bmad-plus 0.7.5 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (281) hide show
  1. package/CHANGELOG.md +479 -425
  2. package/LICENSE +21 -21
  3. package/README.md +557 -447
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/SKILL.md +452 -452
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/assets/dossier-template.md +116 -116
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/content-extraction.md +100 -100
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/platforms.md +130 -130
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/psychoprofile.md +69 -69
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/tools.md +281 -281
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -260
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  21. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  22. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  23. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/mcp-client.py +136 -136
  24. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  25. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  26. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  27. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  28. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  29. package/package.json +62 -57
  30. package/readme-international/README.de.md +584 -426
  31. package/readme-international/README.es.md +601 -518
  32. package/readme-international/README.fr.md +599 -516
  33. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  34. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  35. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  36. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  37. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  38. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  39. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  40. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  41. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  42. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  43. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  44. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  45. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  46. package/src/bmad-plus/module-help.csv +10 -10
  47. package/src/bmad-plus/module.yaml +283 -280
  48. package/src/bmad-plus/{agents → packs}/pack-animated/animated-website-agent.md +325 -325
  49. package/src/bmad-plus/{agents → packs}/pack-animated/templates/animated-website-workflow.md +55 -55
  50. package/src/bmad-plus/{agents → packs}/pack-backup/backup-agent.md +71 -71
  51. package/src/bmad-plus/{agents → packs}/pack-backup/templates/backup-workflow.md +51 -51
  52. package/src/bmad-plus/packs/pack-dev-studio/README.md +162 -162
  53. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/analyst-agent.md +73 -73
  54. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/document-project.md +61 -61
  55. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/domain-research.md +95 -95
  56. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/market-research.md +95 -95
  57. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/prfaq.md +134 -134
  58. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/product-brief.md +80 -80
  59. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/tech-writer-agent.md +73 -73
  60. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/technical-research.md +95 -95
  61. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/architect-agent.md +73 -73
  62. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-architecture.md +73 -73
  63. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-epics-stories.md +92 -92
  64. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/generate-project-context.md +80 -80
  65. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/implementation-readiness.md +90 -90
  66. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01-init.md +153 -153
  67. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01b-continue.md +173 -173
  68. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-02-context.md +224 -224
  69. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-03-starter.md +329 -329
  70. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-04-decisions.md +318 -318
  71. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-05-patterns.md +359 -359
  72. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-06-structure.md +379 -379
  73. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-07-validation.md +361 -361
  74. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-08-complete.md +81 -81
  75. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/checkpoint-preview.md +67 -67
  76. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-01-gather-context.md +85 -85
  77. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-02-review.md +35 -35
  78. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-03-triage.md +49 -49
  79. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-04-present.md +131 -131
  80. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review.md +89 -89
  81. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/correct-course.md +300 -300
  82. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/create-story.md +428 -428
  83. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-agent.md +73 -73
  84. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story-checklist.md +80 -80
  85. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story.md +484 -484
  86. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/investigate.md +193 -193
  87. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/qa-e2e-tests.md +175 -175
  88. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/quick-dev.md +110 -110
  89. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/retrospective.md +1511 -1511
  90. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-planning.md +298 -298
  91. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-status.md +296 -296
  92. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-prd.md +29 -29
  93. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-ux-design.md +74 -74
  94. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/edit-prd.md +29 -29
  95. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/pm-agent.md +73 -73
  96. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/prd.md +89 -89
  97. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/ux-designer-agent.md +73 -73
  98. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/validate-prd.md +29 -29
  99. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/advanced-elicitation.md +141 -141
  100. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/adversarial-review.md +37 -37
  101. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/bmad-help.md +75 -75
  102. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/brainstorming.md +6 -6
  103. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/customize.md +110 -110
  104. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/distillator.md +176 -176
  105. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/edge-case-hunter.md +67 -67
  106. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-prose.md +86 -86
  107. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-structure.md +179 -179
  108. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/index-docs.md +66 -66
  109. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/party-mode.md +127 -127
  110. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/shard-doc.md +105 -105
  111. package/src/bmad-plus/packs/pack-dev-studio/dev-studio-orchestrator.md +120 -120
  112. package/src/bmad-plus/packs/pack-dev-studio/shared/architecture-decision-template.md +12 -12
  113. package/src/bmad-plus/packs/pack-dev-studio/shared/bwml-spec.md +328 -328
  114. package/src/bmad-plus/packs/pack-dev-studio/shared/module-help.csv +32 -32
  115. package/src/bmad-plus/packs/pack-dev-studio/upstream-sync.yaml +81 -81
  116. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  117. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  118. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  119. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  120. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  121. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  122. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  123. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  124. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  125. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  126. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  127. package/src/bmad-plus/{agents → packs}/pack-seo/SKILL.md +171 -171
  128. package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -0
  129. package/src/bmad-plus/{agents → packs}/pack-seo/checklist.md +140 -140
  130. package/src/bmad-plus/{agents → packs}/pack-seo/pagespeed-playbook.md +320 -320
  131. package/src/bmad-plus/{agents → packs}/pack-seo/ref/audit-schema.json +187 -187
  132. package/src/bmad-plus/{agents → packs}/pack-seo/ref/cwv-thresholds.md +87 -87
  133. package/src/bmad-plus/{agents → packs}/pack-seo/ref/eeat-criteria.md +123 -123
