third-party entity that processes data on behalf of the organisation. */
+declare interface ThirdPartyProcessor {
+    /** Name of the third party. */
+    name: string;
+    /** Purpose of sharing data with this processor. */
+    purpose: string;
+    /** Country where the processor is located. */
+    country: string;
+}
+
+/**
+ * Cross-Border Data Transfer types aligned with NDPA 2023 Part VI (Sections 41-45)
+ * Personal data may only be transferred outside Nigeria under specific conditions
+ */
+/**
+ * Transfer mechanisms recognized under the NDPA
+ */
+declare type TransferMechanism = 'adequacy_decision' | 'standard_clauses' | 'binding_corporate_rules' | 'ndpc_authorization' | 'explicit_consent' | 'contract_performance' | 'public_interest' | 'legal_claims' | 'vital_interests';
+
+/**
+ * Validation result for a cross-border transfer
+ */
+declare interface TransferValidationResult {
+    isValid: boolean;
+    errors: string[];
+    warnings: string[];
+}
+
+export declare function useAdaptivePolicyWizard(options?: UseAdaptivePolicyWizardOptions): UseAdaptivePolicyWizardReturn;
+
+export declare interface UseAdaptivePolicyWizardOptions {
+    adapter?: StorageAdapter<PolicyDraft>;
+    onComplete?: (policy: PrivacyPolicy) => void;
+    onComplianceChange?: (score: number, gaps: ComplianceGap[]) => void;
+}
+
+export declare interface UseAdaptivePolicyWizardReturn {
+    currentStep: number;
+    goToStep: (step: number) => void;
+    nextStep: () => void;
+    prevStep: () => void;
+    canProceed: boolean;
+    context: TemplateContext;
+    updateContext: (updates: Partial<TemplateContext>) => void;
+    updateOrg: (updates: Partial<TemplateContext['org']>) => void;
+    toggleDataCategory: (categoryId: string) => void;
+    togglePurpose: (purpose: string) => void;
+    addProcessor: (processor: {
+        name: string;
+        purpose: string;
+        country: string;
+    }) => void;
+    removeProcessor: (index: number) => void;
+    policy: PrivacyPolicy | null;
+    sections: PolicySection[];
+    customSections: CustomSection[];
+    addCustomSection: (section: Omit<CustomSection, 'id' | 'required'>) => void;
+    updateCustomSection: (id: string, updates: Partial<CustomSection>) => void;
+    removeCustomSection: (id: string) => void;
+    reorderSections: (sectionId: string, direction: 'up' | 'down') => void;
+    editSectionContent: (sectionId: string, content: string) => void;
+    sectionOverrides: Record<string, string>;
+    complianceScore: number;
+    complianceResult: ComplianceResult;
+    complianceGaps: ComplianceGap[];
+    applyFix: (gapId: string) => void;
+    handleExportPDF: (options?: PDFExportOptions) => Promise<Blob>;
+    handleExportDOCX: (options?: DOCXExportOptions) => Promise<Blob>;
+    handleExportHTML: (options?: HTMLExportOptions) => string;
+    handleExportMarkdown: () => string;
+    isDraftSaved: boolean;
+    lastSavedAt: number | null;
+    saveDraft: () => Promise<void>;
+    discardDraft: () => void;
+    isLoading: boolean;
+}
+
+/**
+ * Hook for managing data breach notifications in compliance with the NDPA (Section 40)
+ */
+export declare function useBreach({ categories, initialReports, adapter, storageKey, useLocalStorage, onReport, onAssessment, onNotification, }: UseBreachOptions): UseBreachReturn;
+
+declare interface UseBreachOptions {
+    /**
+     * Available breach categories
+     */
+    categories: BreachCategory[];
+    /**
+     * Initial breach reports
+     */
+    initialReports?: BreachReport[];
+    /**
+     * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage.
