@tantainnovative/ndpr-toolkit 3.5.1 → 3.6.0

package/dist/presets-policy.d.mts

@@ -0,0 +1,203 @@
+import React__default from 'react';
+
+/** A user-defined section added to the policy outside the generated ones. */
+declare interface CustomSection {
+    id: string;
+    title: string;
+    content: string;
+    order: number;
+    required: false;
+}
+
+/** A logical category of personal data the organisation may collect. */
+declare interface DataCategory {
+    /** Machine-readable identifier. */
+    id: string;
+    /** Human-readable label shown in the wizard. */
+    label: string;
+    /** Grouping for display and compliance checks. */
+    group: 'identity' | 'financial' | 'behavioral' | 'sensitive' | 'children';
+    /** Specific data points within this category. */
+    dataPoints: string[];
+    /** Whether this category is currently selected by the user. */
+    selected: boolean;
+}
+
+/**
+ * Policy engine types for the adaptive privacy policy generator.
+ * These types power the wizard-driven policy builder, compliance checker,
+ * and export functionality — all aligned with the NDPA 2023.
+ */
+
+/** Industry verticals with sector-specific compliance requirements. */
+declare type Industry = 'fintech' | 'healthcare' | 'ecommerce' | 'saas' | 'education' | 'government' | 'other';
+
+export declare const NDPRPrivacyPolicy: React__default.FC<NDPRPrivacyPolicyProps>;
+
+export declare interface NDPRPrivacyPolicyProps {
+    adapter?: StorageAdapter<PolicyDraft>;
+    onComplete?: (policy: PrivacyPolicy) => void;
+    classNames?: Record<string, string>;
+    unstyled?: boolean;
+}
+
+/**
+ * Represents organization information for a privacy policy
+ */
+declare interface OrganizationInfo {
+    /** Name of the organization */
+    name: string;
+    /** Website URL of the organization */
+    website: string;
+    /** Contact email for privacy inquiries */
+    privacyEmail: string;
+    /** Physical address of the organization */
+    address?: string;
+    /** Phone number for privacy inquiries */
+    privacyPhone?: string;
+    /** Name of the Data Protection Officer */
+    dpoName?: string;
+    /** Email of the Data Protection Officer */
+    dpoEmail?: string;
+    /** Industry or sector of the organization */
+    industry?: string;
+    /** NDPC registration number (if registered) */
+    ndpcRegistrationNumber?: string;
+}
+
+/** Organisation size tiers — affects complexity of generated language. */
+declare type OrgSize = 'startup' | 'midsize' | 'enterprise';
+
+/** Represents an in-progress policy being built in the wizard. */
+declare interface PolicyDraft {
+    /** Unique identifier for the draft. */
+    id: string;
+    /** The template context driving section generation. */
+    templateContext: TemplateContext;
+    /** Custom sections added by the user. */
+    customSections: CustomSection[];
+    /** Per-section content overrides keyed by section id. */
+    sectionOverrides: Record<string, string>;
+    /** Ordered list of section ids defining the final order. */
+    sectionOrder: string[];
+    /** Current wizard step (0-indexed). */
+    currentStep: number;
+    /** Timestamp of the last save. */
+    lastSavedAt: number;
+    /** The draft is always in "draft" status until finalised. */
+    status: 'draft';
+}
+
+/**
+ * Privacy policy types aligned with NDPA 2023
+ * Privacy policies must clearly inform data subjects of their rights under the NDPA
+ */
+/**
+ * Represents a section in a privacy policy
+ */
+declare interface PolicySection {
+    /** Unique identifier for the section */
+    id: string;
