import { ErrorInfo } from 'react'; import React__default from 'react'; import { ReactNode } from 'react'; import { RefObject } from 'react'; /** * Adequacy status of a destination country */ export declare type AdequacyStatus = 'adequate' | 'inadequate' | 'pending_review' | 'unknown'; export declare interface ApiAdapterErrorContext { /** Which adapter operation triggered this — `load`, `save`, or `remove`. */ method: ApiAdapterMethod; /** The endpoint URL that failed. */ endpoint: string; /** Underlying error (for network failures / parse errors). */ error?: unknown; /** Response object, if a response was received. */ response?: Response; /** HTTP status code, if available. */ status?: number; /** For `save`, the payload that failed to send. */ payload?: T; /** Which retry attempt this is (0 = first try). Capped at `retry.attempts`. */ attempt: number; } export declare type ApiAdapterMethod = 'load' | 'save' | 'remove'; export declare interface ApiAdapterOptions { /** * Extra HTTP headers to send with every request. Useful for `Authorization`, * `X-CSRF-Token`, `X-Requested-With`, etc. * * Can also be a function that returns headers, which lets you read a CSRF * token from the DOM/cookie at request time rather than at adapter * construction time. */ headers?: Record | (() => Record); /** * Forwarded to fetch's `credentials` option. Defaults to `'same-origin'` * (the browser default). Set to `'include'` for cross-origin endpoints * that need cookies / auth. */ credentials?: RequestCredentials; /** * HTTP method override for the load operation. Defaults to `'GET'`. */ loadMethod?: 'GET' | 'POST'; /** * HTTP method override for the save operation. Defaults to `'POST'`. Some * REST APIs prefer `'PUT'` for upsert semantics. */ saveMethod?: 'POST' | 'PUT' | 'PATCH'; /** * Transform the raw JSON response into the expected `T`. Useful for APIs * that wrap responses in `{ data: ... }` or similar envelopes. Called * after `res.json()`. If omitted, the parsed JSON is used as-is. */ unwrap?: (raw: unknown) => T | null; /** * Retry policy for failed requests. Defaults to no retries (preserves the * pre-3.6.0 behaviour). When configured, applies to all three operations. */ retry?: ApiAdapterRetryConfig; /** * Called when a request fails (after all retries exhausted). The adapter * still returns a graceful null/void result so the consuming hook * doesn't crash — this hook is for telemetry, toasts, or audit logging. */ onError?: (ctx: ApiAdapterErrorContext) => void; /** * Called when a request succeeds. Useful for cache invalidation, * analytics, or syncing other state. */ onSuccess?: (ctx: ApiAdapterSuccessContext) => void; /** * Per-request fetch options to merge into every request. Use this for * things `fetch` itself supports that aren't directly modelled above — * `signal`, `mode`, `cache`, `redirect`, etc. */ fetchInit?: Omit; } export declare interface ApiAdapterRetryConfig { /** * Number of additional attempts after the initial request. Defaults to 0 * (no retries). e.g. `attempts: 2` means up to 3 total requests. */ attempts?: number; /** * Base delay in ms between attempts. Defaults to 250ms. The actual delay * uses exponential backoff: `baseDelayMs * 2^attempt`. */ baseDelayMs?: number; /** * Predicate that decides whether to retry given the failure context. By * default we retry on network errors and 5xx responses, but not on 4xx * (those are client errors that won't fix themselves). */ shouldRetry?: (ctx: ApiAdapterErrorContext) => boolean; } export declare interface ApiAdapterSuccessContext { /** Which adapter operation succeeded — `load`, `save`, or `remove`. */ method: ApiAdapterMethod; /** The endpoint URL. */ endpoint: string; /** Response object. */ response: Response; /** For `load` operations, the parsed (and optionally unwrapped) data. */ data?: T; /** For `save` operations, the payload that was sent. */ payload?: T; } /** * Appends a single audit entry to the consent audit log in localStorage. * The log is append-only; existing entries are never modified. * * @param entry - The audit entry to append * @param storageKey - Base storage key (the audit key is derived as `${storageKey}_audit`) */ export declare function appendAuditEntry(entry: ConsentAuditEntry, storageKey?: string): void; /** * Assess a breach report against the NDPA S. 40 / GAID 2025 Article 33 * notification requirements. */ export declare function assessBreachNotification(report: BreachReport, options?: BreachNotificationOptions): BreachNotificationAssessment; /** * Analyzes all processing activities and returns compliance gaps including * missing DPO approval, overdue reviews, undocumented justifications, * missing LIA for legitimate interests, and other documentation issues. * * @param activities Array of processing activities to analyze * @returns Array of identified compliance gaps */ export declare function assessComplianceGaps(activities: ProcessingActivity[]): LawfulBasisComplianceGap[]; /** * Assesses the risk level of a DPIA based on the identified risks * @param dpiaResult The DPIA result containing risks to assess * @returns Assessment result with overall risk level and recommendations */ export declare function assessDPIARisk(dpiaResult: DPIAResult): { overallRiskLevel: 'low' | 'medium' | 'high' | 'critical'; requiresConsultation: boolean; canProceed: boolean; recommendations: string[]; }; /** * Performs a basic risk assessment of a cross-border transfer based on adequacy status, * transfer mechanism, and data sensitivity. * * @param transfer The cross-border transfer to assess * @returns Risk assessment result with score, factors, and recommendations */ export declare function assessTransferRisk(transfer: CrossBorderTransfer): TransferRiskResult; export declare interface AuditCheck { id: string; label: string; status: AuditCheckStatus; detail: string; } export declare type AuditCheckStatus = 'pass' | 'warn' | 'fail'; /** * Breach notification types aligned with NDPA 2023 Section 40 * Data controllers must notify the NDPC within 72 hours of becoming aware of a breach * Data subjects must be notified without undue delay when breach is likely to result in high risk */ /** * Represents a data breach category */ export declare interface BreachCategory { /** Unique identifier for the category */ id: string; /** Display name for the category */ name: string; /** Description of this breach category */ description: string; /** Default severity level for this category */ defaultSeverity: 'low' | 'medium' | 'high' | 'critical'; } declare type BreachCompositeState = { reports: BreachReport[]; assessments: RiskAssessment[]; notifications: RegulatoryNotification[]; }; /** * Represents the data submitted by the breach report form. */ export declare interface BreachFormSubmission { /** Title/summary of the breach */ title: string; /** Detailed description of the breach */ description: string; /** Breach category identifier */ category: string; /** Timestamp (ms) when the breach was discovered */ discoveredAt: number; /** Timestamp (ms) when the breach occurred (if known) */ occurredAt?: number; /** Timestamp (ms) when the form was submitted */ reportedAt: number; /** Person reporting the breach */ reporter: { name: string; email: string; department: string; phone?: string; }; /** Systems or applications affected by the breach */ affectedSystems: string[]; /** Types of data involved in the breach */ dataTypes: string[]; /** Estimated number of affected data subjects */ estimatedAffectedSubjects?: number; /** * Approximate number of personal data RECORDS concerned. Distinct from * subject count (one subject may have many records). NDPA Section 40(2). */ approximateRecordCount?: number; /** * Categories of data subjects affected (e.g. customers, employees, minors). * NDPA Section 40(2). */ dataSubjectCategories?: string[]; /** Whether sensitive personal data (NDPA Section 30) is involved */ involvesSensitiveData?: boolean; /** * Likely consequences of the breach for affected data subjects. * Required content for the NDPC report and Section 40(3) communications. */ likelyConsequences?: string; /** * Measures taken or proposed to mitigate adverse effects. * NDPA Section 40(3). */ mitigationMeasures?: string; /** * Data Protection Officer contact details (Section 32(3)(c) — DPO is the * named NDPC contact). Falls back to organisation-level DPO if omitted. */ dpoContact?: { name: string; email: string; phone?: string; }; /** * Whether this is a phased / interim report submitted under Section 40(2) * before complete information is available. */ isPhasedReport?: boolean; /** ID of the prior phased report this report supplements, if any. */ supplementsReportId?: string; /** Current status of the breach */ status: 'ongoing' | 'contained' | 'resolved'; /** Initial actions taken to address the breach */ initialActions?: string; /** File attachments included with the report */ attachments: Array<{ name: string; type: string; size: number; file: File; }>; } export declare interface BreachNotificationAssessment { /** Whether all applicable mandated content items are satisfied. */ complete: boolean; /** Completeness of applicable content items, 0–100. */ completeness: number; /** GAID 2025 Article 33(5) / NDPA S. 40(2) content of the notification to the Commission. */ notificationToCommission: BreachNotificationItem[]; /** NDPA S. 40(3) communication to data subjects — populated only when high-risk. */ dataSubjectCommunication: BreachNotificationItem[]; /** Whether a data-subject communication is owed (high risk). */ dataSubjectCommunicationRequired: boolean; timing: BreachNotificationTiming; /** Labels of unsatisfied applicable items. */ missing: string[]; /** Actionable next steps, including timing warnings. */ recommendations: string[]; asOf: number; } export declare interface BreachNotificationItem { /** Stable identifier for the requirement. */ id: string; /** Human-readable requirement. */ label: string; /** Authoritative citation, e.g. `GAID 2025 Art. 33(5)(a)`. */ section: string; /** Whether the report satisfies it. */ satisfied: boolean; } /** * Breach notification management component. Implements NDPA Section 40 requirements for * managing breach notifications, tracking 72-hour NDPC reporting deadlines, and coordinating * data subject notifications. */ export declare const BreachNotificationManager: React__default.FC; export declare interface BreachNotificationManagerClassNames { root?: string; header?: string; title?: string; breachList?: string; breachItem?: string; statusBadge?: string; timeline?: string; timelineStep?: string; detailPanel?: string; } export declare interface BreachNotificationManagerProps { /** * List of breach reports to manage */ breachReports: BreachReport[]; /** * List of risk assessments */ riskAssessments: RiskAssessment[]; /** * List of regulatory notifications */ regulatoryNotifications: RegulatoryNotification[]; /** * Callback function called when a breach is selected */ onSelectBreach?: (breachId: string) => void; /** * Callback function called when a risk assessment is requested */ onRequestAssessment?: (breachId: string) => void; /** * Callback function called when a notification is requested */ onRequestNotification?: (breachId: string) => void; /** * Title displayed on the manager * @default "Breach Notification Manager" */ title?: string; /** * Description text displayed on the manager * @default "Manage data breach notifications and track compliance with NDPA Section 40 requirements." */ description?: string; /** * Custom CSS class for the manager */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Override class names for individual elements */ classNames?: BreachNotificationManagerClassNames; /** * Remove all default styles, only applying classNames overrides */ unstyled?: boolean; /** * Whether to show the breach details * @default true */ showBreachDetails?: boolean; /** * Whether to show the notification timeline * @default true */ showNotificationTimeline?: boolean; /** * Whether to show the deadline alerts * @default true */ showDeadlineAlerts?: boolean; } /** * Personal-data-breach notification completeness checker for NDPA 2023 * Section 40, as detailed by NDPC General Application and Implementation * Directive (GAID) 2025 Article 33. * * Section 40(2) requires a data controller to notify the Commission within 72 * hours of becoming aware of a breach likely to result in a risk to data * subjects' rights and freedoms. GAID 2025 Article 33(5)(a)–(h) enumerates the * content that a notification to the Commission "shall include". Where the * breach is likely to result in a *high* risk, Section 40(3) additionally * requires the controller to communicate the breach to affected data subjects * in plain and clear language. * * This assesses a `BreachReport` against those requirements: which mandated * content items are present, whether the 72-hour window is met, and whether a * data-subject communication is owed. It is a documentation-completeness aid, * not legal advice — verify against current NDPC guidance. * * @see NDPA 2023 Section 40 (Personal data breaches) * @see NDPC GAID 2025 Article 33 (Data Breach Notification) */ export declare interface BreachNotificationOptions { /** Risk assessment for the breach; drives whether data-subject communication is required. */ assessment?: RiskAssessment; /** The regulatory notification actually sent, if any — used to judge timeliness. */ notification?: RegulatoryNotification; /** Reference "now" in epoch ms. Defaults to `Date.now()`. */ asOf?: number; /** Notification window in hours. Defaults to 72 (NDPA S. 40(2)). */ deadlineHours?: number; /** * Explicit high-risk flag (NDPA S. 40(3)). When omitted, derived from * `assessment.highRisksToRightsAndFreedoms`. */ highRisk?: boolean; } export declare interface BreachNotificationTiming { /** `discoveredAt` + the notification window. */ deadline: number; /** Whole hours between discovery and `asOf`. */ hoursSinceDiscovery: number; /** Whether a regulatory notification has been recorded. */ notified: boolean; /** When the regulatory notification was sent, if any. */ notifiedAt?: number; /** Whether the notification (or, if none, `asOf`) falls within the deadline. */ withinDeadline: boolean; /** Whole hours from `asOf` to the deadline (negative once past). */ hoursRemaining: number; /** Whether the deadline has been missed. */ overdue: boolean; /** Late filings must state the reasons for the delay (NDPA S. 40(2)). */ requiresDelayJustification: boolean; } /** * Represents a data breach report */ export declare interface BreachReport { /** Unique identifier for the breach report */ id: string; /** Title/summary of the breach */ title: string; /** Detailed description of the breach */ description: string; /** Category of the breach */ category: string; /** Timestamp when the breach was discovered */ discoveredAt: number; /** Timestamp when the breach occurred (if known) */ occurredAt?: number; /** Timestamp when the breach was reported internally */ reportedAt: number; /** Person who reported the breach */ reporter: { name: string; email: string; department: string; phone?: string; }; /** Systems or data affected by the breach */ affectedSystems: string[]; /** Types of data involved in the breach */ dataTypes: string[]; /** Whether sensitive personal data is involved (NDPA Section 30) */ involvesSensitiveData?: boolean; /** Estimated number of data subjects affected */ estimatedAffectedSubjects?: number; /** * Approximate number of personal data RECORDS concerned (distinct from subject count). * Required content under NDPA Section 40(1)(a) and Section 40(2). */ approximateRecordCount?: number; /** * Categories of data subjects affected (e.g. customers, employees, minors, patients). * Required content under NDPA Section 40(1)(a) and Section 40(2). */ dataSubjectCategories?: string[]; /** * Likely consequences of the breach for affected data subjects (e.g. identity theft, * financial loss, reputational damage). Reported to the NDPC and, where applicable, * communicated to data subjects under Section 40(3). */ likelyConsequences?: string; /** * Measures taken or proposed to mitigate adverse effects of the breach. * Required content for Section 40(3) communications to data subjects. */ mitigationMeasures?: string; /** * Whether this is a phased / interim report submitted before full investigation * is complete. The NDPC permits phased reporting where complete information is * not available within 72 hours. */ isPhasedReport?: boolean; /** * ID of the prior phased report this report supplements, if any. */ supplementsReportId?: string; /** * Data Protection Officer contact details. The DPO is the named contact point * for the NDPC per NDPA Section 32(3)(c). Required content in the regulatory * report (Section 40(2)). */ dpoContact?: { name: string; email: string; phone?: string; }; /** Whether the breach is ongoing or contained */ status: 'ongoing' | 'contained' | 'resolved'; /** Initial actions taken to address the breach */ initialActions?: string; /** Attachments related to the breach */ attachments?: Array<{ id: string; name: string; type: string; url: string; addedAt: number; }>; } /** * Breach report form component. Implements NDPA Section 40 breach notification requirements, * enabling organizations to document and report data breaches within the mandated 72-hour window. */ export declare const BreachReportForm: React__default.FC; export declare interface BreachReportFormClassNames { root?: string; title?: string; form?: string; fieldGroup?: string; label?: string; input?: string; select?: string; textarea?: string; submitButton?: string; /** Alias for submitButton */ primaryButton?: string; notice?: string; /** Custom class applied when isSubmitting is true (e.g. a loading overlay) */ loadingOverlay?: string; /** Live NDPC-notification completeness panel */ completeness?: string; } export declare interface BreachReportFormProps { /** * Available breach categories */ categories: BreachCategory[]; /** * Callback function called when form is submitted */ onSubmit: (data: BreachFormSubmission) => void; /** * Callback function called when form validation fails */ onValidationError?: (errors: Record) => void; /** * Title displayed on the form * @default "Report a Data Breach" */ title?: string; /** * Description text displayed on the form. * * @default "Use this form to report a suspected or confirmed data breach in accordance with NDPA Section 40. All fields marked with * are required." */ description?: string; /** * Text for the submit button * @default "Submit Report" */ submitButtonText?: string; /** * Custom CSS class for the form */ className?: string; /** * Custom CSS class for the submit button */ buttonClassName?: string; /** * Override class names for individual elements */ classNames?: BreachReportFormClassNames; /** * Remove all default styles, only applying classNames overrides */ unstyled?: boolean; /** * Whether the form is currently submitting. * When true, the submit button is disabled and shows "Submitting..." text. */ isSubmitting?: boolean; /** * Whether to show a confirmation message after submission * @default true */ showConfirmation?: boolean; /** * Confirmation message to display after submission * @default "Your breach report has been submitted successfully. The data protection team has been notified." */ confirmationMessage?: string; /** * Whether to allow file attachments * @default true */ allowAttachments?: boolean; /** * Maximum number of attachments allowed * @default 5 */ maxAttachments?: number; /** * Maximum file size for attachments (in bytes) * @default 5242880 (5MB) */ maxFileSize?: number; /** * Allowed file types for attachments * @default ['.pdf', '.jpg', '.jpeg', '.png', '.doc', '.docx', '.xls', '.xlsx', '.txt'] */ allowedFileTypes?: string[]; /** * Default values to pre-fill form fields. * Useful for editing existing breach reports or pre-populating known data. */ defaultValues?: Partial; /** * Callback fired when the form is reset via the Reset button. * To fully remount the component (clearing all internal state), * change the `key` prop from the parent. */ onReset?: () => void; /** * Show a live NDPC-notification readiness panel that scores the form against * the NDPA S. 40 / GAID 2025 Article 33 mandated content and the 72-hour * deadline as the user fills it in. * @default true */ showCompleteness?: boolean; } /** * Breach risk assessment component. Implements NDPA