+     */
+    adapter?: StorageAdapter<BreachCompositeState>;
+    /**
+     * Storage key for breach data
+     * @default "ndpr_breach_data"
+     * @deprecated Use adapter instead
+     */
+    storageKey?: string;
+    /**
+     * Whether to use local storage to persist breach data
+     * @default true
+     * @deprecated Use adapter instead
+     */
+    useLocalStorage?: boolean;
+    /**
+     * Callback function called when a breach is reported
+     */
+    onReport?: (report: BreachReport) => void;
+    /**
+     * Callback function called when a risk assessment is completed
+     */
+    onAssessment?: (assessment: RiskAssessment) => void;
+    /**
+     * Callback function called when a notification is sent
+     */
+    onNotification?: (notification: RegulatoryNotification) => void;
+}
+
+declare interface UseBreachReturn {
+    /**
+     * All breach reports
+     */
+    reports: BreachReport[];
+    /**
+     * All risk assessments
+     */
+    assessments: RiskAssessment[];
+    /**
+     * All regulatory notifications
+     */
+    notifications: RegulatoryNotification[];
+    /**
+     * Submit a new breach report
+     */
+    reportBreach: (reportData: Omit<BreachReport, 'id' | 'reportedAt'>) => BreachReport;
+    /**
+     * Update an existing breach report
+     */
+    updateReport: (id: string, updates: Partial<BreachReport>) => BreachReport | null;
+    /**
+     * Get a breach report by ID
+     */
+    getReport: (id: string) => BreachReport | null;
+    /**
+     * Conduct a risk assessment for a breach
+     */
+    assessRisk: (breachId: string, assessmentData: Omit<RiskAssessment, 'id' | 'breachId' | 'assessedAt'>) => RiskAssessment;
+    /**
+     * Get a risk assessment for a breach
+     */
+    getAssessment: (breachId: string) => RiskAssessment | null;
+    /**
+     * Calculate notification requirements based on a risk assessment
+     */
+    calculateNotificationRequirements: (breachId: string) => NotificationRequirement | null;
+    /**
+     * Send a regulatory notification
+     */
+    sendNotification: (breachId: string, notificationData: Omit<RegulatoryNotification, 'id' | 'breachId' | 'sentAt'>) => RegulatoryNotification;
+    /**
+     * Get a regulatory notification for a breach
+     */
+    getNotification: (breachId: string) => RegulatoryNotification | null;
+    /**
+     * Get breaches that require notification within the next X hours
+     */
+    getBreachesRequiringNotification: (hoursThreshold?: number) => Array<{
+        report: BreachReport;
+        assessment: RiskAssessment;
+        requirements: NotificationRequirement;
+        hoursRemaining: number;
+    }>;
+    /**
+     * Clear all breach data
+     */
+    clearBreachData: () => void;
+    /**
+     * Whether the adapter is still loading data (relevant for async adapters)
+     */
+    isLoading: boolean;
+}
+
+export declare function useComplianceScore({ input }: UseComplianceScoreOptions): ComplianceReport;
+
+declare interface UseComplianceScoreOptions {
+    input: ComplianceInput;
+}
+
+/**
+ * Hook for managing user consent in compliance with NDPA
+ */
+export declare function useConsent({ options, adapter, storageOptions, version, onChange, }: UseConsentOptions): UseConsentReturn;
+
+declare interface UseConsentOptions {
+    /**
+     * Consent options to present to the user
+     */
+    options: ConsentOption[];
+    /**
+     * Pluggable storage adapter. When provided, takes precedence over storageOptions.