  134. package/src/bmad-plus/{agents → packs}/pack-seo/ref/geo-signals.md +167 -167
  135. package/src/bmad-plus/{agents → packs}/pack-seo/ref/hreflang-rules.md +153 -153
  136. package/src/bmad-plus/{agents → packs}/pack-seo/ref/quality-gates.md +133 -133
  137. package/src/bmad-plus/{agents → packs}/pack-seo/ref/schema-catalog.md +91 -91
  138. package/src/bmad-plus/{agents → packs}/pack-seo/ref/schema-templates.json +356 -356
  139. package/src/bmad-plus/{agents → packs}/pack-seo/seo-chief.md +294 -294
  140. package/src/bmad-plus/{agents → packs}/pack-seo/seo-judge.md +241 -241
  141. package/src/bmad-plus/{agents → packs}/pack-seo/seo-scout.md +171 -171
  142. package/src/bmad-plus/{agents → packs}/pack-seo/templates/seo-audit-workflow.md +241 -241
  143. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  144. package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -0
  145. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +262 -262
  146. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +179 -179
  147. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +201 -201
  148. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +97 -97
  149. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +251 -251
  150. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +133 -133
  151. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +221 -221
  152. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +150 -150
  153. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +167 -167
  154. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +83 -83
  155. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +250 -250
  156. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +218 -218
  157. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  158. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  159. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  160. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  161. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  162. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +127 -127
  163. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +272 -272
  164. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +202 -202
  165. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +367 -367
  166. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +510 -510
  167. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +247 -247
  168. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +173 -173
  169. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +239 -239
  170. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +266 -266
  171. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +164 -164
  172. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  173. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  174. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  175. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  176. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  177. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  178. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  179. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  180. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  181. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  182. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  183. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  184. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  185. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  186. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  187. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  188. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  189. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  190. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  191. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  192. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  193. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  194. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  195. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  196. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  197. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  198. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  199. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  200. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  201. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  202. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  203. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  204. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  205. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  206. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  207. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  208. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  209. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  210. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  211. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  212. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  213. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  214. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  215. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  216. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  217. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  218. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  219. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  220. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  221. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  222. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  223. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  224. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  225. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  226. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  227. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  228. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  229. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  230. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  231. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  232. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  233. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  234. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  235. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  236. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  237. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  238. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  239. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  240. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  241. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  242. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  243. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  244. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  245. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  246. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  247. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  248. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  249. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  250. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  251. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  252. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  253. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  254. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  255. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  256. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  257. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  258. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  259. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  260. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  261. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  262. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  263. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  264. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  265. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  266. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  267. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  268. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  269. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  270. package/tools/bmad-plus-npx.js +3 -5
  271. package/tools/cli/commands/autoconfig.js +508 -489
  272. package/tools/cli/commands/doctor.js +219 -222
  273. package/tools/cli/commands/install.js +548 -739
  274. package/tools/cli/commands/memory.js +194 -194
  275. package/tools/cli/commands/scan.js +362 -350
  276. package/tools/cli/commands/uninstall.js +96 -96
  277. package/tools/cli/commands/update.js +116 -174
  278. package/tools/cli/i18n.js +845 -763
  279. package/tools/cli/lib/memory-init.js +114 -0
  280. package/tools/cli/lib/pack-copy.js +84 -0
  281. package/tools/cli/lib/packs.js +114 -0
@@ -1,121 +1,121 @@
1
- # Data Processing Agreement (DPA) Template
2
-
3
- ## Legal Basis
4
- Art. 28 GDPR — processors must be bound by a contract covering all mandatory Art. 28(3) terms.