Section 40 requirements for assessing * breach severity and determining whether NDPC notification is required within 72 hours. */ export declare const BreachRiskAssessment: React__default.FC; export declare interface BreachRiskAssessmentClassNames { root?: string; header?: string; title?: string; slider?: string; riskBadge?: string; riskScore?: string; notificationStatus?: string; submitButton?: string; /** Alias for submitButton */ primaryButton?: string; } export declare interface BreachRiskAssessmentProps { /** * The breach data to assess */ breachData: BreachReport; /** * Initial assessment data (if editing an existing assessment) */ initialAssessment?: Partial; /** * Callback function called when assessment is completed */ onComplete: (assessment: RiskAssessment) => void; /** * Title displayed on the assessment form * @default "Breach Risk Assessment" */ title?: string; /** * Description text displayed on the assessment form * @default "Assess the risk level of this data breach to determine notification requirements under NDPA Section 40." */ description?: string; /** * Text for the submit button * @default "Complete Assessment" */ submitButtonText?: string; /** * Custom CSS class for the form */ className?: string; /** * Custom CSS class for the submit button */ buttonClassName?: string; /** * Override class names for individual elements */ classNames?: BreachRiskAssessmentClassNames; /** * Remove all default styles, only applying classNames overrides */ unstyled?: boolean; /** * Whether to show the breach summary * @default true */ showBreachSummary?: boolean; /** * Whether to show notification requirements after assessment * @default true */ showNotificationRequirements?: boolean; } /** * Calculates the severity of a data breach based on various factors * @param report The breach report * @param assessment The risk assessment (if available) * @returns The calculated severity and notification requirements */ export declare function calculateBreachSeverity(report: BreachReport, assessment?: RiskAssessment): { severityLevel: 'low' | 'medium' | 'high' | 'critical'; notificationRequired: boolean; urgentNotificationRequired: boolean; timeframeHours: number; justification: string; }; /** * Compliance Audit Returns (CAR) scheduling under the NDPC General Application * and Implementation Directive (GAID) 2025. * * A Data Controller/Processor of Major Importance (DCPMI) must conduct an * initial compliance audit within 15 months of commencing data processing, and * thereafter file a Compliance Audit Return with the NDPC annually (default * deadline 31 March, filed through the NDPC Information Management Portal/NIMP). * * This computes the schedule (initial-audit due date, the next annual filing * deadline relative to a reference date) and a light status. NDPC deadlines * shift (the 2026 filing was extended to 30 May), so the annual deadline is * configurable and per-year overrides are supported. The audit *content* itself * is the organisation's compliance posture — pair this with `getComplianceScore`. * * @see NDPC General Application and Implementation Directive (GAID) 2025 */ export declare interface CARInput { /** ISO date (YYYY-MM-DD) the organisation commenced data processing. */ commencementDate: string; /** Reference date to evaluate against (YYYY-MM-DD). Defaults to today. */ asOf?: string; /** DCPMI tier; CAR applies to DCPMIs only. Omit to assume applicable. */ tier?: DCPMITier; } export declare interface CAROptions { /** Default annual filing deadline (month is 1-12). Defaults to 31 March. */ annualDeadline?: { month: number; day: number; }; /** Per-year overrides for the annual deadline, e.g. `{ 2026: '2026-05-30' }`. */ deadlineOverrides?: Record; /** Months after commencement the initial audit is due. Defaults to 15. */ initialAuditWithinMonths?: number; } /** * Classify an organisation's DCPMI status, registration tier, annual fee, and * Compliance Audit Returns obligations under NDPC GAID 2025. */ export declare function classifyDCPMI(input: DCPMIInput, options?: DCPMIClassificationOptions): DCPMIClassification; export declare interface ComplianceAuditReturn { /** Whether CAR applies (false for non-DCPMI organisations). */ applicable: boolean; schedule: { commencementDate: string; initialAuditWithinMonths: number; /** Commencement date + the initial-audit window. */ initialAuditDueDate: string; /** The next annual filing deadline on or after `asOf`. */ nextFilingDeadline: string; /** The year the next filing deadline falls in. */ filingYear: number; }; status: { /** Whether the initial-audit obligation has arisen (asOf ≥ due date). */ initialAuditDue: boolean; /** Whole days from `asOf` to the next filing deadline. */ daysUntilNextDeadline: number; }; notes: string[]; asOf: string; } /** A single gap found during NDPA compliance evaluation. */ declare interface ComplianceGap { /** Machine-readable requirement identifier. */ requirementId: string; /** Human-readable name of the requirement. */ requirement: string; /** Reference to the relevant NDPA section. */ ndpaSection: string; /** How severe the gap is. */ severity: 'critical' | 'important' | 'recommended'; /** Explanation of what is missing. */ message: string; /** Suggested fix type for the UI. */ fixType: 'add_section' | 'add_content' | 'fill_field'; /** Label for the fix action button. */ fixLabel: string; /** Pre-written content the user can insert to close the gap. */ suggestedContent?: string; } export declare interface ComplianceInput { consent: { hasConsentMechanism: boolean; hasPurposeSpecification: boolean; hasWithdrawalMechanism: boolean; hasMinorProtection: boolean; consentRecordsRetained: boolean; }; dsr: { hasRequestMechanism: boolean; supportsAccess: boolean; supportsRectification: boolean; supportsErasure: boolean; supportsPortability: boolean; supportsObjection: boolean; /** Expected max response time in days (>30 counts as a gap) */ responseTimelineDays: number; }; dpia: { conductedForHighRisk: boolean; documentedRisks: boolean; mitigationMeasures: boolean; }; breach: { hasNotificationProcess: boolean; notifiesWithin72Hours: boolean; hasRiskAssessment: boolean; hasRecordKeeping: boolean; }; policy: { hasPrivacyPolicy: boolean; isPubliclyAccessible: boolean; /** ISO date string (YYYY-MM-DD); >13 months old counts as a gap */ lastUpdated: string; coversAllSections: boolean; }; lawfulBasis: { documentedForAllProcessing: boolean; hasLegitimateInterestAssessment: boolean; }; crossBorder: { hasTransferMechanisms: boolean; adequacyAssessed: boolean; ndpcApprovalObtained: boolean; }; ropa: { maintained: boolean; includesAllProcessing: boolean; /** ISO date string (YYYY-MM-DD); >6 months since review counts as a gap */ lastReviewed: string; }; } /** * Compliance Score Engine * * Evaluates an organisation's NDPA compliance posture across eight modules and * returns a scored, rated report with per-module breakdowns and sorted * recommendations. * * Pure utility — zero React dependency. */ export declare type ComplianceRating = 'excellent' | 'good' | 'needs-work' | 'critical'; export declare interface ComplianceReport { /** Overall compliance score, 0–100 */ score: number; /** Rating bucket */ rating: ComplianceRating; /** Per-module breakdown keyed by module name */ modules: Record; /** Recommendations sorted by priority (critical first) */ recommendations: Recommendation[]; /** Top-level regulatory references */ regulatoryReferences: RegulatoryReference[]; /** ISO date of when the report was generated */ generatedAt: string; } /** Result of evaluating a policy against NDPA requirements. */ declare interface ComplianceResult { /** Points earned. */ score: number; /** Maximum achievable points (115). */ maxScore: number; /** Percentage score (0-100). */ percentage: number; /** Overall compliance rating. */ rating: 'compliant' | 'nearly_compliant' | 'not_compliant'; /** List of identified compliance gaps. */ gaps: ComplianceGap[]; /** List of requirement ids that passed. */ passed: string[]; } export declare interface ConsentAnalyticsEvent { action: 'shown' | 'accepted_all' | 'rejected_all' | 'customized' | 'dismissed'; timestamp: number; version: string; categories?: Record; } /** * Represents a single entry in the consent audit trail. * Each entry captures what happened, when, and the full consent state * at that point in time, satisfying NDPA recordkeeping requirements. */ export declare interface ConsentAuditEntry { /** The type of consent action that occurred */ action: 'consent_given' | 'consent_withdrawn' | 'consent_updated' | 'consent_expired'; /** Unix timestamp (ms) when the action occurred */ timestamp: number; /** Version of the consent form at the time of the action */ version: string; /** Full snapshot of consent category states */ categories: Record; /** How consent was collected (e.g. "banner", "customize", "api") */ method: string; /** Browser user-agent string for forensic traceability */ userAgent?: string; } /** * Consent banner component. Implements NDPA Sections 25-26 consent requirements * for obtaining and managing data subject consent. */ export declare const ConsentBanner: React__default.FC; export declare interface ConsentBannerClassNames { root?: string; container?: string; title?: string; description?: string; optionsList?: string; optionItem?: string; optionCheckbox?: string; optionLabel?: string; optionDescription?: string; buttonGroup?: string; acceptButton?: string; rejectButton?: string; customizeButton?: string; saveButton?: string; customizePanel?: string; selectAllButton?: string; /** The optional on-page cookie scan panel (shown in the customize view) */ cookieScanPanel?: string; /** Alias for acceptButton */ primaryButton?: string; /** Alias for rejectButton */ secondaryButton?: string; } export declare interface ConsentBannerProps { /** * Array of consent options to display */ options: ConsentOption[]; /** * Callback function called when user saves their consent choices */ onSave: (settings: ConsentSettings) => void; /** * Title displayed on the banner * @default "We Value Your Privacy" */ title?: string; /** * Description text displayed on the banner * @default "We use cookies and similar technologies to provide our services and enhance your experience. Your consent is collected in accordance with NDPA Sections 25-26." */ description?: string; /** * Text for the accept all button * @default "Accept All" */ acceptAllButtonText?: string; /** * Text for the reject all button * @default "Reject All" */ rejectAllButtonText?: string; /** * Text for the customize button * @default "Customize" */ customizeButtonText?: string; /** * Text for the save button * @default "Save Preferences" */ saveButtonText?: string; /** * Position of the banner. * 'top', 'bottom', and 'center' render via a portal to document.body * with fixed positioning so the banner overlays the page. * 'inline' renders in the normal DOM tree without a portal. * @default "bottom" */ position?: 'top' | 'bottom' | 'center' | 'inline'; /** * Visual treatment. * - 'bar' (default): full-width strip pinned to the edge. * - 'card' : bounded floating card with rounded corners and a margin * from the screen edges. Pairs well with `position="bottom"`. * - 'modal' : centered card with a backdrop overlay. Forces center * placement regardless of `position`. * @default "bar" */ variant?: 'bar' | 'card' | 'modal'; /** * z-index applied to the fixed-position banner. * Ignored when position is 'inline'. * @default 9999 */ zIndex?: number; /** * Version of the consent form * @default "1.0" */ version?: string; /** * Whether to show the banner * If not provided, the banner will be shown if no consent has been saved */ show?: boolean; /** * Storage key for consent settings * @default "ndpr_consent" */ storageKey?: string; /** * Whether the banner manages its own localStorage persistence. * Set to false when an external storage mechanism (e.g., ConsentStorage) * is responsible for persisting consent settings under the same key. * This avoids race conditions where two writers target the same storage key. * @default true */ manageStorage?: boolean; /** * Custom CSS class for the banner */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Custom CSS class for the primary button */ primaryButtonClassName?: string; /** * Custom CSS class for the secondary button */ secondaryButtonClassName?: string; /** * Object of CSS class overrides keyed by semantic section name. * Takes priority over buttonClassName / primaryButtonClassName / secondaryButtonClassName. */ classNames?: ConsentBannerClassNames; /** * When true, all default Tailwind classes are removed so consumers * can style from scratch using classNames. */ unstyled?: boolean; /** * Optional analytics callback fired on each user interaction. * Called when the banner is shown, accepted, rejected, customized, or dismissed. */ onAnalytics?: (event: ConsentAnalyticsEvent) => void; /** * Show a "cookies on this page" scan panel inside the customize view. It * audits the cookies actually present against `declaredCookies` and flags * undeclared ones — a transparency / self-audit aid (NDPA S.25-26 specific, * informed consent). Off by default. * @default false */ showCookieScan?: boolean; /** * The cookies you declare, matched against what's present when * `showCookieScan` is on. Without it, every present cookie is treated as * undeclared (though the built-in registry may still identify it). */ declaredCookies?: DeclaredCookie[]; /** * Options forwarded to the scan (e.g. `knownCookies`, `useKnownRegistry`, * or a `cookieString` to scan instead of `document.cookie`). */ cookieScanOptions?: CookieScanOptions; /** * Heading for the cookie scan panel. * @default "Cookies on this page" */ cookieScanTitle?: string; } /** * Consent management component. Implements NDPA Sections 25-26 consent requirements, * allowing data subjects to review and update their consent preferences. */ export declare const ConsentManager: React__default.FC; export declare interface ConsentManagerClassNames { root?: string; header?: string; title?: string; description?: string; optionsList?: string; optionItem?: string; toggle?: string; saveButton?: string; resetButton?: string; /** Alias for saveButton */ primaryButton?: string; /** Alias for resetButton */ secondaryButton?: string; } export declare interface ConsentManagerProps { /** * Array of consent options to display */ options: ConsentOption[]; /** * Current consent settings */ settings?: ConsentSettings; /** * Callback function called when user saves their consent choices */ onSave: (settings: ConsentSettings) => void; /** * Title displayed in the manager * @default "Manage Your Privacy Settings" */ title?: string; /** * Description text displayed in the manager * @default "Update your consent preferences at any time. Required cookies cannot be disabled as they are necessary for the website to function. Consent management is provided in accordance with NDPA Sections 25-26." */ description?: string; /** * Text for the save button * @default "Save Preferences" */ saveButtonText?: string; /** * Text for the reset button * @default "Reset to Defaults" */ resetButtonText?: string; /** * Version of the consent form * @default "1.0" */ version?: string; /** * Custom CSS class for the manager */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Custom CSS class for the primary button */ primaryButtonClassName?: string; /** * Custom CSS class for the secondary button */ secondaryButtonClassName?: string; /** * Object of CSS class overrides keyed by semantic section name. * Takes priority over buttonClassName / primaryButtonClassName / secondaryButtonClassName. */ classNames?: ConsentManagerClassNames; /** * When true, all default Tailwind classes are removed so consumers * can style from scratch using classNames. */ unstyled?: boolean; /** * Whether to show a success message after saving * @default true */ showSuccessMessage?: boolean; /** * Success message to display after saving * @default "Your preferences have been saved." */ successMessage?: string; /** * Duration to show the success message (in milliseconds) * @default 3000 */ successMessageDuration?: number; } /** * Consent types aligned with NDPA 2023 Section 25-26 * Consent must be freely given, specific, informed, and unambiguous */ /** * Represents a consent option that can be presented to users */ export declare interface ConsentOption { /** Unique identifier for the consent option */ id: string; /** Display label for the consent option */ label: string; /** Detailed description of what this consent option covers */ description: string; /** Whether this consent option is required (cannot be declined) */ required: boolean; /** * The specific purpose for which data will be processed * NDPA Section 25(2) requires consent to be specific to each purpose */ purpose: string; /** * Default state of the consent option * @default false */ defaultValue?: boolean; /** * Categories of personal data covered by this consent option */ dataCategories?: string[]; } /** * Represents the user's consent settings */ export declare interface ConsentSettings { /** Map of consent option IDs to boolean values indicating consent status */ consents: Record; /** Timestamp when consent was last updated */ timestamp: number; /** Version of the consent form that was accepted */ version: string; /** Method used to collect consent (e.g., "banner", "settings", "api") */ method: string; /** Whether the user has actively made a choice (as opposed to default settings) */ hasInteracted: boolean; /** * The lawful basis under which processing is conducted * Required by NDPA Section 25(1) */ lawfulBasis?: LawfulBasisType; } export declare const ConsentStorage: ({ settings, storageOptions, onLoad, onSave, autoSave, autoLoad, classNames, unstyled, children }: ConsentStorageProps) => React__default.ReactElement | null; export declare interface ConsentStorageClassNames { root?: string; } /** * Represents the storage mechanism for consent settings */ export declare interface ConsentStorageOptions { /** * Storage key for consent settings * @default "ndpr_consent" */ storageKey?: string; /** * Storage type to use * @default "localStorage" */ storageType?: 'localStorage' | 'sessionStorage' | 'cookie'; /** * Cookie options (only used when storageType is "cookie") */ cookieOptions?: { /** Domain for the cookie */ domain?: string; /** * Path for the cookie * @default "/" */ path?: string; /** * Expiration days for the cookie * @default 365 */ expires?: number; /** * Whether the cookie should be secure * @default true */ secure?: boolean; /** * SameSite attribute for the cookie * @default "Lax" */ sameSite?: 'Strict' | 'Lax' | 'None'; }; } export declare interface ConsentStorageProps { /** * Current consent settings */ settings: ConsentSettings; /** * Storage options for consent settings */ storageOptions?: ConsentStorageOptions; /** * Callback function called when settings are loaded from storage */ onLoad?: (settings: ConsentSettings | null) => void; /** * Callback function called when settings are saved to storage */ onSave?: (settings: ConsentSettings) => void; /** * Whether to automatically save settings to storage * @default true */ autoSave?: boolean; /** * Whether to automatically load settings from storage on mount * @default true */ autoLoad?: boolean; /** * Object of CSS class overrides keyed by semantic section name. */ classNames?: ConsentStorageClassNames; /** * When true, all default classes are removed so consumers * can style from scratch using classNames. */ unstyled?: boolean; /** * Children to render * Can be either React nodes or a render prop function that receives storage methods */ children?: React__default.ReactNode | ((props: { loadSettings: () => ConsentSettings | null; saveSettings: (settings: ConsentSettings) => void; clearSettings: () => void; loaded: boolean; }) => React__default.ReactNode); } export declare interface CookieAdapterOptions { domain?: string; path?: string; expires?: number; secure?: boolean; sameSite?: 'Strict' | 'Lax' | 'None'; } /** How a present cookie was classified. */ export declare type CookieMatchSource = 'declared' | 'known' | 'none'; export declare interface CookieScanOptions { /** * The cookie string to scan, in `document.cookie` form (`a=1; b=2`). * Defaults to `document.cookie` in the browser, or `''` on the server. */ cookieString?: string; /** Reference timestamp (epoch ms) recorded on the result. Defaults to `Date.now()`. */ asOf?: number; /** Extra known cookies, checked before the built-in registry (so they can override it). */ knownCookies?: DeclaredCookie[]; /** Whether to fall back to the built-in known-cookie registry for undeclared cookies. @default true */ useKnownRegistry?: boolean; } export declare interface CookieScanResult { /** When the scan ran (epoch ms). */ scannedAt: number; /** Number of cookies present. */ total: number; /** Every present cookie, classified. */ cookies: ScannedCookie[]; /** Cookies that matched one of your declared cookies. */ declared: ScannedCookie[]; /** Cookies present but NOT in your declaration — the compliance gap. */ undeclared: ScannedCookie[]; /** Undeclared cookies the built-in registry could still identify. */ identified: ScannedCookie[]; /** Undeclared cookies that could not be identified at all. */ unknown: ScannedCookie[]; /** Present cookies grouped by resolved category; unclassified cookies go under `uncategorized`. */ byCategory: Record; /** True when there are no undeclared cookies. */ complete: boolean; } /** * Creates a new audit entry from consent settings. If `previousSettings` is * provided, the action is automatically determined by comparing old and new * states. Otherwise `action` defaults to `'consent_given'`. */ export declare function createAuditEntry(settings: ConsentSettings, previousSettings?: ConsentSettings | null, actionOverride?: ConsentAuditEntry['action']): ConsentAuditEntry; /** * Creates a complete business privacy policy template with default * NDPA-compliant sections and variables. * * @returns An object containing the default sections and variables. */ export declare function createBusinessPolicyTemplate(): { sections: PolicySection[]; variables: PolicyVariable[]; }; /** * Summary of cross-border transfer compliance */ export declare interface CrossBorderSummary { /** Total number of active transfers */ totalActiveTransfers: number; /** Breakdown by transfer mechanism */ byMechanism: Record; /** Breakdown by adequacy status */ byAdequacy: Record; /** Transfers pending NDPC approval */ pendingApproval: CrossBorderTransfer[]; /** Transfers due for review */ dueForReview: CrossBorderTransfer[]; /** Transfers missing TIA */ missingTIA: CrossBorderTransfer[]; /** High-risk transfers */ highRiskTransfers: CrossBorderTransfer[]; /** Last updated timestamp */ lastUpdated: number; } /** * Represents a cross-border data transfer record */ export declare interface CrossBorderTransfer { /** Unique identifier */ id: string; /** Destination country or territory */ destinationCountry: string; /** ISO country code */ destinationCountryCode?: string; /** Adequacy status of the destination */ adequacyStatus: AdequacyStatus; /** The transfer mechanism being relied upon */ transferMechanism: TransferMechanism; /** Categories of personal data being transferred */ dataCategories: string[]; /** Whether sensitive personal data is included */ includesSensitiveData: boolean; /** Estimated number of data subjects whose data is transferred */ estimatedDataSubjects?: number; /** Name of the recipient organization */ recipientOrganization: string; /** Contact details of the recipient */ recipientContact: { name: string; email: string; phone?: string; address?: string; }; /** Purpose of the data transfer */ purpose: string; /** Safeguards in place to protect the data */ safeguards: string[]; /** Risk assessment summary */ riskAssessment: string; /** Risk level of the transfer */ riskLevel: 'low' | 'medium' | 'high'; /** NDPC approval details (required for some transfer mechanisms) */ ndpcApproval?: { required: boolean; applied: boolean; approved?: boolean; referenceNumber?: string; appliedAt?: number; approvedAt?: number; }; /** Whether a Transfer Impact Assessment has been conducted */ tiaCompleted: boolean; /** Reference to the TIA document */ tiaReference?: string; /** Frequency of the transfer */ frequency: 'one_time' | 'periodic' | 'continuous'; /** Start date of the transfer */ startDate: number; /** End date of the transfer (if applicable) */ endDate?: number; /** Status of the transfer */ status: 'active' | 'suspended' | 'terminated' | 'pending_approval'; /** Timestamp when the record was created */ createdAt: number; /** Timestamp when the record was last updated */ updatedAt: number; /** Next review date */ reviewDate?: number; } /** * Cross-border data transfer management component. Implements NDPA Sections 41-43 requirements * for managing international data transfers, including adequacy decisions, standard contractual * clauses, and NDPC authorization. */ export declare const CrossBorderTransferManager: React__default.FC; export declare interface CrossBorderTransferManagerClassNames { root?: string; header?: string; title?: string; summary?: string; summaryCard?: string; transferList?: string; transferItem?: string; form?: string; input?: string; select?: string; submitButton?: string; /** Alias for submitButton */ primaryButton?: string; riskBadge?: string; statusBadge?: string; detailPanel?: string; approvalStatus?: string; } export declare interface CrossBorderTransferManagerProps { /** * List of cross-border transfers to display */ transfers: CrossBorderTransfer[]; /** * Callback when a new transfer is added. */ onAdd?: (transfer: Omit) => void; /** * Callback when a transfer is updated. */ onUpdate?: (id: string, updates: Partial) => void; /** * Callback when a transfer is archived. NDPA preference is soft-delete * over hard-delete; consumers should treat this as an archive signal. */ onArchive?: (id: string) => void; /** * Compliance summary data */ summary?: CrossBorderSummary; /** * Title displayed on the manager * @default "Cross-Border Data Transfer Manager" */ title?: string; /** * Description text displayed on the manager * @default "Manage and document cross-border personal data transfers in compliance with NDPA 2023 Part VIII (Sections 41-43)." */ description?: string; /** * Custom CSS class for the manager container */ className?: string; /** * Custom CSS class for buttons */ buttonClassName?: string; /** * Whether to show the compliance summary section * @default true */ showSummary?: boolean; /** * Whether to show the TIA section in the form * @default true */ showTIA?: boolean; /** * Override class names for individual sections of the component. * Takes priority over className / buttonClassName. */ classNames?: CrossBorderTransferManagerClassNames; /** * When true, all default styling is removed so consumers * can style from scratch using classNames. */ unstyled?: boolean; } /** A user-defined section added to the policy outside the generated ones. */ declare interface CustomSection { id: string; title: string; content: string; order: number; required: false; } /** A logical category of personal data the organisation may collect. */ declare interface DataCategory { /** Machine-readable identifier. */ id: string; /** Human-readable label shown in the wizard. */ label: string; /** Grouping for display and compliance checks. */ group: 'identity' | 'financial' | 'behavioral' | 'sensitive' | 'children'; /** Specific data points within this category. */ dataPoints: string[]; /** Whether this category is currently selected by the user. */ selected: boolean; } export declare interface DCPMIClassification { /** Registration tier (or `'none'` when not a DCPMI). */ tier: DCPMITier; /** Whether the organisation is a Data Controller/Processor of Major Importance. */ isDCPMI: boolean; /** Annual registration fee in Nigerian Naira (0 when not a volume-tiered DCPMI). */ annualFeeNGN: number; registration: { /** Whether NDPC registration is required. */ required: boolean; /** OHL renews registration annually; UHL/EHL register once and file CAR annually. */ renewsAnnually: boolean; }; compliance: { /** Whether the organisation must file annual Compliance Audit Returns (CAR). */ auditReturnsAnnual: boolean; /** Initial compliance audit is due within this many months of commencing processing. */ initialAuditWithinMonths: number; }; /** Human-readable caveats and next steps. */ notes: string[]; /** The count actually used for classification, after defensive normalisation. */ dataSubjectsConsidered: number; } export declare interface DCPMIClassificationOptions { thresholds?: Partial; fees?: Partial; } export declare interface DCPMIFees { UHL: number; EHL: number; OHL: number; } export declare interface DCPMIInput { /** Distinct data subjects whose data was processed in the relevant six-month window. */ dataSubjectsInSixMonths?: number; /** True if the Commission has separately designated/listed the organisation as a DCPMI. */ isDesignated?: boolean; } export declare interface DCPMIThresholds { /** Lower bound (inclusive) for OHL. */ ohl: number; /** Lower bound (inclusive) for EHL. */ ehl: number; /** A count strictly greater than this is UHL. */ uhl: number; } /** * Data Controller/Processor of Major Importance (DCPMI) classification under the * NDPC General Application and Implementation Directive (GAID) 2025. * * Volume-based tiers — data subjects processed within a six-month window: * - UHL (Ultra High Level): more than 5,000 → ₦250,000 / year * - EHL (Extra High Level): 1,000 – 5,000 → ₦100,000 / year * - OHL (Ordinary High Level): 200 – 999 → ₦10,000 / year * - below 200: not a DCPMI by volume * * Boundaries: the 1,000 mark resolves to EHL (so OHL is 200–999); UHL is * strictly greater than 5,000 (so 5,000 itself is EHL). The NDPC has revised * classification metrics before and shifts filing deadlines, so thresholds and * fees are configurable — treat the defaults as the September 2025 GAID * baseline, not a constant. * * `isDesignated` marks an organisation the Commission has otherwise listed as a * DCPMI; it is then a DCPMI regardless of volume. Below the volume tiers such an * organisation is reported as `'listed'` with the fee left at 0 and a note to * confirm the applicable tier/fee with the NDPC. * * @see NDPC General Application and Implementation Directive (GAID) 2025 * @see NDPC Guidance Notice on the Registration of Data Controllers and Processors of Major Importance */ export declare type DCPMITier = 'UHL' | 'EHL' | 'OHL' | 'listed' | 'none'; /** * Cookie scanner — audits the cookies actually present in the browser against * the cookies you have declared, surfacing undeclared cookies that put you out * of step with your cookie notice (NDPA 2023 S.25-26 / NDPC GAID 2025 on * specific, informed consent). * * Pure and DOM-optional: pass `cookieString` to scan an arbitrary value (a * `Cookie:` header on the server, a test fixture), or call it in the browser * and it reads `document.cookie`. Safe to import from a server bundle. */ /** A cookie you declare against a consent category. */ export declare interface DeclaredCookie { /** Exact cookie name, a prefix (with `prefix: true`), or a RegExp matched against the name. */ name: string | RegExp; /** Consent category this cookie belongs to (e.g. 'necessary', 'analytics', 'marketing'). */ category: string; /** Who sets the cookie (e.g. 'Google Analytics'). */ provider?: string; /** What the cookie is used for — surfaced in your cookie policy. */ purpose?: string; /** Treat a string `name` as a prefix match instead of an exact match. Ignored for RegExp names. */ prefix?: boolean; } /** September 2025 GAID baseline annual fees (NGN). */ export declare const DEFAULT_DCPMI_FEES_NGN: DCPMIFees; /** September 2025 GAID baseline — override via {@link DCPMIClassificationOptions} as the rules evolve. */ export declare const DEFAULT_DCPMI_THRESHOLDS: DCPMIThresholds; /** * Default NDPA-compliant privacy policy sections. * Each section uses {{variable}} placeholders that are resolved at generation time. */ export declare const DEFAULT_POLICY_SECTIONS: PolicySection[]; /** * Default policy variables for NDPA-compliant privacy policies. * These map to the {{variable}} placeholders used in DEFAULT_POLICY_SECTIONS. */ export declare const DEFAULT_POLICY_VARIABLES: PolicyVariable[]; /** Options for DOCX export of the finalised policy. */ declare interface DOCXExportOptions { includeTOC?: boolean; filename?: string; } /** A map of question IDs to their answer values */ export declare type DPIAAnswerMap = Record; /** Possible value types for a DPIA answer */ export declare type DPIAAnswerValue = string | number | boolean | string[]; /** * Data Protection Impact Assessment types aligned with NDPA 2023 Section 28 * A DPIA is required when processing is likely to result in high risk to data subjects */ /** * Represents a question in the DPIA questionnaire */ export declare interface DPIAQuestion { /** Unique identifier for the question */ id: string; /** The text of the question */ text: string; /** Additional guidance for answering the question */ guidance?: string; /** Type of input required for the answer */ type: 'text' | 'textarea' | 'select' | 'radio' | 'checkbox' | 'scale'; /** Options for select, radio, or checkbox questions */ options?: Array<{ value: string; label: string; riskLevel?: 'low' | 'medium' | 'high'; }>; /** For scale questions, the minimum value */ minValue?: number; /** For scale questions, the maximum value */ maxValue?: number; /** For scale questions, labels for the scale points */ scaleLabels?: Record; /** Whether the question is required */ required: boolean; /** Risk level associated with this question */ riskLevel?: 'low' | 'medium' | 'high'; /** Whether this question triggers additional questions based on the answer */ hasDependentQuestions?: boolean; /** Conditions that determine when this question should be shown */ showWhen?: Array<{ questionId: string; operator: 'equals' | 'contains' | 'greaterThan' | 'lessThan'; value: string | number | boolean; }>; } /** * DPIA questionnaire component. Implements NDPA Section 28 requirements * for conducting Data Privacy Impact Assessments on high-risk processing activities. */ export declare const DPIAQuestionnaire: React__default.FC; export declare interface DPIAQuestionnaireClassNames { /** Outermost wrapper */ root?: string; /** Header area containing progress indicator */ header?: string; /** Section title */ title?: string; /** Section container */ section?: string; /** Section title heading */ sectionTitle?: string; /** Individual question wrapper */ question?: string; /** Question label text */ questionText?: string; /** Guidance / help text below a question */ guidance?: string; /** Text / textarea / select inputs */ input?: string; /** Radio option group container */ radioGroup?: string; /** Individual radio option row */ radioOption?: string; /** Navigation button container */ navigation?: string; /** Next / submit button */ nextButton?: string; /** Previous button */ prevButton?: string; /** Alias for nextButton */ primaryButton?: string; /** Alias for prevButton */ secondaryButton?: string; /** Progress bar wrapper */ progressBar?: string; } export declare interface DPIAQuestionnaireProps { /** * Sections of the DPIA questionnaire */ sections: DPIASection[]; /** * Current answers to the questionnaire */ answers: Record; /** * Callback function called when an answer is updated */ onAnswerChange: (questionId: string, value: string | number | boolean | string[]) => void; /** * Current section index */ currentSectionIndex: number; /** * Callback function called when user navigates to the next section */ onNextSection?: () => void; /** * Callback function called when user navigates to the previous section */ onPrevSection?: () => void; /** * Validation errors for the current section */ validationErrors?: Record; /** * Whether the questionnaire is in read-only mode * @default false */ readOnly?: boolean; /** * Custom CSS class for the questionnaire */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Text for the next button * @default "Next" */ nextButtonText?: string; /** * Text for the previous button * @default "Previous" */ prevButtonText?: string; /** * Text for the submit button (shown on the last section) * @default "Submit" */ submitButtonText?: string; /** * Whether to show a progress indicator * @default true */ showProgress?: boolean; /** * Current progress percentage (0-100) */ progress?: number; /** * Per-section class name overrides */ classNames?: DPIAQuestionnaireClassNames; /** * When true, all default classes are stripped. * Only explicit overrides from `classNames` are applied. * @default false */ unstyled?: boolean; } /** * DPIA report component. Implements NDPA Section 28 requirements for documenting * and presenting Data Protection Impact Assessment findings, risks, and recommendations. */ export declare const DPIAReport: React__default.FC; export declare interface DPIAReportClassNames { /** Outermost wrapper */ root?: string; /** Report header area */ header?: string; /** Main report title */ title?: string; /** Executive summary section */ summary?: string; /** Risk level badge */ riskBadge?: string; /** Risks table element */ riskTable?: string; /** Individual risk row */ riskRow?: string; /** Recommendation list item */ recommendation?: string; /** Conclusion text */ conclusion?: string; /** Print button */ printButton?: string; /** Alias for printButton */ primaryButton?: string; } export declare interface DPIAReportProps { /** * The DPIA result to display */ result: DPIAResult; /** * The sections of the DPIA questionnaire */ sections: DPIASection[]; /** * Whether to show the full report or just a summary * @default true */ showFullReport?: boolean; /** * Whether to allow printing the report * @default true */ allowPrint?: boolean; /** * Whether to allow exporting the report as PDF * @default true */ allowExport?: boolean; /** * Callback function called when the report is exported */ onExport?: (format: 'pdf' | 'docx' | 'html') => void; /** * Custom CSS class for the report container */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Per-section class name overrides */ classNames?: DPIAReportClassNames; /** * When true, all default classes are stripped. * Only explicit overrides from `classNames` are applied. * @default false */ unstyled?: boolean; } /** * Represents the result of a completed DPIA */ export declare interface DPIAResult { /** Unique identifier for the DPIA */ id: string; /** Title of the DPIA */ title: string; /** Description of the processing activity being assessed */ processingDescription: string; /** Timestamp when the DPIA was started */ startedAt: number; /** Timestamp when the DPIA was completed */ completedAt?: number; /** Person responsible for conducting the DPIA */ assessor: { name: string; role: string; email: string; }; /** Answers to all questions in the DPIA */ answers: Record; /** Risks identified in the DPIA */ risks: DPIARisk[]; /** Overall risk level of the processing activity */ overallRiskLevel: 'low' | 'medium' | 'high' | 'critical'; /** Whether the DPIA concluded that the processing can proceed */ canProceed: boolean; /** Reasons why the processing can or cannot proceed */ conclusion: string; /** Recommendations for the processing activity */ recommendations?: string[]; /** Next review date for the DPIA */ reviewDate?: number; /** Version of the DPIA questionnaire used */ version: string; /** * Whether prior consultation with NDPC is required * Per NDPA Section 28(2), consultation is required when DPIA indicates high residual risk */ ndpcConsultationRequired?: boolean; /** Date when NDPC consultation was initiated */ ndpcConsultationDate?: number; /** Reference number from NDPC consultation */ ndpcConsultationReference?: string; /** * The lawful basis for the processing activity being assessed */ lawfulBasis?: string; /** * Whether this DPIA involves cross-border data transfers */ involvesCrossBorderTransfer?: boolean; } /** * Represents a risk identified in the DPIA */ export declare interface DPIARisk { /** Unique identifier for the risk */ id: string; /** Description of the risk */ description: string; /** Likelihood of the risk occurring (1-5) */ likelihood: number; /** Impact if the risk occurs (1-5) */ impact: number; /** Overall risk score (likelihood * impact) */ score: number; /** Risk level based on the score */ level: 'low' | 'medium' | 'high' | 'critical'; /** Measures to mitigate the risk */ mitigationMeasures?: string[]; /** Whether the risk has been mitigated */ mitigated: boolean; /** Residual risk score after mitigation */ residualScore?: number; /** Questions that identified this risk */ relatedQuestionIds: string[]; } /** * Represents a section in