+    /** Title of the section */
+    title: string;
+    /** Description of the section */
+    description?: string;
+    /** Order of the section in the policy */
+    order?: number;
+    /** Whether the section is required by NDPA */
+    required: boolean;
+    /** Template text for the section */
+    template: string;
+    /**
+     * Default content for the section (legacy field)
+     * @deprecated Use template instead
+     */
+    defaultContent?: string;
+    /**
+     * Custom content for the section (overrides default content)
+     * @deprecated Use template instead
+     */
+    customContent?: string;
+    /** Whether the section is included in the policy */
+    included: boolean;
+    /** Variables that can be used in the section content */
+    variables?: string[];
+}
+
+/**
+ * Represents a generated privacy policy
+ */
+declare interface PrivacyPolicy {
+    /** Unique identifier for the policy */
+    id: string;
+    /** Title of the policy */
+    title: string;
+    /** Template used to generate the policy */
+    templateId: string;
+    /** Organization information */
+    organizationInfo: OrganizationInfo;
+    /** Sections of the policy */
+    sections: PolicySection[];
+    /** Values for the variables used in the policy */
+    variableValues: Record<string, string>;
+    /** Effective date of the policy */
+    effectiveDate: number;
+    /** Last updated date of the policy */
+    lastUpdated: number;
+    /** Version of the policy */
+    version: string;
+    /**
+     * Applicable legal frameworks
+     */
+    applicableFrameworks?: ('ndpa' | 'ndpr' | 'gdpr' | 'ccpa')[];
+}
+
+/** Lawful processing purposes recognised under the NDPA. */
+declare type ProcessingPurpose = 'service_delivery' | 'marketing' | 'analytics' | 'research' | 'legal_compliance' | 'fraud_prevention';
+
+declare interface StorageAdapter<T = unknown> {
+    /** Load persisted data. Called once on hook mount. */
+    load(): T | null | Promise<T | null>;
+    /** Persist data. Called on every state change. */
+    save(data: T): void | Promise<void>;
+    /** Clear persisted data. Called on reset. */
+    remove(): void | Promise<void>;
+}
+
+/** Full context used to generate an adaptive privacy policy. */
+declare interface TemplateContext {
+    /** Organisation details, extended with industry and size. */
+    org: OrganizationInfo & {
+        industry: Industry;
+        orgSize: OrgSize;
+        country: string;
+    };
+    /** Data categories the organisation collects. */
+    dataCategories: DataCategory[];
+    /** Processing purposes relevant to the organisation. */
+    purposes: ProcessingPurpose[];
+    /** Whether the organisation processes children's data. */
+    hasChildrenData: boolean;
+    /** Whether the organisation processes sensitive/special-category data. */
+    hasSensitiveData: boolean;
+    /** Whether the organisation processes financial data. */
+    hasFinancialData: boolean;
+    /** Whether data is transferred outside Nigeria. */
+    hasCrossBorderTransfer: boolean;
+    /** Whether automated decision-making or profiling is used. */
+    hasAutomatedDecisions: boolean;
+    /** Third-party processors that receive personal data. */
+    thirdPartyProcessors: ThirdPartyProcessor[];
+}
+
+/** A third-party entity that processes data on behalf of the organisation. */
+declare interface ThirdPartyProcessor {
+    /** Name of the third party. */
+    name: string;
+    /** Purpose of sharing data with this processor. */
+    purpose: string;
+    /** Country where the processor is located. */
+    country: string;
+}
+
+export { }

