19. Privacy by Design
Personal AI agents process sensitive user data. OpenCLaw implements privacy by design principles: data minimization, purpose limitation, and user control.
Data Minimization
OpenCLaw collects only data necessary for its functions. Conversation history retention follows configurable policies with automatic expiration.
# privacy.py
from dataclasses import dataclass
from datetime import datetime, timedelta
from typing import Optional
@dataclass
class RetentionPolicy:
conversation_days: int = 90
feedback_days: int = 180
logs_days: int = 30
anonymize_after: int = 365
class DataMinimizer:
def __init__(self, policy: RetentionPolicy, storage):
self.policy = policy
self.storage = storage
def apply_retention(self) -> int:
deleted_count = 0
cutoff = datetime.utcnow() - timedelta(days=self.policy.conversation_days)
deleted = self.storage.delete_old_conversations(cutoff)
deleted_count += deleted
cutoff = datetime.utcnow() - timedelta(days=self.policy.feedback_days)
deleted = self.storage.delete_old_feedback(cutoff)
deleted_count += deleted
return deleted_count
def anonymize(self, user_id: str) -> None:
self.storage.remove_identifying_info(user_id)
self.storage.update_user_id(user_id, f"anon_{hash(user_id)}")
Purpose Limitation
Data collected for one purpose should not be used for another without consent. OpenCLaw tags data with purpose metadata and enforces usage restrictions.
class PurposeTracker:
PURPOSES = ['core_functionality', 'improvement', 'analytics', 'sharing']
def __init__(self, storage):
self.storage = storage
def tag_data(self, data_id: str, purpose: str):
self.storage.set_purpose(data_id, purpose)
def can_use_for(self, data_id: str, requested_purpose: str) -> bool:
original_purpose = self.storage.get_purpose(data_id)
if original_purpose == 'core_functionality':
return True
if original_purpose == requested_purpose:
return True
return False
User Control Interface
Users must have visibility into and control over their data. OpenCLaw provides a privacy dashboard showing data collection, retention, and export options.
class PrivacyDashboard:
def __init__(self, storage, minimizer: DataMinimizer):
self.storage = storage
self.minimizer = minimizer
def get_data_summary(self, user_id: str) -> dict:
return {
'conversation_count': self.storage.count_conversations(user_id),
'oldest_conversation': self.storage.get_oldest_conversation(user_id),
'feedback_entries': self.storage.count_feedback(user_id),
'estimated_storage_mb': self.storage.estimate_size(user_id) / (1024*1024)
}
def export_data(self, user_id: str, format: str) -> str:
if format == 'json':
return self.storage.export_json(user_id)
elif format == 'csv':
return self.storage.export_csv(user_id)
def delete_all_user_data(self, user_id: str) -> bool:
self.storage.purge_user(user_id)
return True
Design a data portability system that exports all user data in standard formats. Include conversation history, learned preferences, and configuration settings. Implement the export functionality.