the DPIA questionnaire */ export declare interface DPIASection { /** Unique identifier for the section */ id: string; /** Title of the section */ title: string; /** Description of the section */ description?: string; /** Questions in this section */ questions: DPIAQuestion[]; /** Order of the section in the questionnaire */ order: number; } /** * Data Subject Request dashboard component. Supports compliance with NDPA Part IV, * providing tools to track, manage, and respond to data subject requests within required timeframes. */ export declare const DSRDashboard: React__default.FC; export declare interface DSRDashboardClassNames { root?: string; header?: string; title?: string; filters?: string; requestList?: string; requestItem?: string; statusBadge?: string; detailPanel?: string; } export declare interface DSRDashboardProps { /** * List of DSR requests to display */ requests: DSRRequest[]; /** * Callback function called when a request is selected */ onSelectRequest?: (requestId: string) => void; /** * Callback function called when a request status is updated */ onUpdateStatus?: (requestId: string, status: DSRStatus) => void; /** * Callback function called when a request is assigned */ onAssignRequest?: (requestId: string, assignee: string) => void; /** * Title displayed on the dashboard * @default "Data Subject Request Dashboard" */ title?: string; /** * Description text displayed on the dashboard * @default "Track and manage data subject requests in compliance with NDPA Part IV requirements." */ description?: string; /** * Custom CSS class for the dashboard */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Whether to show the request details * @default true */ showRequestDetails?: boolean; /** * Whether to show the request timeline * @default true */ showRequestTimeline?: boolean; /** * Whether to show the deadline alerts * @default true */ showDeadlineAlerts?: boolean; /** * List of possible assignees */ assignees?: string[]; /** * Object of CSS class overrides keyed by semantic section name. */ classNames?: DSRDashboardClassNames; /** * When true, all default Tailwind classes are removed so consumers * can style from scratch using classNames. */ unstyled?: boolean; } /** * Represents the data submitted by the DSR request form. */ export declare interface DSRFormSubmission { /** The selected request type identifier */ requestType: string; /** Data subject personal information */ dataSubject: { fullName: string; email: string; phone?: string; identifierType: string; identifierValue: string; }; /** Additional information provided for the selected request type */ additionalInfo?: Record; /** Timestamp (ms) when the form was submitted */ submittedAt: number; } /** * Represents a data subject request */ export declare interface DSRRequest { /** Unique identifier for the request */ id: string; /** Type of request */ type: DSRType; /** Current status of the request */ status: DSRStatus; /** Timestamp when the request was submitted */ createdAt: number; /** Timestamp when the request was last updated */ updatedAt: number; /** Timestamp when the request was completed (if applicable) */ completedAt?: number; /** Timestamp when the identity was verified (if applicable) */ verifiedAt?: number; /** * Due date for responding to the request (timestamp) * NDPA requires response within 30 days of receipt */ dueDate?: number; /** Description or details of the request */ description?: string; /** * The lawful basis under which the data was originally processed * Relevant for evaluating objection and erasure requests */ lawfulBasis?: string; /** Data subject information */ subject: { name: string; email: string; phone?: string; identifierValue?: string; identifierType?: string; }; /** Additional information provided by the data subject */ additionalInfo?: Record; /** Notes added by staff processing the request */ internalNotes?: Array<{ timestamp: number; author: string; note: string; }>; /** Verification status */ verification?: { verified: boolean; method?: string; verifiedAt?: number; verifiedBy?: string; }; /** Reason for rejection (if status is 'rejected') */ rejectionReason?: string; /** Files attached to the request */ attachments?: Array<{ id: string; name: string; type: string; url: string; addedAt: number; }>; /** * Whether an extension was requested for this DSR * NDPA allows a one-time extension of 30 days with justification */ extensionRequested?: boolean; /** Reason for the extension, if requested */ extensionReason?: string; } /** * Data Subject Request form component. Implements NDPA Part VI (Sections 34-38) * covering data subject rights including access, rectification, erasure, and portability. */ export declare const DSRRequestForm: React__default.FC; export declare interface DSRRequestFormClassNames { root?: string; title?: string; description?: string; form?: string; fieldGroup?: string; label?: string; input?: string; select?: string; textarea?: string; submitButton?: string; /** Alias for submitButton */ primaryButton?: string; successMessage?: string; /** Custom class applied when isSubmitting is true (e.g. a loading overlay) */ loadingOverlay?: string; } export declare interface DSRRequestFormProps { /** * Array of request types that can be submitted */ requestTypes: RequestType[]; /** * Callback function called when form is submitted */ onSubmit: (data: DSRFormSubmission) => void; /** * Callback function called when form validation fails */ onValidationError?: (errors: Record) => void; /** * Title displayed on the form * @default "Submit a Data Subject Request" */ title?: string; /** * Description text displayed on the form * @default "Use this form to exercise your rights under the Nigeria Data Protection Act (NDPA), Part VI, Sections 34-38." */ description?: string; /** * Text for the submit button * @default "Submit Request" */ submitButtonText?: string; /** * Custom CSS class for the form */ className?: string; /** * Custom CSS class for the submit button */ buttonClassName?: string; /** * Whether to show a confirmation message after submission * @default true */ showConfirmation?: boolean; /** * Confirmation message to display after submission * @default "Your request has been submitted successfully. You will receive a confirmation email shortly." */ confirmationMessage?: string; /** * Whether to require identity verification * @default true */ requireIdentityVerification?: boolean; /** * Types of identifiers accepted for verification * @default ["email", "account", "customer_id"] */ identifierTypes?: Array<{ id: string; label: string; }>; /** * Whether to collect additional contact information * @default true */ collectAdditionalContact?: boolean; /** * Custom labels for form fields */ labels?: { name?: string; email?: string; requestType?: string; description?: string; submit?: string; }; /** * Object of CSS class overrides keyed by semantic section name. */ classNames?: DSRRequestFormClassNames; /** * When true, all default Tailwind classes are removed so consumers * can style from scratch using classNames. */ unstyled?: boolean; /** * Whether the form is currently submitting. * When true, the submit button is disabled and shows "Submitting..." text. */ isSubmitting?: boolean; /** * Default values to pre-fill form fields. * Useful for editing existing requests or pre-populating known data. */ defaultValues?: Partial; /** * Callback fired when the form is reset via the Reset button. * To fully remount the component (clearing all internal state), * change the `key` prop from the parent. */ onReset?: () => void; } /** * Status of a data subject request */ export declare type DSRStatus = 'pending' | 'awaitingVerification' | 'inProgress' | 'completed' | 'rejected'; /** * Validated DSR submission shape — matches what `` * emits client-side. Use this as the typed parameter for your server-side * handler after `validateDsrSubmissionStructured` returns `valid: true`. */ export declare interface DsrSubmissionPayload { requestType: string; dataSubject: { fullName: string; email: string; phone?: string; identifierType: string; identifierValue: string; }; additionalInfo?: Record; submittedAt: number; } /** * DSR tracking and analytics component. Supports compliance with NDPA Part IV, * providing summary statistics, deadline tracking, and compliance metrics for data subject requests. */ export declare const DSRTracker: React__default.FC; export declare interface DSRTrackerClassNames { root?: string; header?: string; title?: string; stats?: string; statCard?: string; table?: string; tableHeader?: string; tableRow?: string; statusBadge?: string; } export declare interface DSRTrackerProps { /** * List of DSR requests to track */ requests: DSRRequest[]; /** * Callback function called when a request is selected */ onSelectRequest?: (requestId: string) => void; /** * Title displayed on the tracker * @default "DSR Request Tracker" */ title?: string; /** * Description text displayed on the tracker * @default "Track the status and progress of data subject requests as required by NDPA Part IV." */ description?: string; /** * Custom CSS class for the tracker */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Whether to show the summary statistics * @default true */ showSummaryStats?: boolean; /** * Whether to show the request type breakdown * @default true */ showTypeBreakdown?: boolean; /** * Whether to show the status breakdown * @default true */ showStatusBreakdown?: boolean; /** * Whether to show the timeline chart * @default true */ showTimelineChart?: boolean; /** * Whether to show the overdue requests * @default true */ showOverdueRequests?: boolean; /** * Object of CSS class overrides keyed by semantic section name. */ classNames?: DSRTrackerClassNames; /** * When true, all default Tailwind classes are removed so consumers * can style from scratch using classNames. */ unstyled?: boolean; } /** * Data Subject Rights types aligned with NDPA 2023 Part VI (Sections 34-38) * and the related provisions in Part V (Section 27 — information to the data subject) * and Part X (Section 46 — complaint to the Commission). * * Note: These are guidance labels — not legal advice. Verify with your DPO or counsel. */ /** * Types of data subject requests per NDPA Part VI * - 'information': Right to be informed (Section 27 — provision of information; Section 34(1)(a)) * - 'access': Right of access / confirmation + data copy (Section 34(1)(a)–(b)) * - 'rectification': Right to rectification (Section 34(1)(c)) * - 'erasure': Right to erasure (Section 34(1)(d), Section 34(2)) * - 'restriction': Right to restrict processing (Section 34(1)(e)) * - 'portability': Right to data portability (Section 38) * - 'objection': Right to object (Section 36) * - 'automated_decision_making': Rights re. automated decisions / profiling (Section 37) * - 'withdraw_consent': Right to withdraw consent (Section 35) */ export declare type DSRType = 'information' | 'access' | 'rectification' | 'erasure' | 'restriction' | 'portability' | 'objection' | 'automated_decision_making' | 'withdraw_consent'; export declare type EffortLevel = 'low' | 'medium' | 'high'; /** * Exports the Record of Processing Activities to a CSV string. * The CSV includes all key fields from each processing record. * * @param ropa - The full Record of Processing Activities * @returns CSV-formatted string */ export declare function exportROPAToCSV(ropa: RecordOfProcessingActivities): string; export declare interface FormatAuditReportOptions { /** Wrap status symbols in ANSI colour codes. Default false. */ color?: boolean; } /** * Format a DSR request for display or submission. Returns the formatted * payload plus a typed `errors` array of `{ field, code, message }` for any * required fields missing from the source request. * * Codes emitted: * - `request_id_required` * - `request_type_required` * - `request_status_required` * - `created_at_required` * - `subject_name_required` * - `subject_email_required` */ export declare function formatDSRRequestStructured(request: DSRRequest): FormatDSRRequestStructuredResult; /** Result of {@link formatDSRRequestStructured}. */ export declare interface FormatDSRRequestStructuredResult { valid: boolean; errors: StructuredValidationError[]; /** Formatted request payload — always populated regardless of `valid`. */ formattedRequest: Record; /** Narrowed input — populated only on `valid: true`. */ data?: DSRRequest; } /** * Render an `NdprAuditResult` as a plain-text report. */ export declare function formatNdprAuditReport(result: NdprAuditResult, options?: FormatAuditReportOptions): string; /** * Derive the CAR schedule and status for a DCPMI under NDPC GAID 2025. */ export declare function generateComplianceAuditReturn(input: CARInput, options?: CAROptions): ComplianceAuditReturn; /** * Generates a summary of all lawful basis documentation across processing activities. * * @param activities Array of processing activities to summarize * @returns LawfulBasisSummary with counts, breakdowns, and flagged activities */ export declare function generateLawfulBasisSummary(activities: ProcessingActivity[]): LawfulBasisSummary; /** * Generates policy text by replacing variables in a template with organization-specific values * @param sectionsOrTemplate The policy sections or template string to generate text for * @param organizationInfoOrVariables The organization information or variable map to use for replacement * @returns The generated policy text or an object with the generated text and metadata */ export declare function generatePolicyText(sectionsOrTemplate: PolicySection[] | string, organizationInfoOrVariables: OrganizationInfo | Record): string | { fullText: string; sectionTexts: Record; missingVariables: string[]; }; /** * Generates a summary of the Record of Processing Activities. * Provides statistics and identifies records that are due for review. * * @param ropa - The full Record of Processing Activities * @returns Summary statistics for the ROPA */ export declare function generateROPASummary(ropa: RecordOfProcessingActivities): ROPASummary; /** * Retrieves the full consent audit log from localStorage. * Returns an empty array if no log exists or parsing fails. * * @param storageKey - Base storage key (the audit key is derived as `${storageKey}_audit`) */ export declare function getAuditLog(storageKey?: string): ConsentAuditEntry[]; /** * Evaluate an organisation's NDPA compliance across all modules. * * @param input - Compliance input object * @returns ComplianceReport with overall score, per-module breakdown, and sorted recommendations */ export declare function getComplianceScore(input: ComplianceInput): ComplianceReport; /** * Returns a human-readable description of a lawful basis with the relevant * NDPA section reference. * * @param basis The lawful basis to describe * @returns Description string including NDPA section reference */ export declare function getLawfulBasisDescription(basis: LawfulBasis): string; /** * Returns a human-readable description of a transfer mechanism with its NDPA section reference. * * @param mechanism The transfer mechanism * @returns Description including the relevant NDPA section */ export declare function getTransferMechanismDescription(mechanism: TransferMechanism): string; /** Options for HTML export of the finalised policy. */ declare interface HTMLExportOptions { includeStyles?: boolean; includePrintCSS?: boolean; customCSS?: string; /** * Theme controlling the embedded design tokens. * * - `'light'` (default): emits the light token palette only. No * `prefers-color-scheme: dark` block is included, so a visitor's OS * dark-mode setting will NOT recolour the policy. This is the right * default for an embedded compliance widget — most consumer host sites * are single-theme and Shadow DOM does not isolate `prefers-color-scheme`. * - `'dark'`: emits the dark token palette as the primary style. * - `'auto'`: emits light tokens plus a `@media (prefers-color-scheme: dark)` * block that swaps to dark on the user's OS preference. Use this when * your host site genuinely follows OS dark mode and you want the policy * to match. * * Pre-3.4.1 the export effectively behaved like `'auto'` unconditionally, * which leaked dark colours into light-only host sites via Shadow DOM. * * @default 'light' */ theme?: 'light' | 'dark' | 'auto'; } /** * Identifies compliance gaps in the Record of Processing Activities. * Finds records that are missing required information per NDPA 2023. * * @param ropa - The full Record of Processing Activities * @returns Array of compliance gaps grouped by record */ export declare function identifyComplianceGaps(ropa: RecordOfProcessingActivities): ROPAComplianceGap[]; /** * Policy engine types for the adaptive privacy policy generator. * These types power the wizard-driven policy builder, compliance checker, * and export functionality — all aligned with the NDPA 2023. */ /** Industry verticals with sector-specific compliance requirements. */ declare type Industry = 'fintech' | 'healthcare' | 'ecommerce' | 'saas' | 'education' | 'government' | 'other'; /** * Returns whether NDPC approval is required for a given transfer mechanism. * Under NDPA Section 42(5), the Commission may approve binding corporate rules, * codes of conduct, certification mechanisms, or similar instruments. Standard * contractual clauses are one of the appropriate safeguards under Section 41(1)(a) * and the Commission may approve them per Section 42(4). * * @param mechanism The transfer mechanism * @returns Whether NDPC approval is typically required */ export declare function isNDPCApprovalRequired(mechanism: TransferMechanism): boolean; /** * Built-in registry of widely deployed third-party cookies, so an undeclared * cookie can often still be identified (provider + likely category). Override * or extend via {@link CookieScanOptions.knownCookies}; categories follow the * common necessary / functional / analytics / marketing taxonomy. */ export declare const KNOWN_COOKIES: DeclaredCookie[]; /** * Lawful Basis types aligned with NDPA 2023 Part III (Sections 24-28) * Every processing activity must have a documented lawful basis */ /** * The six lawful bases for processing personal data per NDPA Section 25(1) */ export declare type LawfulBasis = 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_interest' | 'legitimate_interests'; /** * Compliance gap identified across processing activities */ export declare interface LawfulBasisComplianceGap { activityId: string; activityName: string; type: 'missing_approval' | 'overdue_review' | 'missing_justification' | 'missing_lia' | 'missing_sensitive_condition' | 'missing_retention' | 'missing_data_categories' | 'missing_purposes'; severity: 'high' | 'medium' | 'low'; description: string; } /** * Summary of all lawful basis documentation for compliance reporting */ export declare interface LawfulBasisSummary { /** Total number of processing activities */ totalActivities: number; /** Breakdown by lawful basis */ byBasis: Record; /** Number of activities involving sensitive data */ sensitiveDataActivities: number; /** Number of activities involving cross-border transfers */ crossBorderActivities: number; /** Activities due for review */ activitiesDueForReview: ProcessingActivity[]; /** Activities without DPO approval */ activitiesWithoutApproval: ProcessingActivity[]; /** Last updated timestamp */ lastUpdated: number; } /** * Lawful basis tracker component. Implements NDPA Section 25 requirements for documenting * and tracking the lawful basis for each personal data processing activity. */ export declare const LawfulBasisTracker: React__default.FC; export declare interface LawfulBasisTrackerClassNames { root?: string; header?: string; title?: string; summary?: string; summaryCard?: string; table?: string; tableHeader?: string; tableRow?: string; form?: string; input?: string; select?: string; submitButton?: string; /** Alias for submitButton */ primaryButton?: string; statusBadge?: string; complianceScore?: string; gapAlert?: string; } export declare interface LawfulBasisTrackerProps { /** * List of processing activities to display */ activities: ProcessingActivity[]; /** * Callback when a new activity is created. */ onAdd?: (activity: Omit) => void; /** * Callback when an activity is updated. */ onUpdate?: (id: string, updates: Partial) => void; /** * Callback when an activity is archived. */ onArchive?: (id: string) => void; /** * Title displayed on the tracker * @default "Lawful Basis Tracker" */ title?: string; /** * Description text displayed on the tracker * @default "Document and track the lawful basis for each processing activity as required by NDPA 2023 Section 25." */ description?: string; /** * Custom CSS class for the tracker container */ className?: string; /** * Custom CSS class for buttons */ buttonClassName?: string; /** * Whether to show the compliance summary at the top * @default true */ showSummary?: boolean; /** * Whether to show compliance gap alerts * @default true */ showComplianceGaps?: boolean; /** * Override class names for individual sections of the component. * Takes priority over className / buttonClassName. */ classNames?: LawfulBasisTrackerClassNames; /** * When true, all default styling is removed so consumers * can style from scratch using classNames. */ unstyled?: boolean; } /** * Lawful basis for processing personal data per NDPA Section 25(1) */ export declare type LawfulBasisType = 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_interest' | 'legitimate_interests'; /** * Validation result for a processing activity */ export declare interface LawfulBasisValidationResult { isValid: boolean; errors: string[]; warnings: string[]; } /** * Full disclaimer suitable for PDF/DOCX footers and exported artifacts. */ export declare const LEGAL_DISCLAIMER_LONG: string; /** * Short disclaimer suitable for component captions and dashboard footers. * One line, no markdown. */ export declare const LEGAL_DISCLAIMER_SHORT = "Generated for guidance only. Not legal advice \u2014 verify with your DPO or counsel."; /** * Returns the long disclaimer wrapped with a leading heading suitable for * embedding at the foot of an exported document. */ export declare function legalDisclaimerBlock(heading?: string): string; /** * Renders the standard "not legal advice" notice produced by this toolkit. * Use under any component that surfaces an NDPA section citation or generates * an artifact (privacy policy, breach report, DPIA result, etc.). */ export declare const LegalNotice: React__default.FC; export declare interface LegalNoticeProps { /** * Disclaimer length. `short` is a one-liner appropriate for captions and * footers; `long` is the full notice for export documents and dialogs. * @default 'short' */ variant?: 'short' | 'long'; /** Custom className for the wrapping element */ className?: string; /** When true, renders nothing (escape hatch for unstyled mode) */ hidden?: boolean; } /** * Represents a Legitimate Interest Assessment (LIA) * Required when the lawful basis is 'legitimate_interests' */ export declare interface LegitimateInterestAssessment { /** Unique identifier */ id: string; /** ID of the associated processing activity */ processingActivityId: string; /** Date the assessment was conducted */ assessmentDate: number; /** Person who conducted the assessment */ assessor: { name: string; role: string; email: string; }; /** Description of the legitimate interest being pursued */ purposeTest: string; /** Why the processing is necessary for this purpose */ necessityTest: string; /** Balancing test: rights of data subject vs. legitimate interest */ balancingTest: string; /** Safeguards applied to protect data subject rights */ safeguards: string[]; /** Overall conclusion */ conclusion: string; /** Whether the assessment concluded the processing is justified */ approved: boolean; } export declare interface ModuleScore { /** Module name (e.g. "consent") */ name: string; /** Raw module score 0-100 */ score: number; /** Maximum possible score for this module (always 100) */ maxScore: number; /** Weighted contribution to the overall score */ weightedScore: number; /** NDPA sections this module maps to */ ndpaSections: string[]; /** Gaps found — list of human-readable gap descriptions */ gaps: string[]; } /** * Aggregate NDPA 2023 compliance audit — combines the compliance-score engine * with the GAID 2025 DCPMI classifier, Compliance Audit Returns scheduler, and * breach-notification checker into a single pass/fail result suitable for CI. * * Pure and React-free: drive it from a config file via the `ndpr audit` CLI, a * CI job, or a server route. Not legal advice — verify against current NDPC * guidance. */ export declare interface NdprAuditInput { /** Compliance posture across the 8 NDPA modules. */ compliance: ComplianceInput; /** Optional DCPMI classification input (GAID 2025 registration). */ dcpmi?: DCPMIInput; /** Optional Compliance Audit Returns scheduling input. */ car?: CARInput; /** Optional breach reports to check against the S. 40 / Article 33 duty. */ breaches?: BreachReport[]; } export declare interface NdprAuditOptions { /** Minimum overall compliance score required to pass. Default 70. */ minScore?: number; dcpmiOptions?: DCPMIClassificationOptions; carOptions?: CAROptions; breachOptions?: BreachNotificationOptions; } export declare interface NdprAuditResult { /** True when the score meets `minScore` and no check is a hard failure. */ passed: boolean; score: number; rating: ComplianceRating; minScore: number; checks: AuditCheck[]; compliance: ComplianceReport; dcpmi?: DCPMIClassification; car?: ComplianceAuditReturn; breaches: Array<{ id: string; title: string; assessment: BreachNotificationAssessment; }>; summary: { pass: number; warn: number; fail: number; }; generatedAt: string; } /** * Configuration for the NDPR toolkit provider. */ export declare interface NDPRConfig { /** The official name of the organisation */ organizationName?: string; /** Email address of the Data Protection Officer */ dpoEmail?: string; /** NDPC registration number, if registered */ ndpcRegistrationNumber?: string; /** Prefix for localStorage/sessionStorage keys used by toolkit components */ storageKeyPrefix?: string; /** When true, removes all default styles from toolkit components */ unstyled?: boolean; /** Theme overrides applied as CSS custom properties */ theme?: { /** Primary brand colour (e.g. "#0070f3") */ primary?: string; /** Hover state for primary colour */ primaryHover?: string; /** Foreground colour used on primary backgrounds */ primaryForeground?: string; }; /** * Locale strings for all toolkit components. * Pass partial overrides — missing keys fall back to English defaults. */ locale?: NDPRLocale; /** * Custom fallback UI to render when a child component throws during rendering. * Receives the error and a reset function. If omitted, a default fallback is shown. */ fallback?: ReactNode | ((error: Error, reset: () => void) => ReactNode); /** * Called when the error boundary catches an error. * Useful for sending errors to an external reporting service. */ onError?: (error: Error, errorInfo: ErrorInfo) => void; } /** * Read-only compliance dashboard. * * Visualises a `ComplianceReport` (from `getComplianceScore()`) showing the * overall score, per-module cards, and a prioritised recommendations list. */ export declare const NDPRDashboard: React__default.FC; export declare interface NDPRDashboardClassNames { root?: string; header?: string; scoreCircle?: string; scoreValue?: string; ratingBadge?: string; modulesGrid?: string; moduleCard?: string; moduleTitle?: string; moduleScore?: string; moduleGaps?: string; recommendationsSection?: string; recommendationItem?: string; recommendationPriority?: string; recommendationTitle?: string; primaryButton?: string; secondaryButton?: string; } export declare interface NDPRDashboardProps { /** Compliance report produced by getComplianceScore() */ report: ComplianceReport; /** Dashboard heading. Defaults to "NDPA Compliance Dashboard" */ title?: string; /** Show/hide the recommendations section. Defaults to true */ showRecommendations?: boolean; /** Maximum number of recommendations to render. Defaults to 5 */ maxRecommendations?: number; /** Per-section class name overrides */ classNames?: NDPRDashboardClassNames; /** When true, strips all default classes so consumers can style from scratch */ unstyled?: boolean; } /** * Locale strings for all toolkit components. * Pass partial overrides — missing keys fall back to English defaults. */ declare interface NDPRLocale { consent?: { title?: string; description?: string; acceptAll?: string; rejectAll?: string; customize?: string; savePreferences?: string; selectAll?: string; deselectAll?: string; required?: string; cookieNotice?: string; /** ConsentManager component title */ managerTitle?: string; /** ConsentManager component description */ managerDescription?: string; /** ConsentManager reset button */ resetToDefaults?: string; }; dsr?: { title?: string; description?: string; submitRequest?: string; reset?: string; fullName?: string; email?: string; phone?: string; requestType?: string; additionalInfo?: string; identityVerification?: string; identifierType?: string; identifierValue?: string; privacyNotice?: string; successMessage?: string; /** DSRDashboard component title */ dashboardTitle?: string; /** DSRDashboard component description */ dashboardDescription?: string; /** DSRTracker component title */ trackerTitle?: string; /** DSRTracker component description */ trackerDescription?: string; }; breach?: { title?: string; description?: string; submitReport?: string; breachTitle?: string; category?: string; discoveredAt?: string; detailedDescription?: string; /** BreachRiskAssessment component title */ riskAssessmentTitle?: string; /** BreachRiskAssessment component description */ riskAssessmentDescription?: string; /** BreachNotificationManager component title */ notificationManagerTitle?: string; /** BreachNotificationManager component description */ notificationManagerDescription?: string; /** RegulatoryReportGenerator component title */ regulatoryReportTitle?: string; /** RegulatoryReportGenerator component description */ regulatoryReportDescription?: string; }; dpia?: { title?: string; next?: string; previous?: string; complete?: string; progress?: string; /** DPIAQuestionnaire submit button (last section) */ submit?: string; /** DPIAReport main report title */ reportTitle?: string; }; policy?: { title?: string; generate?: string; preview?: string; export?: string; sections?: string; variables?: string; /** PolicyGenerator component title */ generatorTitle?: string; /** PolicyGenerator component description */ generatorDescription?: string; /** PolicyPreview component title */ previewTitle?: string; /** PolicyPreview component description */ previewDescription?: string; /** PolicyExporter component title */ exporterTitle?: string; /** PolicyExporter component description */ exporterDescription?: string; /** AdaptivePolicyWizard heading */ wizardTitle?: string; }; lawfulBasis?: { /** LawfulBasisTracker title */ title?: string; /** LawfulBasisTracker description */ description?: string; }; crossBorder?: { /** CrossBorderTransferManager title */ title?: string; /** CrossBorderTransferManager description */ description?: string; }; ropa?: { /** ROPAManager title */ title?: string; /** ROPAManager description */ description?: string; }; compliance?: { score?: string; excellent?: string; good?: string; needsWork?: string; critical?: string; recommendations?: string; passed?: string; gaps?: string; }; common?: { loading?: string; error?: string; save?: string; cancel?: string; delete?: string; edit?: string; add?: string; back?: string; next?: string; search?: string; noResults?: string; }; } /** * Provides NDPR configuration to all descendant toolkit components. * * When a `theme` is supplied, the corresponding CSS custom properties * (`--ndpr-primary`, `--ndpr-primary-hover`, `--ndpr-primary-foreground`) * are set on the wrapping element so components can reference them. * * Wraps children in an error boundary so that a rendering failure in any * toolkit component does not crash the host application. */ export declare const NDPRProvider: React__default.FC; /** * Typed theme object for `NDPRThemeProvider`. * * Every field is optional. Each set field becomes one `--ndpr-*` CSS custom * property on the wrapping element; unset fields fall through to the * defaults shipped in `@tantainnovative/ndpr-toolkit/styles`. * * Color values are passed as **RGB triplets** (space-separated channels, * no `rgb()` wrapper) because the stylesheet uses `rgb(var(--ndpr-primary))` * everywhere. This lets the same token power solid backgrounds and * `rgb(var(--ndpr-primary) / 0.12)` tints. * * @example * const theme: NDPRTheme = { * colors: { primary: '22 163 74', primaryHover: '21 128 61' }, * radius: { base: '0.75rem' }, * }; * * @example * // Helper consumers may write themselves for hex inputs: * // const hexToRgbTriplet = (hex: string) => { * // const n = parseInt(hex.replace('#', ''), 16); * // return `${(n >> 16) & 255} ${(n >> 8) & 255} ${n & 255}`; * // }; * // const theme: NDPRTheme = { colors: { primary: hexToRgbTriplet('#16a34a') } }; */ export declare interface NDPRTheme { /** Light / dark mode hint. Sets `data-theme` so stylesheet's `[data-theme="dark"]` selector applies. */ mode?: 'light' | 'dark'; /** Color tokens — all values are RGB triplets, e.g. `'22 163 74'`. */ colors?: { primary?: string; primaryHover?: string; primaryForeground?: string; background?: string; surface?: string; foreground?: string; muted?: string; mutedForeground?: string; border?: string; input?: string; ring?: string; success?: string; destructive?: string; warning?: string; }; /** Border-radius scale — CSS length values, e.g. `'0.5rem'`. */ radius?: { sm?: string; base?: string; lg?: string; full?: string; }; /** Spacing scale — CSS length values. */ spacing?: { 1?: string; 2?: string; 3?: string; 4?: string; 5?: string; 6?: string; 8?: string; }; /** Box-shadow tokens. */ shadow?: { sm?: string; base?: string; lg?: string; }; /** Typography tokens. `sans` is a font-family string; the rest are CSS length values. */ font?: { sans?: string; sizeXs?: string; sizeSm?: string; sizeBase?: string; sizeLg?: string; sizeXl?: string; lineHeight?: string; lineHeightTight?: string; }; /** Transition timing tokens, e.g. `'150ms ease-out'`. */ transition?: { base?: string; slow?: string; }; /** Z-index tokens for banners and modals. */ z?: { banner?: number | string; modal?: number | string; }; } /** * Provides theme tokens to NDPR toolkit components by injecting `--ndpr-*` * CSS custom properties on a wrapping `div`. * * This is syntactic sugar over the toolkit's existing CSS-variable theming * model. The stylesheet at `@tantainnovative/ndpr-toolkit/styles` defines * all defaults; this provider only sets variables for fields you explicitly * supply, so unset tokens cascade from `:root`. * * @example * import { NDPRThemeProvider, type NDPRTheme } from '@tantainnovative/ndpr-toolkit'; * * const theme: NDPRTheme = { * colors: { primary: '22 163 74', primaryHover: '21 128 61' }, * radius: { base: '0.75rem' }, * }; * * * * */ export declare const NDPRThemeProvider: React__default.FC; export declare interface NDPRThemeProviderProps { /** Theme overrides. Only fields you set produce CSS variables. */ theme?: NDPRTheme; /** Optional className on the wrapping `div` — useful for Tailwind utilities. */ className?: string; children: React__default.ReactNode; } /** * Represents notification requirements for a data breach per NDPA Section 40 */ export declare interface NotificationRequirement { /** * Whether NDPC notification is required * Per NDPA Section 40, notification to NDPC is required for all breaches * that pose a risk to data subjects' rights and freedoms */ ndpcNotificationRequired: boolean; /** * Deadline for NDPC notification (72 hours from discovery) * NDPA Section 40(1) */ ndpcNotificationDeadline: number; /** * Whether data subject notification is required * Per NDPA Section 40(4), required when breach is likely to result in * high risk to rights and freedoms of data subjects */ dataSubjectNotificationRequired: boolean; /** Justification for the notification decision */ justification: string; /** * @deprecated Use ndpcNotificationRequired instead. Kept for backward compatibility. */ nitdaNotificationRequired?: boolean; /** * @deprecated Use ndpcNotificationDeadline instead. Kept for backward compatibility. */ nitdaNotificationDeadline?: number; } /** * Represents organization information for a privacy policy */ export declare interface OrganizationInfo { /** Name of the organization */ name: string; /** Website URL of the organization */ website: string; /** Contact email for privacy inquiries */ privacyEmail: string; /** Physical address of the organization */ address?: string; /** Phone number for privacy inquiries */ privacyPhone?: string; /** Name of the Data Protection Officer */ dpoName?: string; /** Email of the Data Protection Officer */ dpoEmail?: string; /** Industry or sector of the organization */ industry?: string; /** NDPC registration number (if registered) */ ndpcRegistrationNumber?: string; } declare interface OrganizationInfo_2 { /** * Name of the organization */ name: string; /** * Registration number or business ID */ registrationNumber?: string; /** * Physical address of the organization */ address: string; /** * Website URL */ website?: string; /** * Name of the Data Protection Officer */ dpoName: string; /** * Email of the Data Protection Officer */ dpoEmail: string; /** * Phone number of the Data Protection Officer */ dpoPhone?: string; } /** Organisation size tiers — affects complexity of generated language. */ declare type OrgSize = 'startup' | 'midsize' | 'enterprise'; /** Options for PDF export of the finalised policy. */ declare interface PDFExportOptions { includeCoverPage?: boolean; includeTOC?: boolean; includeComplianceBadge?: boolean; logoUrl?: string; filename?: string; } /** Represents an in-progress policy being built in the wizard. */ declare interface PolicyDraft { /** Unique identifier for the draft. */ id: string; /** The template context driving section generation. */ templateContext: TemplateContext; /** Custom sections added by the user. */ customSections: CustomSection[]; /** Per-section content overrides keyed by section id. */ sectionOverrides: Record; /** Ordered list of section ids defining the final order. */ sectionOrder: string[]; /** Current wizard step (0-indexed). */ currentStep: number; /** Timestamp of the last save. */ lastSavedAt: number; /** The draft is always in "draft" status until finalised. */ status: 'draft'; } export declare const PolicyExporter: React__default.FC; export declare interface PolicyExporterClassNames { /** Root container */ root?: string; /** Header area containing title and description */ header?: string; /** Title element */ title?: string; /** Description element */ description?: string; /** Format selector container */ formatSelector?: string; /** Individual format option */ formatOption?: string; /** Export button */ exportButton?: string; /** Alias for exportButton */ primaryButton?: string; /** NDPA compliance / export tips notice */ complianceNotice?: string; /** Preview / export history area */ preview?: string; } export declare interface PolicyExporterProps { /** * The policy content to export */ content: string; /** * The policy title */ title?: string; /** * The organization name to include in the exported policy */ organizationName?: string; /** * The last updated date to include in the exported policy */ lastUpdated?: Date; /** * Callback function called when the export is complete */ onExportComplete?: (format: string, url: string) => void; /** * Title displayed on the exporter * @default "Export Privacy Policy" */ componentTitle?: string; /** * Description text displayed on the exporter * @default "Export your NDPA-compliant privacy policy in various formats." */ description?: string; /** * Custom CSS class for the exporter */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Whether to show the export history * @default true */ showExportHistory?: boolean; /** * Whether to include the NDPA compliance notice in the exported policy * @default true */ includeComplianceNotice?: boolean; /** * Whether to include the organization logo in the exported policy * @default false */ includeLogo?: boolean; /** * URL of the organization logo */ logoUrl?: string; /** * Custom CSS styles for the exported policy */ customStyles?: string; /** * Override class names for internal elements */ classNames?: PolicyExporterClassNames; /** * If true, removes all default styles. Use with classNames to apply your own. * @default false */ unstyled?: boolean; } /** * Privacy policy generator component. Implements NDPA Section 27 (provision