package/dist/presets-policy.d.ts

@@ -0,0 +1,203 @@
+import React__default from 'react';
+
+/** A user-defined section added to the policy outside the generated ones. */
+declare interface CustomSection {
+    id: string;
+    title: string;
+    content: string;
+    order: number;
+    required: false;
+}
+
+/** A logical category of personal data the organisation may collect. */
+declare interface DataCategory {
+    /** Machine-readable identifier. */
+    id: string;
+    /** Human-readable label shown in the wizard. */
+    label: string;
+    /** Grouping for display and compliance checks. */
+    group: 'identity' | 'financial' | 'behavioral' | 'sensitive' | 'children';
+    /** Specific data points within this category. */
+    dataPoints: string[];
+    /** Whether this category is currently selected by the user. */
+    selected: boolean;
+}
+
+/**
+ * Policy engine types for the adaptive privacy policy generator.
+ * These types power the wizard-driven policy builder, compliance checker,
+ * and export functionality — all aligned with the NDPA 2023.
+ */
+
+/** Industry verticals with sector-specific compliance requirements. */
+declare type Industry = 'fintech' | 'healthcare' | 'ecommerce' | 'saas' | 'education' | 'government' | 'other';
+
+export declare const NDPRPrivacyPolicy: React__default.FC<NDPRPrivacyPolicyProps>;
+
+export declare interface NDPRPrivacyPolicyProps {
+    adapter?: StorageAdapter<PolicyDraft>;
+    onComplete?: (policy: PrivacyPolicy) => void;
+    classNames?: Record<string, string>;
+    unstyled?: boolean;
+}
+
+/**
+ * Represents organization information for a privacy policy
+ */
+declare interface OrganizationInfo {
+    /** Name of the organization */
+    name: string;
+    /** Website URL of the organization */
+    website: string;
+    /** Contact email for privacy inquiries */
+    privacyEmail: string;
+    /** Physical address of the organization */
+    address?: string;
+    /** Phone number for privacy inquiries */
+    privacyPhone?: string;
+    /** Name of the Data Protection Officer */
+    dpoName?: string;
+    /** Email of the Data Protection Officer */
+    dpoEmail?: string;
+    /** Industry or sector of the organization */
+    industry?: string;
+    /** NDPC registration number (if registered) */
+    ndpcRegistrationNumber?: string;
+}
+
+/** Organisation size tiers — affects complexity of generated language. */
+declare type OrgSize = 'startup' | 'midsize' | 'enterprise';
+
+/** Represents an in-progress policy being built in the wizard. */
+declare interface PolicyDraft {
+    /** Unique identifier for the draft. */
+    id: string;
+    /** The template context driving section generation. */
+    templateContext: TemplateContext;
+    /** Custom sections added by the user. */
+    customSections: CustomSection[];
+    /** Per-section content overrides keyed by section id. */
+    sectionOverrides: Record<string, string>;
+    /** Ordered list of section ids defining the final order. */
+    sectionOrder: string[];
+    /** Current wizard step (0-indexed). */
+    currentStep: number;
+    /** Timestamp of the last save. */
+    lastSavedAt: number;
+    /** The draft is always in "draft" status until finalised. */
+    status: 'draft';
+}
+
+/**
+ * Privacy policy types aligned with NDPA 2023
+ * Privacy policies must clearly inform data subjects of their rights under the NDPA
+ */
+/**
+ * Represents a section in a privacy policy
+ */
+declare interface PolicySection {
+    /** Unique identifier for the section */
+    id: string;
+    /** Title of the section */