+     */
+    adapter?: StorageAdapter<ConsentSettings>;
+    /**
+     * Storage options for consent settings
+     * @deprecated Use adapter instead
+     */
+    storageOptions?: ConsentStorageOptions;
+    /**
+     * Version of the consent form
+     * @default "1.0"
+     */
+    version?: string;
+    /**
+     * Callback function called when consent settings change
+     */
+    onChange?: (settings: ConsentSettings) => void;
+}
+
+declare interface UseConsentReturn {
+    /**
+     * Current consent settings
+     */
+    settings: ConsentSettings | null;
+    /**
+     * Whether consent has been given for a specific option
+     */
+    hasConsent: (optionId: string) => boolean;
+    /**
+     * Update consent settings
+     */
+    updateConsent: (consents: Record<string, boolean>) => void;
+    /**
+     * Accept all consent options
+     */
+    acceptAll: () => void;
+    /**
+     * Reject all non-required consent options
+     */
+    rejectAll: () => void;
+    /**
+     * Whether the consent banner should be shown
+     */
+    shouldShowBanner: boolean;
+    /**
+     * Whether consent settings are valid
+     */
+    isValid: boolean;
+    /**
+     * Validation errors (if any)
+     */
+    validationErrors: string[];
+    /**
+     * Reset consent settings (clear from storage)
+     */
+    resetConsent: () => void;
+    /**
+     * Whether the adapter is still loading data (relevant for async adapters)
+     */
+    isLoading: boolean;
+}
+
+/**
+ * Hook for managing cross-border data transfers in compliance with NDPA Part VI (Sections 41-45)
+ */
+export declare function useCrossBorderTransfer({ initialTransfers, adapter, storageKey, useLocalStorage, onAdd, onUpdate, onRemove, }?: UseCrossBorderTransferOptions): UseCrossBorderTransferReturn;
+
+declare interface UseCrossBorderTransferOptions {
+    /**
+     * Initial transfers to load
+     */
+    initialTransfers?: CrossBorderTransfer[];
+    /**
+     * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage.
+     */
+    adapter?: StorageAdapter<CrossBorderTransfer[]>;
+    /**
+     * Storage key for transfer data
+     * @default "ndpr_cross_border_transfers"
+     * @deprecated Use adapter instead
+     */
+    storageKey?: string;
+    /**
+     * Whether to use local storage to persist transfers
+     * @default true
+     * @deprecated Use adapter instead
+     */
+    useLocalStorage?: boolean;
+    /**
+     * Callback function called when a transfer is added
+     */
+    onAdd?: (transfer: CrossBorderTransfer) => void;
+    /**
+     * Callback function called when a transfer is updated
+     */
+    onUpdate?: (transfer: CrossBorderTransfer) => void;
+    /**
+     * Callback function called when a transfer is removed
+     */
+    onRemove?: (id: string) => void;
+}
+
+declare interface UseCrossBorderTransferReturn {
+    /**
+     * All cross-border transfers
+     */
+    transfers: CrossBorderTransfer[];
+    /**
+     * Add a new cross-border transfer
+     */
+    addTransfer: (transfer: Omit<CrossBorderTransfer, 'id' | 'createdAt' | 'updatedAt'>) => CrossBorderTransfer;
+    /**
+     * Update an existing cross-border transfer
+     */
+    updateTransfer: (id: string, updates: Partial<CrossBorderTransfer>) => CrossBorderTransfer | null;
+    /**
+     * Remove a cross-border transfer
+     */
+    removeTransfer: (id: string) => void;
+    /**
+     * Get a cross-border transfer by ID
+     */
+    getTransfer: (id: string) => CrossBorderTransfer | null;
+    /**
+     * Get a compliance summary of all cross-border transfers
+     */
+    getSummary: () => CrossBorderSummary;
+    /**
+     * Validate a cross-border transfer
+     */
+    validateTransfer: (transfer: CrossBorderTransfer) => TransferValidationResult;
+    /**
+     * Whether the adapter is still loading data (relevant for async adapters)
+     */
+    isLoading: boolean;
+}
+
+/**
+ * Convenience wrapper around `usePrivacyPolicy`. With `orgInfo` provided
+ * and `autoGenerate` enabled (default), `policy` is non-null on the first
+ * post-load render — no manual `selectTemplate` / `generatePolicy` chaining
+ * required.