of * information to the data subject), helping organizations generate compliant * privacy policies that disclose required information. */ export declare const PolicyGenerator: React__default.FC; export declare interface PolicyGeneratorClassNames { /** Root container */ root?: string; /** Header area containing title and description */ header?: string; /** Title element */ title?: string; /** Description element */ description?: string; /** Section list container */ sectionList?: string; /** Individual section item */ sectionItem?: string; /** Variable form container */ form?: string; /** Form input fields */ input?: string; /** Generate button */ generateButton?: string; /** Alias for generateButton */ primaryButton?: string; /** NDPA compliance notice */ complianceNotice?: string; } export declare interface PolicyGeneratorProps { /** * List of policy sections * @default DEFAULT_POLICY_SECTIONS */ sections?: PolicySection[]; /** * List of policy variables * @default DEFAULT_POLICY_VARIABLES */ variables?: PolicyVariable[]; /** * Callback function called when the policy is generated */ onGenerate: (policy: { sections: PolicySection[]; variables: PolicyVariable[]; content: string; }) => void; /** * Title displayed on the generator * @default "NDPA Privacy Policy Generator" */ title?: string; /** * Description text displayed on the generator * @default "Generate an NDPA-compliant privacy policy for your organization in accordance with NDPA Section 27." */ description?: string; /** * Custom CSS class for the generator */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Text for the generate button * @default "Generate Policy" */ generateButtonText?: string; /** * Whether to show a preview of the generated policy * @default true */ showPreview?: boolean; /** * Whether to allow editing the policy content * @default true */ allowEditing?: boolean; /** * Override class names for internal elements */ classNames?: PolicyGeneratorClassNames; /** * If true, removes all default styles. Use with classNames to apply your own. * @default false */ unstyled?: boolean; } export declare const PolicyPreview: React__default.FC; export declare interface PolicyPreviewClassNames { /** Root container */ root?: string; /** Header area containing title and description */ header?: string; /** Title element */ title?: string; /** Description element */ description?: string; /** Content area wrapping the rendered policy */ content?: string; /** Individual rendered section container */ section?: string; /** Section title within rendered content */ sectionTitle?: string; /** Section content within rendered content */ sectionContent?: string; /** NDPA compliance notice */ complianceNotice?: string; } export declare interface PolicyPreviewProps { /** * The policy content to preview */ content: string; /** * The policy sections */ sections?: PolicySection[]; /** * The policy variables */ variables?: PolicyVariable[]; /** * Callback function called when the policy is exported */ onExport?: (format: 'pdf' | 'html' | 'markdown' | 'docx') => void; /** * Callback function called when the policy is edited */ onEdit?: () => void; /** * Title displayed on the preview * @default "Privacy Policy Preview" */ title?: string; /** * Description text displayed on the preview * @default "Preview your NDPA-compliant privacy policy before exporting." */ description?: string; /** * Custom CSS class for the preview */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Whether to show the export options * @default true */ showExportOptions?: boolean; /** * Whether to show the edit button * @default true */ showEditButton?: boolean; /** * Whether to show the table of contents * @default true */ showTableOfContents?: boolean; /** * Whether to show the policy metadata * @default true */ showMetadata?: boolean; /** * The organization name to display in the policy */ organizationName?: string; /** * The last updated date to display in the policy */ lastUpdated?: Date; /** * Override class names for internal elements */ classNames?: PolicyPreviewClassNames; /** * If true, removes all default styles. Use with classNames to apply your own. * @default false */ unstyled?: boolean; } /** * Privacy policy types aligned with NDPA 2023 * Privacy policies must clearly inform data subjects of their rights under the NDPA */ /** * Represents a section in a privacy policy */ export declare interface PolicySection { /** Unique identifier for the section */ id: string; /** Title of the section */ title: string; /** Description of the section */ description?: string; /** Order of the section in the policy */ order?: number; /** Whether the section is required by NDPA */ required: boolean; /** Template text for the section */ template: string; /** * Default content for the section (legacy field) * @deprecated Use template instead */ defaultContent?: string; /** * Custom content for the section (overrides default content) * @deprecated Use template instead */ customContent?: string; /** Whether the section is included in the policy */ included: boolean; /** Variables that can be used in the section content */ variables?: string[]; } /** * Represents a privacy policy template */ export declare interface PolicyTemplate { /** Unique identifier for the template */ id: string; /** Name of the template */ name: string; /** Description of the template */ description: string; /** Type of organization the template is designed for */ organizationType: 'business' | 'nonprofit' | 'government' | 'educational'; /** Sections included in the template */ sections: PolicySection[]; /** Variables used across the template */ variables: Record; /** Version of the template */ version: string; /** Last updated date of the template */ lastUpdated: number; /** * Whether this template is NDPA 2023 compliant */ ndpaCompliant: boolean; } /** * Represents a variable in a privacy policy */ export declare interface PolicyVariable { /** Unique identifier for the variable */ id: string; /** Name of the variable as it appears in the template */ name: string; /** Description of the variable */ description: string; /** Default value for the variable */ defaultValue?: string; /** Current value of the variable */ value: string; /** Type of input for the variable */ inputType: 'text' | 'textarea' | 'email' | 'url' | 'date' | 'select'; /** Options for select inputs */ options?: string[]; /** Whether the variable is required */ required: boolean; } /** * Represents a generated privacy policy */ export declare interface PrivacyPolicy { /** Unique identifier for the policy */ id: string; /** Title of the policy */ title: string; /** Template used to generate the policy */ templateId: string; /** Organization information */ organizationInfo: OrganizationInfo; /** Sections of the policy */ sections: PolicySection[]; /** Values for the variables used in the policy */ variableValues: Record; /** Effective date of the policy */ effectiveDate: number; /** Last updated date of the policy */ lastUpdated: number; /** Version of the policy */ version: string; /** * Applicable legal frameworks */ applicableFrameworks?: ('ndpa' | 'ndpr' | 'gdpr' | 'ccpa')[]; } /** * Represents a processing activity and its lawful basis */ export declare interface ProcessingActivity { /** Unique identifier */ id: string; /** Name of the processing activity */ name: string; /** Description of what processing is performed */ description: string; /** The lawful basis for this processing activity */ lawfulBasis: LawfulBasis; /** Justification for why this lawful basis applies */ lawfulBasisJustification: string; /** Categories of personal data being processed */ dataCategories: string[]; /** Whether sensitive personal data is involved */ involvesSensitiveData: boolean; /** Condition for processing sensitive data (required if involvesSensitiveData is true) */ sensitiveDataCondition?: SensitiveDataCondition; /** Categories of data subjects */ dataSubjectCategories: string[]; /** Purposes of the processing */ purposes: string[]; /** Data retention period */ retentionPeriod: string; /** Justification for the retention period */ retentionJustification?: string; /** Recipients or categories of recipients */ recipients?: string[]; /** Whether data is transferred outside Nigeria */ crossBorderTransfer: boolean; /** Timestamp when the record was created */ createdAt: number; /** Timestamp when the record was last updated */ updatedAt: number; /** Next review date */ reviewDate?: number; /** Status of the processing activity */ status: 'active' | 'inactive' | 'under_review' | 'archived'; /** DPO approval details */ dpoApproval?: { approved: boolean; approvedBy: string; approvedAt: number; notes?: string; }; } /** Lawful processing purposes recognised under the NDPA. */ declare type ProcessingPurpose = 'service_delivery' | 'marketing' | 'analytics' | 'research' | 'legal_compliance' | 'fraud_prevention'; /** * Record of Processing Activities (ROPA) types aligned with NDPA 2023 * Data controllers must maintain comprehensive records of all processing activities */ /** * Represents a single processing record in the ROPA */ export declare interface ProcessingRecord { /** Unique identifier */ id: string; /** Name of the processing activity */ name: string; /** Detailed description of the processing */ description: string; /** Data controller details */ controllerDetails: { name: string; contact: string; address: string; registrationNumber?: string; dpoContact?: string; }; /** Joint controller details (if applicable) */ jointControllerDetails?: { name: string; contact: string; address: string; responsibilities: string; }; /** Data processor details (if processing is outsourced) */ processorDetails?: { name: string; contact: string; address: string; contractReference?: string; }; /** Lawful basis for the processing */ lawfulBasis: LawfulBasis; /** Justification for the chosen lawful basis */ lawfulBasisJustification: string; /** Purposes of the processing */ purposes: string[]; /** Categories of personal data processed */ dataCategories: string[]; /** Categories of sensitive personal data (if any) */ sensitiveDataCategories?: string[]; /** Categories of data subjects */ dataSubjectCategories: string[]; /** Recipients or categories of recipients */ recipients: string[]; /** Cross-border transfer details */ crossBorderTransfers?: Array<{ destinationCountry: string; countryCode?: string; safeguards: string; transferMechanism: string; }>; /** Data retention period */ retentionPeriod: string; /** Justification for the retention period */ retentionJustification?: string; /** Technical and organizational security measures */ securityMeasures: string[]; /** Data source (directly from data subject or from third party) */ dataSource: 'data_subject' | 'third_party' | 'public_source' | 'other'; /** Third-party source details (if dataSource is 'third_party') */ thirdPartySourceDetails?: string; /** Whether a DPIA is required for this processing */ dpiaRequired: boolean; /** Reference to the DPIA (if conducted) */ dpiaReference?: string; /** Whether automated decision-making is involved */ automatedDecisionMaking: boolean; /** Details of automated decision-making (if applicable) */ automatedDecisionMakingDetails?: string; /** Status of the processing record */ status: 'active' | 'inactive' | 'archived'; /** Department or business unit responsible */ department?: string; /** System or application used for processing */ systemsUsed?: string[]; /** Timestamp when the record was created */ createdAt: number; /** Timestamp when the record was last updated */ updatedAt: number; /** Timestamp when the record was last reviewed */ lastReviewedAt?: number; /** Next review date */ nextReviewDate?: number; } export declare interface Recommendation { module: string; key: string; label: string; priority: RecommendationPriority; effort: EffortLevel; recommendation: string; ndpaSection: string; } export declare type RecommendationPriority = 'critical' | 'high' | 'medium' | 'low'; /** * Represents a complete Record of Processing Activities */ export declare interface RecordOfProcessingActivities { /** Unique identifier */ id: string; /** Organization name */ organizationName: string; /** Organization contact information */ organizationContact: string; /** Organization address */ organizationAddress: string; /** Data Protection Officer details */ dpoDetails?: { name: string; email: string; phone?: string; }; /** NDPC registration number */ ndpcRegistrationNumber?: string; /** All processing records */ records: ProcessingRecord[]; /** Timestamp when the ROPA was last updated */ lastUpdated: number; /** Version of the ROPA */ version: string; /** Export format options */ exportFormats?: ('pdf' | 'csv' | 'json' | 'xlsx')[]; } /** * Represents a notification sent to the NDPC (Nigeria Data Protection Commission) */ export declare interface RegulatoryNotification { /** Unique identifier for the notification */ id: string; /** ID of the breach this notification is for */ breachId: string; /** Timestamp when the notification was sent */ sentAt: number; /** Method used to send the notification */ method: 'email' | 'portal' | 'letter' | 'other'; /** Reference number assigned by the NDPC (if available) */ referenceNumber?: string; /** Contact person at the NDPC */ ndpcContact?: { name: string; email: string; phone?: string; }; /** Content of the notification */ content: string; /** Attachments included with the notification */ attachments?: Array<{ id: string; name: string; type: string; url: string; }>; /** Follow-up communications with the NDPC */ followUps?: Array<{ timestamp: number; direction: 'sent' | 'received'; content: string; attachments?: Array<{ id: string; name: string; type: string; url: string; }>; }>; /** * @deprecated Use ndpcContact instead. Kept for backward compatibility. */ nitdaContact?: { name: string; email: string; phone?: string; }; } export declare interface RegulatoryReference { section: string; title: string; url?: string; } /** * Regulatory report generator component. Implements NDPA Section 40 requirements for * generating formal breach notification reports for submission to the NDPC. */ export declare const RegulatoryReportGenerator: React__default.FC; export declare interface RegulatoryReportGeneratorClassNames { root?: string; header?: string; title?: string; reportPreview?: string; field?: string; fieldLabel?: string; fieldValue?: string; generateButton?: string; /** Alias for generateButton */ primaryButton?: string; downloadButton?: string; /** Alias for downloadButton */ secondaryButton?: string; } export declare interface RegulatoryReportGeneratorProps { /** * The breach data to include in the report */ breachData: BreachReport; /** * The risk assessment data */ assessmentData?: RiskAssessment; /** * Organization information to include in the report */ organizationInfo: OrganizationInfo_2; /** * Callback function called when the report is generated */ onGenerate: (report: RegulatoryNotification) => void; /** * Title displayed on the generator form * @default "Generate NDPC Notification Report" */ title?: string; /** * Description text displayed on the generator form * @default "Generate a report for submission to the NDPC in compliance with NDPA Section 40 breach notification requirements." */ description?: string; /** * Text for the generate button * @default "Generate Report" */ generateButtonText?: string; /** * Custom CSS class for the form */ className?: string; /** * Custom CSS class for the buttons */ buttonClassName?: string; /** * Override class names for individual elements */ classNames?: RegulatoryReportGeneratorClassNames; /** * Remove all default styles, only applying classNames overrides */ unstyled?: boolean; /** * Whether to show a preview of the generated report * @default true */ showPreview?: boolean; /** * Whether to allow editing the report content * @default true */ allowEditing?: boolean; /** * Whether to allow downloading the report * @default true */ allowDownload?: boolean; /** * Format for downloading the report * @default "pdf" */ downloadFormat?: 'pdf' | 'docx' | 'html'; } /** * Legacy status of a data subject request * @deprecated Use DSRStatus instead */ export declare type RequestStatus = 'pending' | 'verifying' | 'processing' | 'completed' | 'rejected'; /** * Represents a type of data subject request (detailed configuration) */ export declare interface RequestType { /** Unique identifier for the request type */ id: string; /** Display name for the request type */ name: string; /** Description of what this request type entails */ description: string; /** * NDPA 2023 section reference for this right * (e.g., "Section 34(1)(a)" for access, "Section 38" for portability). * Used for display purposes only — verify the exact subsection with counsel. */ ndpaSection?: string; /** * Estimated time to fulfill this type of request (in days) * NDPA requires response within 30 days */ estimatedCompletionTime: number; /** Whether additional information is required for this request type */ requiresAdditionalInfo: boolean; /** Custom fields required for this request type */ additionalFields?: Array<{ id: string; label: string; type: 'text' | 'textarea' | 'select' | 'checkbox' | 'file'; options?: string[]; required: boolean; placeholder?: string; }>; } /** * Resolves class names for a component section. * If unstyled is true, only the override class is used (or empty string). * If an override is provided, it fully REPLACES the default — no appending. * Otherwise the default class string is returned as-is. */ export declare function resolveClass(defaultClass: string, override?: string, unstyled?: boolean): string; /** * Represents a risk assessment for a data breach */ export declare interface RiskAssessment { /** Unique identifier for the risk assessment */ id: string; /** ID of the breach this assessment is for */ breachId: string; /** Timestamp when the assessment was conducted */ assessedAt: number; /** Person who conducted the assessment */ assessor: { name: string; role: string; email: string; }; /** Confidentiality impact (1-5) */ confidentialityImpact: number; /** Integrity impact (1-5) */ integrityImpact: number; /** Availability impact (1-5) */ availabilityImpact: number; /** Likelihood of harm to data subjects (1-5) */ harmLikelihood: number; /** Severity of potential harm to data subjects (1-5) */ harmSeverity: number; /** Overall risk score */ overallRiskScore: number; /** Risk level based on the overall score */ riskLevel: 'low' | 'medium' | 'high' | 'critical'; /** Whether the breach is likely to result in a risk to rights and freedoms */ risksToRightsAndFreedoms: boolean; /** Whether the breach is likely to result in a high risk to rights and freedoms */ highRisksToRightsAndFreedoms: boolean; /** Justification for the risk assessment */ justification: string; } /** * Compliance gap found in a processing record */ export declare interface ROPAComplianceGap { recordId: string; recordName: string; gaps: string[]; } /** * Record of Processing Activities (ROPA) management component. Implements the NDPA * accountability principle, requiring organizations to maintain comprehensive records * of all personal data processing activities. */ export declare const ROPAManager: React__default.FC; export declare interface ROPAManagerClassNames { root?: string; header?: string; title?: string; orgInfo?: string; summary?: string; summaryCard?: string; table?: string; tableHeader?: string; tableRow?: string; form?: string; input?: string; select?: string; submitButton?: string; /** Alias for submitButton */ primaryButton?: string; statusBadge?: string; exportButton?: string; /** Alias for exportButton */ secondaryButton?: string; complianceGap?: string; } export declare interface ROPAManagerProps { /** * The full Record of Processing Activities */ ropa: RecordOfProcessingActivities; /** * Callback when a new record is added. */ onAdd?: (record: ProcessingRecord) => void; /** * Callback when a record is updated. */ onUpdate?: (id: string, updates: Partial) => void; /** * Callback when a record is archived. */ onArchive?: (id: string) => void; /** * Title displayed on the manager * @default "Record of Processing Activities (ROPA)" */ title?: string; /** * Description text * @default "Maintain a comprehensive record of all data processing activities as required by the NDPA accountability principle." */ description?: string; /** * Custom CSS class */ className?: string; /** * Custom CSS class for buttons */ buttonClassName?: string; /** * Override class names for individual sections of the component. * Takes priority over className / buttonClassName. */ classNames?: ROPAManagerClassNames; /** * When true, all default styling is removed so consumers * can style from scratch using classNames. */ unstyled?: boolean; } /** * Summary statistics for the ROPA */ export declare interface ROPASummary { /** Total number of processing records */ totalRecords: number; /** Active processing records */ activeRecords: number; /** Records by lawful basis */ byLawfulBasis: Record; /** Records involving sensitive data */ sensitiveDataRecords: number; /** Records involving cross-border transfers */ crossBorderRecords: number; /** Records requiring DPIA */ dpiaRequiredRecords: number; /** Records involving automated decision-making */ automatedDecisionRecords: number; /** Records due for review */ recordsDueForReview: ProcessingRecord[]; /** Departments with most processing activities */ topDepartments: Array<{ department: string; count: number; }>; /** Last updated timestamp */ lastUpdated: number; } /** * Validation result for a processing record */ export declare interface ROPAValidationResult { valid: boolean; errors: string[]; } /** * Run the aggregate NDPA compliance audit. */ export declare function runNdprAudit(input: NdprAuditInput, options?: NdprAuditOptions): NdprAuditResult; /** * Sanitizes user input to prevent XSS attacks. * Escapes HTML special characters so that data rendered in dashboards * or other consumer UIs cannot execute embedded scripts. */ export declare function sanitizeInput(input: string): string; /** * Scan the cookies present against your declared cookies and a registry of * well-known third-party cookies. Returns which cookies are declared, which are * undeclared (and whether they can still be identified), and a per-category view. */ export declare function scanCookies(declared?: DeclaredCookie[], options?: CookieScanOptions): CookieScanResult; export declare interface ScannedCookie { /** The cookie name as found in the cookie string. */ name: string; /** Resolved consent category, or `null` when it could not be classified. */ category: string | null; /** Whether it matched your declaration, only the known registry, or nothing. */ matchedBy: CookieMatchSource; provider?: string; purpose?: string; } /** * Additional conditions required for processing sensitive personal data * per NDPA Section 30 */ export declare type SensitiveDataCondition = 'explicit_consent' | 'employment_law' | 'vital_interests_incapable' | 'nonprofit_legitimate' | 'publicly_available' | 'legal_claims' | 'substantial_public_interest' | 'health_purposes' | 'public_health' | 'archiving_research'; declare interface Step { /** * Unique identifier for the step */ id: string; /** * Display label for the step */ label: string; /** * Optional description for the step */ description?: string; /** * Whether the step is completed */ completed: boolean; /** * Whether the step is the current active step */ active: boolean; /** * Optional icon for the step */ icon?: React__default.ReactNode; } export declare const StepIndicator: React__default.FC; export declare interface StepIndicatorClassNames { /** Outermost wrapper */ root?: string; /** Individual step wrapper */ step?: string; /** Active step circle / indicator */ stepActive?: string; /** Completed step circle / indicator */ stepCompleted?: string; /** Pending (incomplete, inactive) step circle / indicator */ stepPending?: string; /** Connector line between steps */ connector?: string; /** Step label text */ label?: string; } export declare interface StepIndicatorProps { /** * Array of steps to display */ steps: Step[]; /** * Callback function called when a step is clicked */ onStepClick?: (stepId: string) => void; /** * Whether the steps are clickable * @default true */ clickable?: boolean; /** * Orientation of the step indicator * @default "horizontal" */ orientation?: 'horizontal' | 'vertical'; /** * Custom CSS class for the container */ className?: string; /** * Custom CSS class for the active step */ activeStepClassName?: string; /** * Custom CSS class for completed steps */ completedStepClassName?: string; /** * Custom CSS class for incomplete steps */ incompleteStepClassName?: string; /** * Per-section class name overrides */ classNames?: StepIndicatorClassNames; /** * When true, all default classes are stripped. * Only explicit overrides from `classNames` are applied. * @default false */ unstyled?: boolean; } export declare interface StorageAdapter { /** Load persisted data. Called once on hook mount. */ load(): T | null | Promise; /** Persist data. Called on every state change. */ save(data: T): void | Promise; /** Clear persisted data. Called on reset. */ remove(): void | Promise; } /** * Single structured validation error with a stable, locale-independent * `code` consumers can switch on programmatically. */ export declare interface StructuredValidationError { /** Dot-path of the offending field (e.g. `'timestamp'`, `'dataSubject.email'`, `'options[0].purpose'`). */ field: string; /** Stable, snake_case error code — safe to switch on across locales. */ code: string; /** Human-readable English message — informational only; do not regex-match. */ message: string; } /** * Result of a structured validator. `errors` is an array (one entry per * failed rule). `data` is the narrowed, typed payload, only populated on * `valid: true`. */ export declare interface StructuredValidationResult { valid: boolean; errors: StructuredValidationError[]; data?: T; } /** Full context used to generate an adaptive privacy policy. */ declare interface TemplateContext { /** Organisation details, extended with industry and size. */ org: OrganizationInfo & { industry: Industry; orgSize: OrgSize; country: string; }; /** Data categories the organisation collects. */ dataCategories: DataCategory[]; /** Processing purposes relevant to the organisation. */ purposes: ProcessingPurpose[]; /** Whether the organisation processes children's data. */ hasChildrenData: boolean; /** Whether the organisation processes sensitive/special-category data. */ hasSensitiveData: boolean; /** Whether the organisation processes financial data. */ hasFinancialData: boolean; /** Whether data is transferred outside Nigeria. */ hasCrossBorderTransfer: boolean; /** Whether automated decision-making or profiling is used. */ hasAutomatedDecisions: boolean; /** Third-party processors that receive personal data. */ thirdPartyProcessors: ThirdPartyProcessor[]; } /** A third-party entity that processes data on behalf of the organisation. */ declare interface ThirdPartyProcessor { /** Name of the third party. */ name: string; /** Purpose of sharing data with this processor. */ purpose: string; /** Country where the processor is located. */ country: string; } /** * Transfer Impact Assessment (TIA) for cross-border transfers */ export declare interface TransferImpactAssessment { /** Unique identifier */ id: string; /** ID of the associated cross-border transfer */ transferId: string; /** Date the assessment was conducted */ assessmentDate: number; /** Person who conducted the assessment */ assessor: { name: string; role: string; email: string; }; /** Analysis of the destination country's legal framework */ destinationLegalFramework: string; /** Whether the destination has data protection legislation */ hasDataProtectionLaw: boolean; /** Whether the destination has an independent supervisory authority */ hasIndependentAuthority: boolean; /** Risk of government access to the data */ governmentAccessRisk: 'low' | 'medium' | 'high'; /** Overall assessment of data protection level */ dataProtectionLevel: 'adequate' | 'partially_adequate' | 'inadequate'; /** Supplementary measures to address gaps */ supplementaryMeasures: string[]; /** Technical measures (encryption, pseudonymization, etc.) */ technicalMeasures: string[]; /** Contractual measures */ contractualMeasures: string[]; /** Organizational measures */ organizationalMeasures: string[]; /** Overall conclusion */ conclusion: string; /** Whether the transfer can proceed based on the assessment */ approved: boolean; /** Conditions for the transfer (if approved with conditions) */ conditions?: string[]; } /** * Cross-Border Data Transfer types aligned with NDPA 2023 Part VIII (Sections 41-43). * Personal data may only be transferred outside Nigeria under the bases listed in * Section 41(1), where Section 42 defines adequacy and Section 43 lists derogations. * * Note: These are guidance labels — not legal advice. Verify with your DPO or counsel. */ /** * Transfer mechanisms recognized under the NDPA */ export declare type TransferMechanism = 'adequacy_decision' | 'standard_clauses' | 'binding_corporate_rules' | 'ndpc_authorization' | 'explicit_consent' | 'contract_performance' | 'public_interest' | 'legal_claims' | 'vital_interests'; /** * Risk assessment result for a cross-border transfer */ export declare interface TransferRiskResult { riskLevel: 'low' | 'medium' | 'high'; riskScore: number; factors: string[]; recommendations: string[]; } /** * Validation result for a cross-border transfer */ export declare interface TransferValidationResult { isValid: boolean; errors: string[]; warnings: string[]; } /** * Multi-step privacy-policy authoring hook that adapts the generated draft * to the supplied template context (industry, processing purposes, data * categories, processors). Auto-persists a draft via the supplied adapter * and surfaces a live compliance score against the configured rule set. * * @example * ```tsx * import { useAdaptivePolicyWizard } from '@tantainnovative/ndpr-toolkit/hooks'; * * function PolicyWizard() { * const { currentStep, nextStep, policy, complianceScore } = useAdaptivePolicyWizard(); * return ( *
*

Step {currentStep} — compliance: {complianceScore}%

* * {policy && 
{policy.title}
} *
* ); * } * ``` */ export declare function useAdaptivePolicyWizard(options?: UseAdaptivePolicyWizardOptions): UseAdaptivePolicyWizardReturn; export declare interface UseAdaptivePolicyWizardOptions { adapter?: StorageAdapter; onComplete?: (policy: PrivacyPolicy) => void; onComplianceChange?: (score: number, gaps: ComplianceGap[]) => void; /** * Initial template context. Use an org-template factory like * `templateContextFor('healthcare')` to start the wizard with a sector- * specific pre-fill (lawful basis, data categories, sensitive-data flag, * cross-border default). Defaults to `createDefaultContext()` if omitted. * * If an adapter loads a saved draft, the draft's context wins — the * `initialContext` only seeds the very first session. */ initialContext?: TemplateContext; } export declare interface UseAdaptivePolicyWizardReturn { currentStep: number; goToStep: (step: number) => void; nextStep: () => void; prevStep: () => void; canProceed: boolean; context: TemplateContext; updateContext: (updates: Partial) => void; updateOrg: (updates: Partial) => void; toggleDataCategory: (categoryId: string) => void; togglePurpose: (purpose: string) => void; addProcessor: (processor: { name: string; purpose: string; country: string; }) => void; removeProcessor: (index: number) => void; policy: PrivacyPolicy | null; sections: PolicySection[]; customSections: CustomSection[]; addCustomSection: (section: Omit) => void; updateCustomSection: (id: string, updates: Partial) => void; removeCustomSection: (id: string) => void; reorderSections: (sectionId: string, direction: 'up' | 'down') => void; editSectionContent: (sectionId: string, content: string) => void; sectionOverrides: Record; complianceScore: number; complianceResult: ComplianceResult; complianceGaps: ComplianceGap[]; applyFix: (gapId: string) => void; handleExportPDF: (options?: PDFExportOptions) => Promise; handleExportDOCX: (options?: DOCXExportOptions) => Promise; handleExportHTML: (options?: HTMLExportOptions) => string; handleExportMarkdown: () => string; isDraftSaved: boolean; lastSavedAt: number | null; saveDraft: () => Promise; discardDraft: () => void; isLoading: boolean; } /** * Hook for managing data breach notifications in compliance with the NDPA (Section 40). * * @example * ```tsx * import { useBreach } from '@tantainnovative/ndpr-toolkit/hooks'; * * function BreachConsole() { * const { reports, reportBreach } = useBreach({ * categories: [{ id: 'unauthorized-access', name: 'Unauthorised access', description: '' }], * }); * return

{reports.length} breach report(s) on record.

; * } * ``` */ export declare function useBreach({ categories, initialReports, adapter, storageKey, useLocalStorage, onReport, onAssessment, onNotification, }: UseBreachOptions): UseBreachReturn; /** * React hook that memoises the `assessBreachNotification` utility — checks a * breach report's completeness against the NDPA S. 40 / GAID 2025 Article 33 * notification requirements (mandated content, the 72-hour window, and any * data-subject communication owed on high risk). */ export declare function useBreachNotificationAssessment(report: BreachReport, options?: BreachNotificationOptions): BreachNotificationAssessment; declare interface UseBreachOptions { /** * Available breach categories */ categories: BreachCategory[]; /** * Initial breach reports */ initialReports?: BreachReport[]; /** * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage. */ adapter?: StorageAdapter; /** * Storage key for breach data * @default "ndpr_breach_data" * @deprecated Use adapter instead */ storageKey?: string; /** * Whether to use local storage to persist breach data * @default true * @deprecated Use adapter instead */ useLocalStorage?: boolean; /** * Callback function called when a breach is reported */ onReport?: (report: BreachReport) => void; /** * Callback function called when a risk assessment is completed */ onAssessment?: (assessment: RiskAssessment) => void; /** * Callback function called when a notification is sent */ onNotification?: (notification: RegulatoryNotification) => void; } declare interface UseBreachReturn { /** * All breach reports */ reports: BreachReport[]; /** * All risk assessments */ assessments: RiskAssessment[]; /** * All regulatory notifications */ notifications: RegulatoryNotification[]; /** * Submit a new breach report */ reportBreach: (reportData: Omit) => BreachReport; /** * Update an existing breach report */ updateReport: (id: string, updates: Partial) => BreachReport | null; /** * Get a breach report by ID */ getReport: (id: string) => BreachReport | null; /** * Conduct a risk assessment for a breach */ assessRisk: (breachId: string, assessmentData: Omit) => RiskAssessment; /** * Get a risk assessment for a breach */ getAssessment: (breachId: string) => RiskAssessment | null; /** * Calculate notification requirements based on a risk assessment */ calculateNotificationRequirements: (breachId: string) => NotificationRequirement | null; /** * Send a regulatory notification */ sendNotification: (breachId: string, notificationData: Omit) => RegulatoryNotification; /** * Get a regulatory notification for a breach */ getNotification: (breachId: string) => RegulatoryNotification | null; /** * Get breaches that require notification within the next X hours */ getBreachesRequiringNotification: (hoursThreshold?: number) => Array<{ report: BreachReport; assessment: RiskAssessment; requirements: NotificationRequirement; hoursRemaining: number; }>; /** * Clear all breach data */ clearBreachData: () => void; /** * Whether the adapter is still loading data (relevant for async adapters) */ isLoading: boolean; } /** * React hook that memoises the `generateComplianceAuditReturn` utility — derives * a DCPMI's Compliance Audit Returns schedule (initial-audit due date, next * annual filing deadline) and status under NDPC GAID 2025. */ export declare function useComplianceAuditReturn(input: CARInput, options?: CAROptions): ComplianceAuditReturn; /** * Computes an NDPA compliance score and returns a structured report * (score, rating, per-module breakdown, recommendations). * * The computation is memoised by the structural identity of `input` — passing * a fresh-but-equal object on every render is safe and does not force a recompute. * * @param options - The compliance score options. * @param options.input - A {@link ComplianceInput} snapshot summarising the * organisation's current compliance posture. * @returns A memoised {@link ComplianceReport} with overall score, rating, * module-level breakdowns, and prioritised recommendations. * * @example * ```tsx * import { useComplianceScore } from '@tantainnovative/ndpr-toolkit/hooks'; * * function ComplianceBadge({ input }) { * const report = useComplianceScore({ input }); * return {report.overallScore}/100 — {report.rating}; * } * ``` */ export declare function useComplianceScore({ input }: UseComplianceScoreOptions): ComplianceReport; declare interface UseComplianceScoreOptions { /** * Snapshot of the organisation's compliance signals — consent settings, * DSR queue, breach log, lawful-basis register, transfers, ROPA, etc. * The hook recomputes the report whenever this input changes by value * (compared via a stable JSON key under the hood). */ input: ComplianceInput; } /** * Hook for managing user consent in compliance with the NDPA. * * @example * ```tsx * import { useConsent } from '@tantainnovative/ndpr-toolkit/hooks'; * * function App() { * const { hasConsent, acceptAll, rejectAll, shouldShowBanner } = useConsent({ * options: [ * { id: 'necessary', label: 'Necessary', required: true }, * { id: 'analytics', label: 'Analytics' }, * ], * }); * if (!shouldShowBanner) return null; * return ( *
* * * {hasConsent('analytics') && } *
* ); * } * ``` */ export declare function useConsent({ options, adapter, storageOptions, version, onChange, }: UseConsentOptions): UseConsentReturn; declare interface UseConsentOptions { /** * Consent options to present to the user */ options: ConsentOption[]; /** * Pluggable storage adapter. When provided, takes precedence over storageOptions. */ adapter?: StorageAdapter; /** * Storage options for consent settings * @deprecated Use adapter instead */ storageOptions?: ConsentStorageOptions; /** * Version of the consent form * @default "1.0" */ version?: string; /** * Callback function called when consent settings change */ onChange?: (settings: ConsentSettings) => void; } declare interface UseConsentReturn { /** * Current consent settings */ settings: ConsentSettings | null; /** * Whether consent has been given for a specific option */ hasConsent: (optionId: string) => boolean; /** * Update consent settings */ updateConsent: (consents: Record) => void; /** * Accept all consent options */ acceptAll: () => void; /** * Reject all non-required consent options */ rejectAll: () => void; /** * Whether the consent banner should be shown */ shouldShowBanner: boolean; /** * Whether consent settings are valid */ isValid: boolean; /** * Validation errors (if any). Each entry is a structured `{ field, code, * message }` so consumers can switch on `code` across locales. */ validationErrors: StructuredValidationError[]; /** * Reset consent settings (clear from storage) */ resetConsent: () => void; /** * Whether the adapter is still loading data (relevant for async adapters) */ isLoading: boolean; } /** * React hook that scans `document.cookie` against your declared cookies on * mount and exposes a `rescan()` to re-run after you set or clear cookies. * * `result` is `null` until the first client-side scan, so server and first * client render agree (no hydration mismatch). `rescan` is stable and always * reads the latest `declared`/`options` — callers don't need to memoise them. */ export declare function useCookieScan(declared?: DeclaredCookie[], options?: CookieScanOptions): UseCookieScanReturn; export declare interface UseCookieScanReturn { /** The latest scan, or `null` before the first client-side scan (e.g. during SSR). */ result: CookieScanResult | null; /** Re-read the cookies and recompute the scan with the current arguments. */ rescan: () => void; } /** * Hook for managing cross-border data transfers in compliance with NDPA Part VIII (Sections 41-43). * * @example * ```tsx * import { useCrossBorderTransfer } from '@tantainnovative/ndpr-toolkit/hooks'; * * function TransferRegister() { * const { transfers, getSummary } = useCrossBorderTransfer(); * const summary = getSummary(); * return

{summary.totalActiveTransfers} active cross-border transfers.