+    title: string;
+    /** Description of the section */
+    description?: string;
+    /** Order of the section in the policy */
+    order?: number;
+    /** Whether the section is required by NDPA */
+    required: boolean;
+    /** Template text for the section */
+    template: string;
+    /**
+     * Default content for the section (legacy field)
+     * @deprecated Use template instead
+     */
+    defaultContent?: string;
+    /**
+     * Custom content for the section (overrides default content)
+     * @deprecated Use template instead
+     */
+    customContent?: string;
+    /** Whether the section is included in the policy */
+    included: boolean;
+    /** Variables that can be used in the section content */
+    variables?: string[];
+}
+
+/**
+ * Represents a generated privacy policy
+ */
+declare interface PrivacyPolicy {
+    /** Unique identifier for the policy */
+    id: string;
+    /** Title of the policy */
+    title: string;
+    /** Template used to generate the policy */
+    templateId: string;
+    /** Organization information */
+    organizationInfo: OrganizationInfo;
+    /** Sections of the policy */
+    sections: PolicySection[];
+    /** Values for the variables used in the policy */
+    variableValues: Record<string, string>;
+    /** Effective date of the policy */
+    effectiveDate: number;
+    /** Last updated date of the policy */
+    lastUpdated: number;
+    /** Version of the policy */
+    version: string;
+    /**
+     * Applicable legal frameworks
+     */
+    applicableFrameworks?: ('ndpa' | 'ndpr' | 'gdpr' | 'ccpa')[];
+}
+
+/** Lawful processing purposes recognised under the NDPA. */
+declare type ProcessingPurpose = 'service_delivery' | 'marketing' | 'analytics' | 'research' | 'legal_compliance' | 'fraud_prevention';
+
+declare interface StorageAdapter<T = unknown> {
+    /** Load persisted data. Called once on hook mount. */
+    load(): T | null | Promise<T | null>;
+    /** Persist data. Called on every state change. */
+    save(data: T): void | Promise<void>;
+    /** Clear persisted data. Called on reset. */
+    remove(): void | Promise<void>;
+}
+
+/** Full context used to generate an adaptive privacy policy. */
+declare interface TemplateContext {
+    /** Organisation details, extended with industry and size. */
+    org: OrganizationInfo & {
+        industry: Industry;
+        orgSize: OrgSize;
+        country: string;
+    };
+    /** Data categories the organisation collects. */
+    dataCategories: DataCategory[];
+    /** Processing purposes relevant to the organisation. */
+    purposes: ProcessingPurpose[];
+    /** Whether the organisation processes children's data. */
+    hasChildrenData: boolean;
+    /** Whether the organisation processes sensitive/special-category data. */
+    hasSensitiveData: boolean;
+    /** Whether the organisation processes financial data. */
+    hasFinancialData: boolean;
+    /** Whether data is transferred outside Nigeria. */
+    hasCrossBorderTransfer: boolean;
+    /** Whether automated decision-making or profiling is used. */
+    hasAutomatedDecisions: boolean;
+    /** Third-party processors that receive personal data. */
+    thirdPartyProcessors: ThirdPartyProcessor[];
+}
+
+/** A third-party entity that processes data on behalf of the organisation. */
+declare interface ThirdPartyProcessor {
+    /** Name of the third party. */
+    name: string;
+    /** Purpose of sharing data with this processor. */
+    purpose: string;
+    /** Country where the processor is located. */
+    country: string;
+}
+
+export { }