5
- Failure to have a compliant DPA is itself a violation exposable to Art. 83(4) fines (up to €10M / 2% turnover).
6
-
7
- ---
8
-
9
- ## Parties
10
-
11
- **Controller**: [CONTROLLER LEGAL NAME], [ADDRESS] ("Controller")
12
- **Processor**: [PROCESSOR LEGAL NAME], [ADDRESS] ("Processor")
13
-
14
- ---
15
-
16
- ## 1. Subject Matter and Duration (Art. 28(3))
17
- This DPA governs the processing of personal data by Processor on behalf of Controller in
18
- connection with: [DESCRIPTION OF MAIN SERVICE / CONTRACT].
19
-
20
- Duration: This DPA is co-terminus with the main service agreement dated [DATE].
21
-
22
- ## 2. Nature and Purpose of Processing (Art. 28(3))
23
- The Processor will process personal data for the following purposes only:
24
- - [e.g. Hosting and storing Controller's application data]
25
- - [e.g. Sending transactional emails on Controller's instruction]
26
-
27
- Processing shall occur only on documented instructions from the Controller (Art. 28(3)(a)).
28
-
29
- ## 3. Categories of Personal Data (Art. 28(3))
30
- The following categories of personal data are covered by this DPA:
31
- - [e.g. Contact data: name, email address, phone number]
32
- - [e.g. Usage data: IP address, session identifiers]
33
- - [List any special category data + confirm Art. 9 condition met]
34
-
35
- ## 4. Categories of Data Subjects (Art. 28(3))
36
- - [e.g. Controller's end users / customers]
37
- - [e.g. Controller's employees]
38
-
39
- ## 5. Processor Obligations (Art. 28(3))
40
-
41
- ### 5.1 Instructions Only (Art. 28(3)(a))
42
- Processor shall process personal data only on documented instructions from Controller, including
43
- with regard to transfers, unless required by law (in which case Processor shall notify Controller
44
- unless prohibited).
45
-
46
- ### 5.2 Confidentiality (Art. 28(3)(b))
47
- Processor shall ensure that persons authorised to process the data have committed to
48
- confidentiality or are under a statutory obligation of confidentiality.
49
-
50
- ### 5.3 Security (Art. 28(3)(c); Art. 32)
51
- Processor shall implement appropriate technical and organisational measures including at minimum:
52
- - Encryption of personal data at rest and in transit
53
- - Ongoing confidentiality, integrity, and availability of processing systems
54
- - Ability to restore availability following incidents
55
- - Regular testing of security measures
56
-
57
- ### 5.4 Sub-processors (Art. 28(2), 28(3)(d))
58
- Processor shall not engage sub-processors without prior **specific or general written authorisation**
59
- from Controller.