+ *
+ * @example
+ * ```tsx
+ * const { policy } = useDefaultPrivacyPolicy({
+ *   orgInfo: { name: 'Acme Ltd', email: 'privacy@acme.ng' }
+ * });
+ * return policy ? <PolicyPage policy={policy} /> : <Spinner />;
+ * ```
+ */
+export declare function useDefaultPrivacyPolicy(options?: UseDefaultPrivacyPolicyOptions): UsePrivacyPolicyReturn;
+
+declare interface UseDefaultPrivacyPolicyOptions {
+    /**
+     * Organisation information to pre-fill into the policy. When provided and
+     * `autoGenerate` is true (the default), the hook will auto-select the
+     * default template and generate a renderable policy on first commit, so
+     * `policy` is non-null on the first useful render.
+     */
+    orgInfo?: {
+        /** Organisation name (maps to `organizationInfo.name` and `orgName` variable) */
+        name?: string;
+        /** Privacy contact email (maps to `privacyEmail`) */
+        email?: string;
+        /** Organisation website URL */
+        website?: string;
+        /** Physical address */
+        address?: string;
+        /** Industry / sector descriptor */
+        industry?: string;
+        /** Data Protection Officer name */
+        dpoName?: string;
+        /** DPO email address */
+        dpoEmail?: string;
+    };
+    /**
+     * Whether the hook should auto-select the default template and generate
+     * the policy as soon as it's mounted with `orgInfo`. Set to false to
+     * retain manual control via `selectTemplate` / `generatePolicy`.
+     * @default true
+     */
+    autoGenerate?: boolean;
+    /**
+     * Storage key for policy data.
+     * @default "ndpr_privacy_policy"
+     */
+    storageKey?: string;
+    /**
+     * Whether to persist policy data in storage. When `false`, the hook
+     * uses an in-memory no-op adapter and nothing survives a page reload.
+     * @default true
+     */
+    persist?: boolean;
+    /**
+     * @deprecated Renamed to `persist` in v3.5.0 — `useLocalStorage` is
+     * still accepted for backward compatibility and will be removed in
+     * v4.0. Use `persist` (or pass an explicit `adapter`) instead.
+     * @default true
+     */
+    useLocalStorage?: boolean;
+    /**
+     * Pluggable storage adapter. When provided, takes precedence over
+     * storageKey/persist/useLocalStorage.
+     */
+    adapter?: StorageAdapter<PrivacyPolicy>;
+}
+
+/**
+ * Hook for conducting Data Protection Impact Assessments in compliance with the NDPA 2023
+ */
+export declare function useDPIA({ sections, initialAnswers, adapter, storageKey, useLocalStorage, onComplete, }: UseDPIAOptions): UseDPIAReturn;
+
+declare interface UseDPIAOptions {
+    /**
+     * Sections of the DPIA questionnaire
+     */
+    sections: DPIASection[];
+    /**
+     * Initial answers (if resuming a DPIA)
+     */
+    initialAnswers?: DPIAAnswerMap;
+    /**
+     * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage.