package/dist/presets-policy.js

@@ -0,0 +1,2 @@
+"use client";
+'use strict';var chunkW7RBGZCC_js=require('./chunk-W7RBGZCC.js');require('./chunk-I2LMQWK3.js'),require('./chunk-UI536RU2.js'),require('./chunk-N3MQQUQP.js'),require('./chunk-Q64735OC.js'),require('./chunk-ZVOIR4QH.js'),require('./chunk-AME4HJR4.js'),require('./chunk-VWED6UTN.js'),require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"NDPRPrivacyPolicy",{enumerable:true,get:function(){return chunkW7RBGZCC_js.a}});

package/dist/presets-policy.mjs

@@ -0,0 +1,2 @@
+"use client";
+export{a as NDPRPrivacyPolicy}from'./chunk-RV2VMWZJ.mjs';import'./chunk-BNHQFZHL.mjs';import'./chunk-O6CUBNXK.mjs';import'./chunk-AOHKVFAS.mjs';import'./chunk-RMQ7OLNY.mjs';import'./chunk-ITCY2Z66.mjs';import'./chunk-SFGW37LE.mjs';import'./chunk-DBZSN4WP.mjs';import'./chunk-ZJYULEER.mjs';

package/dist/presets.d.mts

@@ -53,6 +53,44 @@ declare interface BreachFormSubmission {
     dataTypes: string[];
     /** Estimated number of affected data subjects */
     estimatedAffectedSubjects?: number;
+    /**
+     * Approximate number of personal data RECORDS concerned. Distinct from
+     * subject count (one subject may have many records). NDPA Section 40(2).
+     */
+    approximateRecordCount?: number;
+    /**
+     * Categories of data subjects affected (e.g. customers, employees, minors).
+     * NDPA Section 40(2).
+     */
+    dataSubjectCategories?: string[];
+    /** Whether sensitive personal data (NDPA Section 30) is involved */
+    involvesSensitiveData?: boolean;
+    /**
+     * Likely consequences of the breach for affected data subjects.
+     * Required content for the NDPC report and Section 40(3) communications.
+     */
+    likelyConsequences?: string;
+    /**
+     * Measures taken or proposed to mitigate adverse effects.
+     * NDPA Section 40(3).
+     */
+    mitigationMeasures?: string;
+    /**
+     * Data Protection Officer contact details (Section 32(3)(c) — DPO is the
+     * named NDPC contact). Falls back to organisation-level DPO if omitted.
+     */
+    dpoContact?: {
+        name: string;
+        email: string;
+        phone?: string;
+    };
+    /**
+     * Whether this is a phased / interim report submitted under Section 40(2)
+     * before complete information is available.
+     */
+    isPhasedReport?: boolean;
+    /** ID of the prior phased report this report supplements, if any. */
+    supplementsReportId?: string;
     /** Current status of the breach */
     status: 'ongoing' | 'contained' | 'resolved';
     /** Initial actions taken to address the breach */
@@ -321,6 +359,12 @@ declare interface DataCategory {
     selected: boolean;
 }
 
+/** A map of question IDs to their answer values */
+declare type DPIAAnswerMap = Record<string, DPIAAnswerValue>;
+
+/** Possible value types for a DPIA answer */
+declare type DPIAAnswerValue = string | number | boolean | string[];
+
 /**
  * Data Protection Impact Assessment types aligned with NDPA 2023 Sections 38-39
  * A DPIA is required when processing is likely to result in high risk to data subjects
@@ -517,6 +561,35 @@ export declare const NDPRComplianceDashboard: React__default.FC<NDPRDashboardPre
 
 export declare const NDPRConsent: React__default.FC<NDPRConsentProps>;
 
+/**
+ * UX copy overrides for the NDPRConsent preset. Pass any subset to
+ * replace the default text without dropping to the lower-level
+ * `<ConsentBanner>` API. Strings you omit fall back to the toolkit
+ * defaults (which already cite NDPA Section 26).
+ *
+ * @example
+ *   <NDPRConsent copy={{
+ *     title: 'Cookie preferences',
+ *     description: 'Acme uses cookies to keep you signed in and improve our store.',
+ *     acceptAll: 'Allow all',
+ *     rejectAll: 'Only essentials',
+ *   }} />
+ */
+declare interface NDPRConsentCopy {
+    /** Banner heading. Default: "We Value Your Privacy" */
+    title?: string;
+    /** Body paragraph under the heading. Default cites NDPA Section 26. */
+    description?: string;
+    /** Primary CTA — accepts all categories. Default: "Accept All" */
+    acceptAll?: string;
+    /** Secondary CTA — rejects all non-essential categories. Default: "Reject All" */
+    rejectAll?: string;
+    /** Tertiary CTA — opens the per-category controls. Default: "Customize" */
+    customize?: string;
+    /** Submit button on the per-category panel. Default: "Save Preferences" */
+    save?: string;
+}
+
 export declare interface NDPRConsentProps {
     extraOptions?: ConsentOption[];
     options?: ConsentOption[];
@@ -525,6 +598,11 @@ export declare interface NDPRConsentProps {
     classNames?: ConsentBannerClassNames;
     unstyled?: boolean;
     onSave?: (settings: ConsentSettings) => void;
+    /**
+     * UX copy overrides — see {@link NDPRConsentCopy}. Lets you brand the
+     * banner without dropping to the lower-level `<ConsentBanner>` API.
+     */
+    copy?: NDPRConsentCopy;
 }
 