60
-
61
- Current authorised sub-processors: [LIST or "See Schedule A"]
62
-
63
- Processor shall impose equivalent data protection obligations on sub-processors (Art. 28(4)) and
64
- remains liable to Controller for sub-processor failures.
65
-
66
- ### 5.5 Data Subject Rights (Art. 28(3)(e))
67
- Processor shall assist Controller by appropriate technical and organisational measures to fulfil
68
- Controller's obligation to respond to data subject rights requests (Arts. 15–22), given the nature
69
- of processing.
70
-
71
- ### 5.6 Assistance with Controller Obligations (Art. 28(3)(f))
72
- Processor shall assist Controller in ensuring compliance with: Art. 32 (security), Art. 33–34
73
- (breach notification), Art. 35–36 (DPIAs), taking into account the nature of processing and
74
- information available.
75
-
76
- ### 5.7 Deletion or Return (Art. 28(3)(g))
77
- At Controller's choice, Processor shall delete or return all personal data upon termination of
78
- services, and delete existing copies unless Union or Member State law requires storage.
79
- Timeline for deletion/return: [X days after termination].
80
-
81
- ### 5.8 Audit Rights (Art. 28(3)(h))
82
- Processor shall make available all information necessary to demonstrate compliance with Art. 28
83
- and shall allow for and contribute to audits conducted by Controller or an authorised auditor.
84
- Audit notice period: [X days]. Frequency: [no more than once per year absent cause].
85
-
86
- ## 6. International Transfers (Art. 44–49)
87
- [If applicable:]
88
- Where Processor transfers personal data outside the UK/EEA, the following safeguard applies:
89
- - [ ] Adequacy decision (Art. 45): [COUNTRY]
90
- - [ ] Standard Contractual Clauses (Art. 46(2)(c)): [MODULE — attach as Schedule B]
91
- - [ ] Binding Corporate Rules (Art. 47)
92
- - [ ] Other: [SPECIFY]
93
-
94
- ## 7. Breach Notification (Art. 33)
95
- Processor shall notify Controller of any personal data breach **without undue delay** and in any
96
- event within **[48/72] hours** of becoming aware, providing information per Art. 33(3) to the
97
- extent available.
98
-
99
- ## 8. Governing Law
100
- This DPA is governed by the laws of [JURISDICTION].
101
-
102
- ---
103
-
104
- ## Schedule A — Authorised Sub-processors
105
- | Sub-processor | Location | Processing Activity |
106
- |--------------|----------|-------------------|
107
- | [NAME] | [COUNTRY] | [PURPOSE] |
108
-
109
- ## Schedule B — Standard Contractual Clauses
110
- [Attach EU Commission SCCs (2021) or UK IDTA as applicable]
111
-
112
- ---
113
-
114
- ## Drafting Checklist
115
- - [ ] All Art. 28(3)(a)–(h) clauses present
116
- - [ ] Sub-processor list attached or mechanism described
117
- - [ ] Transfer mechanism documented and attached
118
- - [ ] Breach notification timeline specified
119
- - [ ] Deletion timeline specified
120
- - [ ] Audit rights defined with reasonable notice period
121
- - [ ] Signed by authorised representatives of both parties
1
+ # Data Processing Agreement (DPA) Template
2
+
3
+ ## Legal Basis
4
+ Art. 28 GDPR — processors must be bound by a contract covering all mandatory Art. 28(3) terms.
5
+ Failure to have a compliant DPA is itself a violation exposable to Art. 83(4) fines (up to €10M / 2% turnover).
6
+
7
+ ---
8
+
9
+ ## Parties
10
+
11
+ **Controller**: [CONTROLLER LEGAL NAME], [ADDRESS] ("Controller")
12
+ **Processor**: [PROCESSOR LEGAL NAME], [ADDRESS] ("Processor")
13
+
14
+ ---
15
+
16
+ ## 1. Subject Matter and Duration (Art. 28(3))
17
+ This DPA governs the processing of personal data by Processor on behalf of Controller in
18
+ connection with: [DESCRIPTION OF MAIN SERVICE / CONTRACT].