+     */
+    adapter?: StorageAdapter<DPIAAnswerMap>;
+    /**
+     * Storage key for DPIA data
+     * @default "ndpr_dpia_data"
+     * @deprecated Use adapter instead
+     */
+    storageKey?: string;
+    /**
+     * Whether to use local storage to persist DPIA data
+     * @default true
+     * @deprecated Use adapter instead
+     */
+    useLocalStorage?: boolean;
+    /**
+     * Callback function called when the DPIA is completed
+     */
+    onComplete?: (result: DPIAResult) => void;
+}
+
+declare interface UseDPIAReturn {
+    /**
+     * Current section index
+     */
+    currentSectionIndex: number;
+    /**
+     * Current section
+     */
+    currentSection: DPIASection | null;
+    /**
+     * All answers
+     */
+    answers: DPIAAnswerMap;
+    /**
+     * Update an answer
+     */
+    updateAnswer: (questionId: string, value: DPIAAnswerValue) => void;
+    /**
+     * Go to the next section
+     */
+    nextSection: () => boolean;
+    /**
+     * Go to the previous section
+     */
+    prevSection: () => boolean;
+    /**
+     * Go to a specific section
+     */
+    goToSection: (index: number) => boolean;
+    /**
+     * Check if the current section is valid
+     */
+    isCurrentSectionValid: () => boolean;
+    /**
+     * Get validation errors for the current section
+     */
+    getCurrentSectionErrors: () => Record<string, string>;
+    /**
+     * Check if the DPIA is complete
+     */
+    isComplete: () => boolean;
+    /**
+     * Complete the DPIA and generate a result
+     */
+    completeDPIA: (assessorInfo: {
+        name: string;
+        role: string;
+        email: string;
+    }, title: string, processingDescription: string) => DPIAResult;
+    /**
+     * Get the visible questions for the current section
+     */
+    getVisibleQuestions: () => DPIAQuestion[];
+    /**
+     * Reset the DPIA
+     */
+    resetDPIA: () => void;
+    /**
+     * Progress percentage
+     */
+    progress: number;
+    /**
+     * Whether the adapter is still loading data (relevant for async adapters)
+     */
+    isLoading: boolean;
+}
+
+/**
+ * Hook for managing Data Subject Requests in compliance with the NDPA
+ */
+export declare function useDSR({ initialRequests, requestTypes, adapter, storageKey, useLocalStorage, onSubmit, onUpdate, }: UseDSROptions): UseDSRReturn;
+
+declare interface UseDSROptions {
+    /**
+     * Initial requests to load
+     */
+    initialRequests?: DSRRequest[];
+    /**
+     * Available request types
+     */
+    requestTypes: RequestType[];
+    /**
+     * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage.
+     */
+    adapter?: StorageAdapter<DSRRequest[]>;
+    /**
+     * Storage key for requests
+     * @default "ndpr_dsr_requests"
+     * @deprecated Use adapter instead
+     */
+    storageKey?: string;
+    /**
+     * Whether to use local storage to persist requests
+     * @default true
+     * @deprecated Use adapter instead
+     */
+    useLocalStorage?: boolean;
+    /**
+     * Callback function called when a request is submitted
+     */
+    onSubmit?: (request: DSRRequest) => void;
+    /**
+     * Callback function called when a request is updated
+     */
+    onUpdate?: (request: DSRRequest) => void;
+}
+
+declare interface UseDSRReturn {
+    /**
+     * All requests
+     */
+    requests: DSRRequest[];
+    /**
+     * Submit a new request
+     */
+    submitRequest: (requestData: Omit<DSRRequest, 'id' | 'status' | 'submittedAt' | 'updatedAt' | 'estimatedCompletionDate'>) => DSRRequest;
+    /**
+     * Update an existing request
+     */
+    updateRequest: (id: string, updates: Partial<DSRRequest>) => DSRRequest | null;
+    /**
+     * Get a request by ID
+     */
+    getRequest: (id: string) => DSRRequest | null;
+    /**
+     * Get requests by status
+     */
+    getRequestsByStatus: (status: RequestStatus) => DSRRequest[];
+    /**
+     * Get requests by type
+     */
+    getRequestsByType: (type: string) => DSRRequest[];
+    /**
+     * Get the request type definition by ID
+     */
+    getRequestType: (typeId: string) => RequestType | undefined;
+    /**
+     * Format a request for display or submission
+     */
+    formatRequest: (request: DSRRequest) => Record<string, unknown>;
+    /**
+     * Clear all requests
+     */
+    clearRequests: () => void;
+    /**
+     * Whether the adapter is still loading data (relevant for async adapters)
+     */
+    isLoading: boolean;
+}
+
+/**
+ * Hook for managing lawful basis documentation for processing activities
+ * in compliance with NDPA 2023 Section 25.