 export declare const NDPRCrossBorder: React__default.FC<NDPRCrossBorderProps>;
@@ -574,10 +652,10 @@ export declare const NDPRDPIA: React__default.FC<NDPRDPIAProps>;
 
 export declare interface NDPRDPIAProps {
     sections?: DPIASection[];
-    adapter?: StorageAdapter<Record<string, any>>;
+    adapter?: StorageAdapter<DPIAAnswerMap>;
     classNames?: DPIAQuestionnaireClassNames;
     unstyled?: boolean;
-    onComplete?: (answers: Record<string, any>) => void;
+    onComplete?: (answers: DPIAAnswerMap) => void;
 }
 
 export declare const NDPRLawfulBasis: React__default.FC<NDPRLawfulBasisProps>;
@@ -615,6 +693,45 @@ export declare interface NDPRSubjectRightsProps {
     classNames?: DSRRequestFormClassNames;
     unstyled?: boolean;
     onSubmit?: (data: DSRFormSubmission) => void;
+    /**
+     * Public-form mode. Use when the form should submit to your existing
+     * backend workflow instead of being state-managed by an adapter.
+     *
+     * When `submitTo` is set:
+     * - the form does NOT require an `adapter`
+     * - on submit, the toolkit POSTs the JSON-serialised `DSRFormSubmission`
+     *   to this URL (with `Content-Type: application/json`)
+     * - your `onSubmit` callback still fires (after the POST resolves)
+     * - submit failures are surfaced via `onSubmitError`
+     *
+     * For more control over headers, credentials, or retry behaviour, build
+     * an `apiAdapter` (which now supports CSRF, retry, and error hooks in
+     * 3.6.0) and pass that as `adapter` instead. `submitTo` is the
+     * fire-and-forget shortcut for public forms.
+     *
+     * @example
+     *   <NDPRSubjectRights submitTo="/api/dsr" />
+     */
+    submitTo?: string;
+    /**
+     * Fetch options for the `submitTo` POST. Useful for adding `credentials`
+     * (cookies/auth), `X-CSRF-Token`, or any other header your backend
+     * requires. Ignored unless `submitTo` is set.
+     *
+     * @default { credentials: 'same-origin' }
+     */
+    submitOptions?: {
+        headers?: Record<string, string> | (() => Record<string, string>);
+        credentials?: RequestCredentials;
+    };
+    /**
+     * Called when a `submitTo` POST fails (network error or non-2xx
+     * response). Receives the underlying error or Response.
+     */
+    onSubmitError?: (ctx: {
+        error?: unknown;
+        response?: Response;
+    }) => void;
 }
 
 /**
@@ -913,7 +1030,9 @@ declare interface RequestType {
     /** Description of what this request type entails */
     description: string;
     /**
-     * NDPA section reference (e.g., "Section 30" for access requests)
+     * NDPA 2023 section reference for this right
+     * (e.g., "Section 34(1)(a)" for access, "Section 38" for portability).
+     * Used for display purposes only — verify the exact subsection with counsel.
      */
     ndpaSection?: string;
     /**
@@ -1009,8 +1128,11 @@ declare interface ThirdPartyProcessor {
 }
 
 /**
- * Cross-Border Data Transfer types aligned with NDPA 2023 Part VI (Sections 41-45)
- * Personal data may only be transferred outside Nigeria under specific conditions
+ * Cross-Border Data Transfer types aligned with NDPA 2023 Part VIII (Sections 41-43).
+ * Personal data may only be transferred outside Nigeria under the bases listed in
+ * Section 41(1), where Section 42 defines adequacy and Section 43 lists derogations.
+ *
+ * Note: These are guidance labels — not legal advice. Verify with your DPO or counsel.
  */
 /**
  * Transfer mechanisms recognized under the NDPA