19
+
20
+ Duration: This DPA is co-terminus with the main service agreement dated [DATE].
21
+
22
+ ## 2. Nature and Purpose of Processing (Art. 28(3))
23
+ The Processor will process personal data for the following purposes only:
24
+ - [e.g. Hosting and storing Controller's application data]
25
+ - [e.g. Sending transactional emails on Controller's instruction]
26
+
27
+ Processing shall occur only on documented instructions from the Controller (Art. 28(3)(a)).
28
+
29
+ ## 3. Categories of Personal Data (Art. 28(3))
30
+ The following categories of personal data are covered by this DPA:
31
+ - [e.g. Contact data: name, email address, phone number]
32
+ - [e.g. Usage data: IP address, session identifiers]
33
+ - [List any special category data + confirm Art. 9 condition met]
34
+
35
+ ## 4. Categories of Data Subjects (Art. 28(3))
36
+ - [e.g. Controller's end users / customers]
37
+ - [e.g. Controller's employees]
38
+
39
+ ## 5. Processor Obligations (Art. 28(3))
40
+
41
+ ### 5.1 Instructions Only (Art. 28(3)(a))
42
+ Processor shall process personal data only on documented instructions from Controller, including
43
+ with regard to transfers, unless required by law (in which case Processor shall notify Controller
44
+ unless prohibited).
45
+
46
+ ### 5.2 Confidentiality (Art. 28(3)(b))
47
+ Processor shall ensure that persons authorised to process the data have committed to
48
+ confidentiality or are under a statutory obligation of confidentiality.
49
+
50
+ ### 5.3 Security (Art. 28(3)(c); Art. 32)
51
+ Processor shall implement appropriate technical and organisational measures including at minimum:
52
+ - Encryption of personal data at rest and in transit
53
+ - Ongoing confidentiality, integrity, and availability of processing systems
54
+ - Ability to restore availability following incidents
55
+ - Regular testing of security measures
56
+
57
+ ### 5.4 Sub-processors (Art. 28(2), 28(3)(d))
58
+ Processor shall not engage sub-processors without prior **specific or general written authorisation**
59
+ from Controller.
60
+
61
+ Current authorised sub-processors: [LIST or "See Schedule A"]
62
+
63
+ Processor shall impose equivalent data protection obligations on sub-processors (Art. 28(4)) and
64
+ remains liable to Controller for sub-processor failures.
65
+
66
+ ### 5.5 Data Subject Rights (Art. 28(3)(e))
67
+ Processor shall assist Controller by appropriate technical and organisational measures to fulfil
68
+ Controller's obligation to respond to data subject rights requests (Arts. 15–22), given the nature
69
+ of processing.
70
+
71
+ ### 5.6 Assistance with Controller Obligations (Art. 28(3)(f))
72
+ Processor shall assist Controller in ensuring compliance with: Art. 32 (security), Art. 33–34
73
+ (breach notification), Art. 35–36 (DPIAs), taking into account the nature of processing and
74
+ information available.
75
+
76
+ ### 5.7 Deletion or Return (Art. 28(3)(g))
77
+ At Controller's choice, Processor shall delete or return all personal data upon termination of
78
+ services, and delete existing copies unless Union or Member State law requires storage.
79
+ Timeline for deletion/return: [X days after termination].
80
+
81
+ ### 5.8 Audit Rights (Art. 28(3)(h))
82
+ Processor shall make available all information necessary to demonstrate compliance with Art. 28
83
+ and shall allow for and contribute to audits conducted by Controller or an authorised auditor.
84
+ Audit notice period: [X days]. Frequency: [no more than once per year absent cause].