+ */
+export declare function useLawfulBasis({ initialActivities, adapter, storageKey, useLocalStorage, onAdd, onUpdate, onRemove, }?: UseLawfulBasisOptions): UseLawfulBasisReturn;
+
+declare interface UseLawfulBasisOptions {
+    /**
+     * Initial processing activities to load
+     */
+    initialActivities?: ProcessingActivity[];
+    /**
+     * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage.
+     */
+    adapter?: StorageAdapter<ProcessingActivity[]>;
+    /**
+     * Storage key for persisting activities
+     * @default "ndpr_lawful_basis_activities"
+     * @deprecated Use adapter instead
+     */
+    storageKey?: string;
+    /**
+     * Whether to use local storage to persist activities
+     * @default true
+     * @deprecated Use adapter instead
+     */
+    useLocalStorage?: boolean;
+    /**
+     * Callback when an activity is added
+     */
+    onAdd?: (activity: ProcessingActivity) => void;
+    /**
+     * Callback when an activity is updated
+     */
+    onUpdate?: (activity: ProcessingActivity) => void;
+    /**
+     * Callback when an activity is removed
+     */
+    onRemove?: (id: string) => void;
+}
+
+declare interface UseLawfulBasisReturn {
+    /**
+     * All processing activities
+     */
+    activities: ProcessingActivity[];
+    /**
+     * Add a new processing activity
+     */
+    addActivity: (activity: Omit<ProcessingActivity, 'id' | 'createdAt' | 'updatedAt'>) => ProcessingActivity;
+    /**
+     * Update an existing processing activity
+     */
+    updateActivity: (id: string, updates: Partial<ProcessingActivity>) => ProcessingActivity | null;
+    /**
+     * Remove a processing activity
+     */
+    removeActivity: (id: string) => void;
+    /**
+     * Get a specific processing activity by ID
+     */
+    getActivity: (id: string) => ProcessingActivity | null;
+    /**
+     * Get a summary of all lawful basis documentation
+     */
+    getSummary: () => LawfulBasisSummary;
+    /**
+     * Validate a processing activity
+     */
+    validateActivity: (activity: ProcessingActivity) => LawfulBasisValidationResult;
+    /**
+     * Whether the adapter is still loading data (relevant for async adapters)
+     */
+    isLoading: boolean;
+}
+
+/**
+ * Hook for generating NDPA-compliant privacy policies
+ */
+export declare function usePrivacyPolicy({ templates, initialPolicy, adapter, storageKey, persist, useLocalStorage, onGenerate, }: UsePrivacyPolicyOptions): UsePrivacyPolicyReturn;
+
+declare interface UsePrivacyPolicyOptions {
+    /**
+     * Available policy templates
+     */
+    templates: PolicyTemplate[];
+    /**
+     * Initial policy data (if editing an existing policy)
+     */
+    initialPolicy?: PrivacyPolicy;
+    /**
+     * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage.
+     */
+    adapter?: StorageAdapter<PrivacyPolicy>;
+    /**
+     * Storage key for policy data
+     * @default "ndpr_privacy_policy"
+     * @deprecated Use adapter instead
+     */
+    storageKey?: string;
+    /**
+     * Whether to persist policy data in storage. When `false`, the hook
+     * uses an in-memory no-op adapter and nothing survives a page reload.
+     * Prefer `adapter` for richer control (custom backends, async APIs).
+     *
+     * @default true
+     */
+    persist?: boolean;
+    /**
+     * @deprecated Renamed to `persist` in v3.5.0 — `useLocalStorage` is
+     * still accepted for backward compatibility and will be removed in
+     * v4.0. Use `persist` (or pass an explicit `adapter`) instead.