; * } * ``` */ export declare function useCrossBorderTransfer({ initialTransfers, adapter, storageKey, useLocalStorage, onAdd, onUpdate, onRemove, }?: UseCrossBorderTransferOptions): UseCrossBorderTransferReturn; declare interface UseCrossBorderTransferOptions { /** * Initial transfers to load */ initialTransfers?: CrossBorderTransfer[]; /** * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage. */ adapter?: StorageAdapter; /** * Storage key for transfer data * @default "ndpr_cross_border_transfers" * @deprecated Use adapter instead */ storageKey?: string; /** * Whether to use local storage to persist transfers * @default true * @deprecated Use adapter instead */ useLocalStorage?: boolean; /** * Callback function called when a transfer is added */ onAdd?: (transfer: CrossBorderTransfer) => void; /** * Callback function called when a transfer is updated */ onUpdate?: (transfer: CrossBorderTransfer) => void; /** * Callback function called when a transfer is removed */ onRemove?: (id: string) => void; } declare interface UseCrossBorderTransferReturn { /** * All cross-border transfers */ transfers: CrossBorderTransfer[]; /** * Add a new cross-border transfer */ addTransfer: (transfer: Omit) => CrossBorderTransfer; /** * Update an existing cross-border transfer */ updateTransfer: (id: string, updates: Partial) => CrossBorderTransfer | null; /** * Remove a cross-border transfer */ removeTransfer: (id: string) => void; /** * Get a cross-border transfer by ID */ getTransfer: (id: string) => CrossBorderTransfer | null; /** * Get a compliance summary of all cross-border transfers */ getSummary: () => CrossBorderSummary; /** * Validate a cross-border transfer */ validateTransfer: (transfer: CrossBorderTransfer) => TransferValidationResult; /** * Whether the adapter is still loading data (relevant for async adapters) */ isLoading: boolean; } /** * React hook that memoises the `classifyDCPMI` utility — derives an organisation's * Data Controller/Processor of Major Importance tier, annual registration fee, * and Compliance Audit Returns obligations under NDPC GAID 2025. */ export declare function useDCPMI(input: DCPMIInput, options?: DCPMIClassificationOptions): DCPMIClassification; /** * Convenience wrapper around `usePrivacyPolicy`. With `orgInfo` provided * and `autoGenerate` enabled (default), `policy` is non-null on the first * post-load render — no manual `selectTemplate` / `generatePolicy` chaining * required. * * @example * ```tsx * const { policy } = useDefaultPrivacyPolicy({ * orgInfo: { name: 'Acme Ltd', email: 'privacy@acme.ng' } * }); * return policy ? : ; * ``` */ export declare function useDefaultPrivacyPolicy(options?: UseDefaultPrivacyPolicyOptions): UsePrivacyPolicyReturn; declare interface UseDefaultPrivacyPolicyOptions { /** * Organisation information to pre-fill into the policy. When provided and * `autoGenerate` is true (the default), the hook will auto-select the * default template and generate a renderable policy on first commit, so * `policy` is non-null on the first useful render. */ orgInfo?: { /** Organisation name (maps to `organizationInfo.name` and `orgName` variable) */ name?: string; /** Privacy contact email (maps to `privacyEmail`) */ email?: string; /** Organisation website URL */ website?: string; /** Physical address */ address?: string; /** Industry / sector descriptor */ industry?: string; /** Data Protection Officer name */ dpoName?: string; /** DPO email address */ dpoEmail?: string; }; /** * Whether the hook should auto-select the default template and generate * the policy as soon as it's mounted with `orgInfo`. Set to false to * retain manual control via `selectTemplate` / `generatePolicy`. * @default true */ autoGenerate?: boolean; /** * Storage key for policy data. * @default "ndpr_privacy_policy" */ storageKey?: string; /** * Whether to persist policy data in storage. When `false`, the hook * uses an in-memory no-op adapter and nothing survives a page reload. * @default true */ persist?: boolean; /** * @deprecated Renamed to `persist` in v3.5.0 — `useLocalStorage` is * still accepted for backward compatibility and will be removed in * v4.0. Use `persist` (or pass an explicit `adapter`) instead. * @default true */ useLocalStorage?: boolean; /** * Pluggable storage adapter. When provided, takes precedence over * storageKey/persist/useLocalStorage. */ adapter?: StorageAdapter; } /** * Hook for conducting Data Protection Impact Assessments in compliance with the NDPA 2023. * * @example * ```tsx * import { useDPIA } from '@tantainnovative/ndpr-toolkit/hooks'; * * function DPIAWizard({ sections }) { * const { currentSection, progress, updateAnswer, nextSection } = useDPIA({ sections }); * return ( *
*

{currentSection?.title} ({progress}%)

* *
* ); * } * ``` */ export declare function useDPIA({ sections, initialAnswers, adapter, storageKey, useLocalStorage, onComplete, }: UseDPIAOptions): UseDPIAReturn; declare interface UseDPIAOptions { /** * Sections of the DPIA questionnaire */ sections: DPIASection[]; /** * Initial answers (if resuming a DPIA) */ initialAnswers?: DPIAAnswerMap; /** * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage. */ adapter?: StorageAdapter; /** * Storage key for DPIA data * @default "ndpr_dpia_data" * @deprecated Use adapter instead */ storageKey?: string; /** * Whether to use local storage to persist DPIA data * @default true * @deprecated Use adapter instead */ useLocalStorage?: boolean; /** * Callback function called when the DPIA is completed */ onComplete?: (result: DPIAResult) => void; } declare interface UseDPIAReturn { /** * Current section index */ currentSectionIndex: number; /** * Current section */ currentSection: DPIASection | null; /** * All answers */ answers: DPIAAnswerMap; /** * Update an answer */ updateAnswer: (questionId: string, value: DPIAAnswerValue) => void; /** * Go to the next section */ nextSection: () => boolean; /** * Go to the previous section */ prevSection: () => boolean; /** * Go to a specific section */ goToSection: (index: number) => boolean; /** * Check if the current section is valid */ isCurrentSectionValid: () => boolean; /** * Get validation errors for the current section */ getCurrentSectionErrors: () => Record; /** * Check if the DPIA is complete */ isComplete: () => boolean; /** * Complete the DPIA and generate a result */ completeDPIA: (assessorInfo: { name: string; role: string; email: string; }, title: string, processingDescription: string) => DPIAResult; /** * Get the visible questions for the current section */ getVisibleQuestions: () => DPIAQuestion[]; /** * Reset the DPIA */ resetDPIA: () => void; /** * Progress percentage */ progress: number; /** * Whether the adapter is still loading data (relevant for async adapters) */ isLoading: boolean; } /** * Hook for managing Data Subject Requests in compliance with the NDPA. * * @example * ```tsx * import { useDSR } from '@tantainnovative/ndpr-toolkit/hooks'; * * function DSRPanel() { * const { requests, submitRequest } = useDSR({ * requestTypes: [ * { id: 'access', name: 'Access', description: 'Request access', estimatedCompletionTime: 30 }, * ], * }); * return ( *
    * {requests.map((r) => ( *
  • {r.type} — {r.status}
    • * ))} *
* ); * } * ``` */ export declare function useDSR({ initialRequests, requestTypes, adapter, storageKey, useLocalStorage, onSubmit, onUpdate, }: UseDSROptions): UseDSRReturn; declare interface UseDSROptions { /** * Initial requests to load */ initialRequests?: DSRRequest[]; /** * Available request types */ requestTypes: RequestType[]; /** * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage. */ adapter?: StorageAdapter; /** * Storage key for requests * @default "ndpr_dsr_requests" * @deprecated Use adapter instead */ storageKey?: string; /** * Whether to use local storage to persist requests. * * **Changed in 4.0:** the default is now `false`. `useDSR` is the admin * tracker hook and its state contains data subjects' PII; the previous * default (true) stored that PII in the admin's browser localStorage, * which is rarely appropriate. Opt in by passing `useLocalStorage: true` * if you specifically want the old behaviour. * * For production deployments, pass an explicit `adapter` instead. * * @default false (as of 4.0; was `true` in 3.x) * @deprecated Pass an explicit `adapter` instead of toggling this flag. */ useLocalStorage?: boolean; /** * Callback function called when a request is submitted */ onSubmit?: (request: DSRRequest) => void; /** * Callback function called when a request is updated */ onUpdate?: (request: DSRRequest) => void; } declare interface UseDSRReturn { /** * All requests */ requests: DSRRequest[]; /** * Submit a new request. The hook assigns `id`, `status`, `createdAt`, * `updatedAt`, and `dueDate` — pass everything else. */ submitRequest: (requestData: Omit) => DSRRequest; /** * Update an existing request */ updateRequest: (id: string, updates: Partial) => DSRRequest | null; /** * Get a request by ID */ getRequest: (id: string) => DSRRequest | null; /** * Get requests by status */ /** * Filter requests by status. Accepts both the modern `DSRStatus` union and * the deprecated `RequestStatus` for backward compatibility — pass the * modern values (`'pending' | 'awaitingVerification' | 'inProgress' | ...`). */ getRequestsByStatus: (status: DSRStatus | RequestStatus) => DSRRequest[]; /** * Get requests by type */ getRequestsByType: (type: string) => DSRRequest[]; /** * Get the request type definition by ID */ getRequestType: (typeId: string) => RequestType | undefined; /** * Format a request for display or submission */ formatRequest: (request: DSRRequest) => Record; /** * Clear all requests */ clearRequests: () => void; /** * Whether the adapter is still loading data (relevant for async adapters) */ isLoading: boolean; } /** * Trap keyboard focus inside a container while it is active, and restore * focus to the element that was active before activation when the container * deactivates. Centralises the trap/restore logic that was previously * duplicated (and broken — no restore) inside ConsentBanner. * * @example * ```tsx * const ref = useFocusTrap({ active: isOpen, onEscape: close }); * return
...
; * ``` */ export declare function useFocusTrap(options: UseFocusTrapOptions): RefObject; export declare interface UseFocusTrapOptions { /** * Whether the focus trap is active. When transitioning from false → true, * the hook captures `document.activeElement` and moves focus into the * container; when transitioning back to false, the captured element is * re-focused (WCAG 2.4.3 — focus order). */ active: boolean; /** * Optional callback fired on Escape keydown while the trap is active. * Typical use is to close the surrounding dialog. */ onEscape?: () => void; /** * If false, do not auto-focus the first interactive element inside the * container on activation. Defaults to true. */ autoFocus?: boolean; } /** * Hook for managing lawful basis documentation for processing activities * in compliance with NDPA 2023 Section 25. * * @example * ```tsx * import { useLawfulBasis } from '@tantainnovative/ndpr-toolkit/hooks'; * * function LawfulBasisRegistry() { * const { activities, addActivity } = useLawfulBasis(); * return

{activities.length} processing activities documented.

; * } * ``` */ export declare function useLawfulBasis({ initialActivities, adapter, storageKey, useLocalStorage, onAdd, onUpdate, onRemove, }?: UseLawfulBasisOptions): UseLawfulBasisReturn; declare interface UseLawfulBasisOptions { /** * Initial processing activities to load */ initialActivities?: ProcessingActivity[]; /** * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage. */ adapter?: StorageAdapter; /** * Storage key for persisting activities * @default "ndpr_lawful_basis_activities" * @deprecated Use adapter instead */ storageKey?: string; /** * Whether to use local storage to persist activities * @default true * @deprecated Use adapter instead */ useLocalStorage?: boolean; /** * Callback when an activity is added */ onAdd?: (activity: ProcessingActivity) => void; /** * Callback when an activity is updated */ onUpdate?: (activity: ProcessingActivity) => void; /** * Callback when an activity is removed */ onRemove?: (id: string) => void; } declare interface UseLawfulBasisReturn { /** * All processing activities */ activities: ProcessingActivity[]; /** * Add a new processing activity */ addActivity: (activity: Omit) => ProcessingActivity; /** * Update an existing processing activity */ updateActivity: (id: string, updates: Partial) => ProcessingActivity | null; /** * Remove a processing activity */ removeActivity: (id: string) => void; /** * Get a specific processing activity by ID */ getActivity: (id: string) => ProcessingActivity | null; /** * Get a summary of all lawful basis documentation */ getSummary: () => LawfulBasisSummary; /** * Validate a processing activity */ validateActivity: (activity: ProcessingActivity) => LawfulBasisValidationResult; /** * Whether the adapter is still loading data (relevant for async adapters) */ isLoading: boolean; } /** * Returns the current NDPR configuration from the nearest `NDPRProvider`. * If no provider is found, returns an empty config object. */ export declare function useNDPRConfig(): NDPRConfig; /** * Hook for generating NDPA-compliant privacy policies. * * @example * ```tsx * import { usePrivacyPolicy } from '@tantainnovative/ndpr-toolkit/hooks'; * * function PolicyBuilder({ templates }) { * const { policy, selectTemplate, generatePolicy } = usePrivacyPolicy({ templates }); * return ( *
* * * {policy && 
{policy.title}
} *
* ); * } * ``` */ export declare function usePrivacyPolicy({ templates, initialPolicy, adapter, storageKey, persist, useLocalStorage, onGenerate, }: UsePrivacyPolicyOptions): UsePrivacyPolicyReturn; declare interface UsePrivacyPolicyOptions { /** * Available policy templates */ templates: PolicyTemplate[]; /** * Initial policy data (if editing an existing policy) */ initialPolicy?: PrivacyPolicy; /** * Pluggable storage adapter. When provided, takes precedence over storageKey/useLocalStorage. */ adapter?: StorageAdapter; /** * Storage key for policy data * @default "ndpr_privacy_policy" * @deprecated Use adapter instead */ storageKey?: string; /** * Whether to persist policy data in storage. When `false`, the hook * uses an in-memory no-op adapter and nothing survives a page reload. * Prefer `adapter` for richer control (custom backends, async APIs). * * @default true */ persist?: boolean; /** * @deprecated Renamed to `persist` in v3.5.0 — `useLocalStorage` is * still accepted for backward compatibility and will be removed in * v4.0. Use `persist` (or pass an explicit `adapter`) instead. * @default true */ useLocalStorage?: boolean; /** * Callback function called when a policy is generated */ onGenerate?: (policy: PrivacyPolicy) => void; } declare interface UsePrivacyPolicyReturn { /** * Current policy data */ policy: PrivacyPolicy | null; /** * Selected template */ selectedTemplate: PolicyTemplate | null; /** * Organization information */ organizationInfo: OrganizationInfo; /** * Select a template */ selectTemplate: (templateId: string) => boolean; /** * Update organization information */ updateOrganizationInfo: (updates: Partial) => void; /** * Toggle whether a section is included in the policy */ toggleSection: (sectionId: string, included: boolean) => void; /** * Update section content */ updateSectionContent: (sectionId: string, content: string) => void; /** * Update variable values */ updateVariableValue: (variable: string, value: string) => void; /** * Generate the policy */ generatePolicy: () => PrivacyPolicy | null; /** * Get the generated policy text */ getPolicyText: () => { fullText: string; sectionTexts: Record; missingVariables: string[]; }; /** * Reset the policy */ resetPolicy: () => void; /** * Check if the policy is valid */ isValid: () => { valid: boolean; errors: string[]; }; /** * Whether the adapter is still loading data (relevant for async adapters) */ isLoading: boolean; } /** * Hook for managing a Record of Processing Activities (ROPA) * in compliance with NDPA 2023 requirements. * * Provides state management and utility functions for maintaining * a comprehensive register of all data processing activities. * * @example * ```tsx * import { useROPA } from '@tantainnovative/ndpr-toolkit/hooks'; * * function ROPARegister({ initialData }) { * const { ropa, addRecord, exportCSV } = useROPA({ initialData }); * return ( *
*

{ropa.records.length} processing records

* *
* ); * } * ``` */ export declare function useROPA({ initialData, adapter, onAdd, onUpdate, onArchive, }: UseROPAOptions): UseROPAReturn; export declare interface UseROPAOptions { /** * Initial ROPA state */ initialData: RecordOfProcessingActivities; /** * Pluggable storage adapter. When provided, adapter data is loaded on mount * and the ROPA is persisted after every mutation. Falls back to initialData * when no adapter data is found. */ adapter?: StorageAdapter; /** * Callback when a record is added. */ onAdd?: (record: ProcessingRecord) => void; /** * Callback when a record is updated. */ onUpdate?: (id: string, updates: Partial) => void; /** * Callback when a record is archived. */ onArchive?: (id: string) => void; } export declare interface UseROPAReturn { /** * Current state of the Record of Processing Activities */ ropa: RecordOfProcessingActivities; /** * Add a new processing record */ addRecord: (record: ProcessingRecord) => void; /** * Update an existing processing record */ updateRecord: (id: string, updates: Partial) => void; /** * Archive a processing record by setting its status to 'archived' */ archiveRecord: (id: string) => void; /** * Get a single processing record by ID */ getRecord: (id: string) => ProcessingRecord | undefined; /** * Get a summary of the ROPA including statistics. * @deprecated Use the cached `summary` field instead — it is memoised on * `ropa` so consumers don't pay the recompute cost on every call. */ getSummary: () => ROPASummary; /** * Export the ROPA as a CSV string. * @deprecated Use the cached `csv` field instead — it is memoised on * `ropa` so consumers don't pay the recompute cost on every call. */ exportCSV: () => string; /** * Identify compliance gaps across all records. * @deprecated Use the cached `complianceGaps` field instead — it is * memoised on `ropa` so consumers don't pay the recompute cost on every call. */ getComplianceGaps: () => ROPAComplianceGap[]; /** * Memoised ROPA summary. Recomputed only when `ropa` changes. * Prefer this over `getSummary()` to avoid redundant recomputation. */ summary: ROPASummary; /** * Memoised CSV export string. Recomputed only when `ropa` changes. * Prefer this over `exportCSV()` to avoid redundant recomputation. */ csv: string; /** * Memoised compliance gap list. Recomputed only when `ropa` changes. * Prefer this over `getComplianceGaps()` to avoid redundant recomputation. */ complianceGaps: ROPAComplianceGap[]; /** * Whether the adapter is still loading data (relevant for async adapters) */ isLoading: boolean; } /** * Validates consent options against NDPA Section 26 requirements. Each option * is checked for a non-empty `purpose`. Failing options are reported with * `field: 'options[i].purpose'` so consumers can map errors back to the * originating option index. * * Codes emitted: * - `options_required` — empty / missing options array * - `purpose_required` — single option missing a purpose */ export declare function validateConsentOptionsStructured(options: ConsentOption[]): StructuredValidationResult; /** * Validates consent settings against NDPA requirements. Returns structured * `{ field, code, message }[]` errors so consumers can switch on `code` * across locales without regex-matching English strings. * * Codes emitted: * - `consents_required` * - `timestamp_required` * - `timestamp_invalid` * - `version_required` * - `method_required` * - `has_interacted_required` * - `consent_stale` * * @example * ```ts * const { valid, errors, data } = validateConsentStructured(settings); * if (!valid) { * const stale = errors.find((e) => e.code === 'consent_stale'); * if (stale) showRefreshBanner(); * } * ``` */ export declare function validateConsentStructured(settings: ConsentSettings): StructuredValidationResult; /** Options for {@link validateDsrSubmissionStructured}. */ export declare interface ValidateDsrSubmissionOptions { /** * Whether the data subject is required to provide an identifier * (NDPC's recommended verification step). Mirror whatever you set on * the client-side ``. * @default true */ requireIdentityVerification?: boolean; /** * Allowed request types. When provided, the payload's `requestType` * must be one of these — useful for locking the server to a specific * set of supported NDPA Part VI §34-38 (plus §35, §36, §37) data-subject rights. */ allowedRequestTypes?: string[]; } /** * Validate a raw DSR submission payload against the same rules * `` enforces client-side. Designed to be called from a * server-side handler (Next.js Route Handler, NestJS controller, Express * middleware, Cloudflare Worker) so client and server stay in sync without * the consumer hand-rolling zod / class-validator schemas. * * Defensive — accepts `unknown` and narrows. Safe to call directly on * `await request.json()`. Returns `{ field, code, message }[]` errors so * callers can switch on `code` programmatically across locales. * * Codes emitted: * - `payload_not_object` * - `request_type_required` * - `request_type_not_allowed` * - `data_subject_required` * - `full_name_required` * - `email_required` * - `email_invalid_format` * - `phone_invalid_type` * - `identifier_type_required` * - `identifier_value_required` * - `submitted_at_invalid` * - `additional_info_invalid_type` * - `payload_final_narrowing_failed` * * @example **Next.js Route Handler** * ```ts * import { validateDsrSubmissionStructured } from '@tantainnovative/ndpr-toolkit/server'; * * export async function POST(req: Request) { * const { valid, errors, data } = validateDsrSubmissionStructured(await req.json()); * if (!valid) { * return Response.json({ errors }, { status: 422 }); * } * await dsrStore.create(data); * return Response.json({ ok: true }, { status: 201 }); * } * ``` */ export declare function validateDsrSubmissionStructured(payload: unknown, options?: ValidateDsrSubmissionOptions): StructuredValidationResult; /** * Validates that all required fields are present on a processing activity * and that the lawful basis is properly documented. * * If lawfulBasis is 'legitimate_interests', ensures a LIA justification exists. * If involvesSensitiveData is true, ensures sensitiveDataCondition is set. * * @param activity The processing activity to validate * @returns Validation result with errors and warnings */ export declare function validateProcessingActivity(activity: ProcessingActivity): LawfulBasisValidationResult; /** * Validates a processing record to ensure all required fields are present * and properly filled per NDPA 2023 requirements. * * @param record - The processing record to validate * @returns Validation result with any errors found */ export declare function validateProcessingRecord(record: ProcessingRecord): ROPAValidationResult; /** * Validates a cross-border transfer record for completeness and compliance. * Checks required fields, verifies that NDPC approval is documented when required, * and ensures safeguards are in place. * * @param transfer The cross-border transfer to validate * @returns Validation result with errors and warnings */ export declare function validateTransfer(transfer: CrossBorderTransfer): TransferValidationResult; export { }