85
+
86
+ ## 6. International Transfers (Art. 44–49)
87
+ [If applicable:]
88
+ Where Processor transfers personal data outside the UK/EEA, the following safeguard applies:
89
+ - [ ] Adequacy decision (Art. 45): [COUNTRY]
90
+ - [ ] Standard Contractual Clauses (Art. 46(2)(c)): [MODULE — attach as Schedule B]
91
+ - [ ] Binding Corporate Rules (Art. 47)
92
+ - [ ] Other: [SPECIFY]
93
+
94
+ ## 7. Breach Notification (Art. 33)
95
+ Processor shall notify Controller of any personal data breach **without undue delay** and in any
96
+ event within **[48/72] hours** of becoming aware, providing information per Art. 33(3) to the
97
+ extent available.
98
+
99
+ ## 8. Governing Law
100
+ This DPA is governed by the laws of [JURISDICTION].
101
+
102
+ ---
103
+
104
+ ## Schedule A — Authorised Sub-processors
105
+ | Sub-processor | Location | Processing Activity |
106
+ |--------------|----------|-------------------|
107
+ | [NAME] | [COUNTRY] | [PURPOSE] |
108
+
109
+ ## Schedule B — Standard Contractual Clauses
110
+ [Attach EU Commission SCCs (2021) or UK IDTA as applicable]
111
+
112
+ ---
113
+
114
+ ## Drafting Checklist
115
+ - [ ] All Art. 28(3)(a)–(h) clauses present
116
+ - [ ] Sub-processor list attached or mechanism described
117
+ - [ ] Transfer mechanism documented and attached
118
+ - [ ] Breach notification timeline specified
119
+ - [ ] Deletion timeline specified
120
+ - [ ] Audit rights defined with reasonable notice period
121
+ - [ ] Signed by authorised representatives of both parties
@@ -1,87 +1,87 @@
1
- # Privacy Notice / Privacy Policy Template
2
-
3
- ## Legal Basis
4
- Arts. 13–14 (information to be provided), Art. 12 (transparent communication).
5
- Art. 13 applies when data collected directly from subject; Art. 14 when collected indirectly.
6
-
7
- ---
8
-
9
- ## Required Sections (Art. 13/14 Checklist)
10
-
11
- ### 1. Identity and Contact Details of the Controller (Art. 13(1)(a))
12
- > **[ORGANISATION NAME]** ("we", "us", "our")
13
- > Registered address: [ADDRESS]
14
- > Email: [PRIVACY@EMAIL.COM]
15
-
16
- ### 2. DPO Contact Details (Art. 13(1)(b)) — if applicable
17
- > Our Data Protection Officer can be contacted at: [DPO EMAIL / ADDRESS]
18
-
19
- ### 3. Purposes and Lawful Basis (Art. 13(1)(c))
20
- For each processing activity, state both purpose AND lawful basis:
21
-
22
- | Purpose | Personal Data | Lawful Basis (Art. 6) |
23
- |---------|--------------|----------------------|
24
- | [e.g. Account creation] | [Name, email] | Contract (Art. 6(1)(b)) |
25
- | [e.g. Marketing emails] | [Email, preferences] | Consent (Art. 6(1)(a)) |
26
- | [e.g. Fraud prevention] | [Transaction data] | Legitimate interests (Art. 6(1)(f)) |
27
-
28
- Where legitimate interests is relied upon, summarise the LIA outcome.
29
-
30
- ### 4. Legitimate Interests (Art. 13(1)(d)) — where applicable
31
- > We process [DATA] for [PURPOSE] based on our legitimate interest in [INTEREST]. We have
32
- > assessed that this interest is not overridden by your rights and interests because [REASON].
33
-
34
- ### 5. Recipients or Categories of Recipients (Art. 13(1)(e))
35
- > We share your personal data with:
36
- > - [SERVICE PROVIDER / PROCESSOR NAME]: for [PURPOSE], located in [COUNTRY]
37
- > - [ANALYTICS PROVIDER]: for [PURPOSE]
38
- > We do not sell your personal data to third parties.