+     * @default true
+     */
+    useLocalStorage?: boolean;
+    /**
+     * Callback function called when a policy is generated
+     */
+    onGenerate?: (policy: PrivacyPolicy) => void;
+}
+
+declare interface UsePrivacyPolicyReturn {
+    /**
+     * Current policy data
+     */
+    policy: PrivacyPolicy | null;
+    /**
+     * Selected template
+     */
+    selectedTemplate: PolicyTemplate | null;
+    /**
+     * Organization information
+     */
+    organizationInfo: OrganizationInfo;
+    /**
+     * Select a template
+     */
+    selectTemplate: (templateId: string) => boolean;
+    /**
+     * Update organization information
+     */
+    updateOrganizationInfo: (updates: Partial<OrganizationInfo>) => void;
+    /**
+     * Toggle whether a section is included in the policy
+     */
+    toggleSection: (sectionId: string, included: boolean) => void;
+    /**
+     * Update section content
+     */
+    updateSectionContent: (sectionId: string, content: string) => void;
+    /**
+     * Update variable values
+     */
+    updateVariableValue: (variable: string, value: string) => void;
+    /**
+     * Generate the policy
+     */
+    generatePolicy: () => PrivacyPolicy | null;
+    /**
+     * Get the generated policy text
+     */
+    getPolicyText: () => {
+        fullText: string;
+        sectionTexts: Record<string, string>;
+        missingVariables: string[];
+    };
+    /**
+     * Reset the policy
+     */
+    resetPolicy: () => void;
+    /**
+     * Check if the policy is valid
+     */
+    isValid: () => {
+        valid: boolean;
+        errors: string[];
+    };
+    /**
+     * Whether the adapter is still loading data (relevant for async adapters)
+     */
+    isLoading: boolean;
+}
+
+/**
+ * Hook for managing a Record of Processing Activities (ROPA)
+ * in compliance with NDPA 2023 requirements.
+ *
+ * Provides state management and utility functions for maintaining
+ * a comprehensive register of all data processing activities.
+ */
+export declare function useROPA({ initialData, adapter, onRecordAdd, onRecordUpdate, onRecordArchive, }: UseROPAOptions): UseROPAReturn;
+
+export declare interface UseROPAOptions {
+    /**
+     * Initial ROPA state
+     */
+    initialData: RecordOfProcessingActivities;
+    /**
+     * Pluggable storage adapter. When provided, adapter data is loaded on mount
+     * and the ROPA is persisted after every mutation. Falls back to initialData
+     * when no adapter data is found.
+     */
+    adapter?: StorageAdapter<RecordOfProcessingActivities>;
+    /**
+     * Callback when a record is added
+     */
+    onRecordAdd?: (record: ProcessingRecord) => void;
+    /**
+     * Callback when a record is updated
+     */
+    onRecordUpdate?: (id: string, updates: Partial<ProcessingRecord>) => void;
+    /**
+     * Callback when a record is archived
+     */
+    onRecordArchive?: (id: string) => void;
+}
+
+export declare interface UseROPAReturn {
+    /**
+     * Current state of the Record of Processing Activities
+     */
+    ropa: RecordOfProcessingActivities;
+    /**
+     * Add a new processing record
+     */
+    addRecord: (record: ProcessingRecord) => void;
+    /**
+     * Update an existing processing record
+     */
+    updateRecord: (id: string, updates: Partial<ProcessingRecord>) => void;
+    /**
+     * Archive a processing record by setting its status to 'archived'
+     */
+    archiveRecord: (id: string) => void;
+    /**
+     * Get a single processing record by ID
+     */
+    getRecord: (id: string) => ProcessingRecord | undefined;
+    /**
+     * Get a summary of the ROPA including statistics
+     */
+    getSummary: () => ROPASummary;
+    /**
+     * Export the ROPA as a CSV string
+     */
+    exportCSV: () => string;
+    /**
+     * Identify compliance gaps across all records
+     */
+    getComplianceGaps: () => ROPAComplianceGap[];
+    /**
+     * Whether the adapter is still loading data (relevant for async adapters)
+     */
+    isLoading: boolean;
+}
+
+export { }