39
-
40
- ### 6. International Transfers (Art. 13(1)(f))
41
- > Where we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place,
42
- > including: [Adequacy decision / Standard Contractual Clauses (SCCs) / BCRs — Art. 46].
43
- > Details available on request.
44
-
45
- ### 7. Retention Period (Art. 13(2)(a))
46
- > We retain your personal data for [PERIOD / criteria used to determine period].
47
- > See our Retention Schedule for full details.
48
-
49
- ### 8. Data Subject Rights (Art. 13(2)(b))
50
- > You have the right to:
51
- > - **Access** your data (Art. 15) — request a copy of data we hold about you
52
- > - **Rectification** of inaccurate data (Art. 16)
53
- > - **Erasure** ("right to be forgotten") in certain circumstances (Art. 17)
54
- > - **Restrict** our processing in certain circumstances (Art. 18)
55
- > - **Data portability** for data provided by you under consent or contract (Art. 20)
56
- > - **Object** to processing based on legitimate interests or direct marketing (Art. 21)
57
- > - **Withdraw consent** at any time without affecting prior processing (Art. 7(3))
58
- >
59
- > To exercise your rights, contact: [EMAIL / FORM URL]
60
- > We will respond within **one month** (Art. 12(3)), extendable by two further months for
61
- > complex requests.
62
-
63
- ### 9. Right to Lodge a Complaint (Art. 13(2)(d))
64
- > You have the right to lodge a complaint with your supervisory authority.
65
- > In the UK: **ICO** — ico.org.uk | 0303 123 1113
66
- > In the EU: [LEAD SUPERVISORY AUTHORITY if applicable]
67
-
68
- ### 10. Whether Provision is Statutory/Contractual (Art. 13(2)(e))
69
- > [Where applicable: "Providing this data is a contractual requirement. Failure to provide it
70
- > may mean we cannot [provide the service]."]
71
-
72
- ### 11. Automated Decision-Making / Profiling (Art. 13(2)(f))
73
- > [If applicable: "We use automated decision-making including profiling for [PURPOSE].
74
- > This has [significant / no significant] effect on you. You have the right to [request human
75
- > review / object — Art. 22]."]
76
- > [If not applicable: "We do not use automated decision-making that produces legal or similarly
77
- > significant effects on you."]
78
-
79
- ---
80
-
81
- ## Drafting Checklist
82
- - [ ] Written in plain, clear language (Art. 12(1))
83
- - [ ] Provided free of charge (Art. 12(5))
84
- - [ ] All Art. 13(1) and 13(2) fields covered
85
- - [ ] Separate sections for each processing purpose
86
- - [ ] Version date and review schedule included
87
- - [ ] Accessible format (e.g., layered notice for website)
1
+ # Privacy Notice / Privacy Policy Template
2
+
3
+ ## Legal Basis
4
+ Arts. 13–14 (information to be provided), Art. 12 (transparent communication).
5
+ Art. 13 applies when data collected directly from subject; Art. 14 when collected indirectly.
6
+
7
+ ---
8
+
9
+ ## Required Sections (Art. 13/14 Checklist)
10
+
11
+ ### 1. Identity and Contact Details of the Controller (Art. 13(1)(a))
12
+ > **[ORGANISATION NAME]** ("we", "us", "our")
13
+ > Registered address: [ADDRESS]
14
+ > Email: [PRIVACY@EMAIL.COM]
15
+
16
+ ### 2. DPO Contact Details (Art. 13(1)(b)) — if applicable
17
+ > Our Data Protection Officer can be contacted at: [DPO EMAIL / ADDRESS]
18
+
19
+ ### 3. Purposes and Lawful Basis (Art. 13(1)(c))
20
+ For each processing activity, state both purpose AND lawful basis:
21
+
22
+ | Purpose | Personal Data | Lawful Basis (Art. 6) |
23
+ |---------|--------------|----------------------|
24
+ | [e.g. Account creation] | [Name, email] | Contract (Art. 6(1)(b)) |
25
+ | [e.g. Marketing emails] | [Email, preferences] | Consent (Art. 6(1)(a)) |
26
+ | [e.g. Fraud prevention] | [Transaction data] | Legitimate interests (Art. 6(1)(f)) |
27
+
28
+ Where legitimate interests is relied upon, summarise the LIA outcome.
29
+
30
+ ### 4. Legitimate Interests (Art. 13(1)(d)) — where applicable
31
+ > We process [DATA] for [PURPOSE] based on our legitimate interest in [INTEREST]. We have
32
+ > assessed that this interest is not overridden by your rights and interests because [REASON].
33
+
34
+ ### 5. Recipients or Categories of Recipients (Art. 13(1)(e))
35
+ > We share your personal data with:
36
+ > - [SERVICE PROVIDER / PROCESSOR NAME]: for [PURPOSE], located in [COUNTRY]
37
+ > - [ANALYTICS PROVIDER]: for [PURPOSE]
38
+ > We do not sell your personal data to third parties.
39
+
40
+ ### 6. International Transfers (Art. 13(1)(f))
41
+ > Where we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place,
42
+ > including: [Adequacy decision / Standard Contractual Clauses (SCCs) / BCRs — Art. 46].
43
+ > Details available on request.
44
+
45
+ ### 7. Retention Period (Art. 13(2)(a))
46
+ > We retain your personal data for [PERIOD / criteria used to determine period].
47
+ > See our Retention Schedule for full details.
48
+
49
+ ### 8. Data Subject Rights (Art. 13(2)(b))
50
+ > You have the right to:
51
+ > - **Access** your data (Art. 15) — request a copy of data we hold about you
52
+ > - **Rectification** of inaccurate data (Art. 16)
53
+ > - **Erasure** ("right to be forgotten") in certain circumstances (Art. 17)
54
+ > - **Restrict** our processing in certain circumstances (Art. 18)
55
+ > - **Data portability** for data provided by you under consent or contract (Art. 20)
56
+ > - **Object** to processing based on legitimate interests or direct marketing (Art. 21)
57
+ > - **Withdraw consent** at any time without affecting prior processing (Art. 7(3))
58
+ >
59
+ > To exercise your rights, contact: [EMAIL / FORM URL]
60
+ > We will respond within **one month** (Art. 12(3)), extendable by two further months for
61
+ > complex requests.
62
+
63
+ ### 9. Right to Lodge a Complaint (Art. 13(2)(d))
64
+ > You have the right to lodge a complaint with your supervisory authority.
65
+ > In the UK: **ICO** — ico.org.uk | 0303 123 1113
66
+ > In the EU: [LEAD SUPERVISORY AUTHORITY if applicable]
67
+
68
+ ### 10. Whether Provision is Statutory/Contractual (Art. 13(2)(e))
69
+ > [Where applicable: "Providing this data is a contractual requirement. Failure to provide it
70
+ > may mean we cannot [provide the service]."]
71
+
72
+ ### 11. Automated Decision-Making / Profiling (Art. 13(2)(f))
73
+ > [If applicable: "We use automated decision-making including profiling for [PURPOSE].
74
+ > This has [significant / no significant] effect on you. You have the right to [request human
75
+ > review / object — Art. 22]."]
76
+ > [If not applicable: "We do not use automated decision-making that produces legal or similarly
77
+ > significant effects on you."]
78
+
79
+ ---
80
+
81
+ ## Drafting Checklist
82
+ - [ ] Written in plain, clear language (Art. 12(1))
83
+ - [ ] Provided free of charge (Art. 12(5))
84
+ - [ ] All Art. 13(1) and 13(2) fields covered
85
+ - [ ] Separate sections for each processing purpose
86
+ - [ ] Version date and review schedule included
87
+ - [ ] Accessible format (e.g., layered notice for website)