{"ok":true,"meta":{"generatedAt":"2026-06-30T13:24:32.061Z"},"data":{"version":"tzv3-data-retention-v2","endpoint":"/api/legal/retention-policy","legalPage":"/legal/data-retention","legalContact":{"env":"LEGAL_CONTACT_EMAIL","productionRequired":true,"configured":false,"validFormat":true,"invalidValueConfigured":false,"value":null,"fallback":"https://t.me/artesc_support"},"records":[{"id":"age-gate","label":"Age gate confirmation","storage":"browser-localStorage","fields":["18+ confirmation flag"],"retention":"Until the visitor clears browser storage.","deletion":"Visitor can clear site data in the browser.","publicSummary":"Age gate: подтверждение 18+ хранится только в браузере до очистки site data пользователем.","localMode":"Stored only in the browser under artesc-age-confirmed.","productionMode":"Keep browser-only unless a counsel-approved account model is introduced."},{"id":"favorites","label":"Favorites","storage":"browser-localStorage","fields":["profile slugs"],"retention":"Until the visitor removes favorites or clears browser storage.","deletion":"Remove from /favorites or clear artesc:favorites:v1.","publicSummary":"Избранное: slug анкет хранится только в localStorage до удаления через /favorites или очистки браузера.","localMode":"No server-side tracking or account binding.","productionMode":"Account-backed favorites require opt-in, privacy wording, and a separate deletion flow."},{"id":"pwa-push-preference","label":"PWA push notification preference","storage":"browser-localStorage + approved push provider when configured","fields":["notification permission","favorites-only consent","favorite count","timestamp","PushSubscription endpoint hash in provider mode"],"retention":"Until the visitor disables notifications or clears browser storage.","deletion":"Disable on /favorites, which calls DELETE /api/pwa/push/subscribe when provider mode is configured, or clear artesc:pwa-push-preference:v1.","publicSummary":"PWA push preference: согласие на уведомления по избранному хранится только в браузере до отключения.","localMode":"Browser-only opt-in receipt; PushSubscription is not stored server-side.","productionMode":"PushSubscription is forwarded only to an approved provider with bearer auth, HMAC signature, idempotency key, and user-triggered delete flow."},{"id":"schedule-request","label":"Schedule requests","storage":"external schedule module","fields":["profile","date","time","service mode","contact channel","contact","comment"],"retention":"30 days after request completion by default.","deletion":"Delete or anonymize through the schedule provider workflow after a verified request.","publicSummary":"Schedule-заявки: контакт и параметры заявки хранятся во внешнем schedule-модуле до 30 дней после завершения запроса.","localMode":"Payload is validated but not persisted while optional SCHEDULE_API_URL is missing.","productionMode":"Schedule provider must enforce retention and export/delete procedures."},{"id":"vip-club-verification","label":"VIP Club verification","storage":"external Telegram/verification workflow","fields":["contact channel","contact","preferred profile","comment"],"retention":"90 days after verification decision by default.","deletion":"Delete from the verification workflow after a verified request or failed verification expiry.","publicSummary":"VIP Club verification: контактные данные хранятся во внешнем verification workflow до 90 дней после решения.","localMode":"Validated without local contact storage while VIP_CLUB_WEBHOOK_URL is missing.","productionMode":"Telegram/verification workflow must keep access restricted and auditable."},{"id":"real-review-intake","label":"Real review intake","storage":"PostgreSQL reviews table","fields":["profile slug","rating","author alias","review text","source","publication flag"],"retention":"Published reviews remain until takedown; unpublished review intake is reviewed within 90 days.","deletion":"Unpublish, anonymize, or delete through protected admin moderation after verification.","publicSummary":"Отзывы: опубликованные реальные отзывы хранятся до takedown; неопубликованный intake проверяется в течение 90 дней.","localMode":"Dry-run ticket only; review text is not persisted without DATABASE_URL.","productionMode":"Only moderated real reviews may be published or included in JSON-LD."},{"id":"admin-audit","label":"Admin audit logs","storage":"PostgreSQL admin_audit_logs table","fields":["actor","action","entity type","entity id","payload","created at"],"retention":"180 days by default.","deletion":"Rotate or purge through a privileged database maintenance task after the retention window.","publicSummary":"Admin audit logs: служебные действия админки хранятся до 180 дней и очищаются через привилегированную maintenance-задачу.","localMode":"No audit rows are persisted without DATABASE_URL.","productionMode":"Access is limited to protected admin endpoints and database operators."},{"id":"telegram-status-events","label":"Telegram status events","storage":"PostgreSQL profile_status_events table","fields":["profile slug","status","status label","source","actor","timestamp"],"retention":"30 days for historical events; current public status remains while the profile is active.","deletion":"Purge historical events through database maintenance or profile takedown workflow.","publicSummary":"Telegram live-статусы: исторические события хранятся до 30 дней, текущий публичный статус остается пока анкета активна.","localMode":"Static seed status only while DATABASE_URL is missing.","productionMode":"Webhook must require TELEGRAM_WEBHOOK_SECRET, verify it without storing the token, and write only status fields."},{"id":"web-vitals","label":"Web Vitals metrics","storage":"external analytics endpoint or no-store local validation","fields":["metric id","metric name","value","rating","pathname"],"retention":"90 days in the approved analytics sink by default.","deletion":"Delete through the analytics provider if event-level deletion is supported.","publicSummary":"Web Vitals: технические метрики без query params хранятся в утвержденном analytics sink до 90 дней.","localMode":"Validated and returned without persistence.","productionMode":"Forward only after WEB_VITALS_ENDPOINT_URL and provider privacy review are approved."},{"id":"media-enhancement","label":"Media enhancement jobs","storage":"approved media provider and Cloudflare R2/CDN","fields":["source asset id","operation","review status","output asset id"],"retention":"Source and derived assets follow content lifecycle; rejected drafts are removed within 30 days.","deletion":"Remove source/derived assets through media moderation and CDN purge workflow.","publicSummary":"Media enhancement: исходные и производные медиа следуют жизненному циклу контента; отклоненные drafts удаляются до 30 дней.","localMode":"Policy-only dry-run; no enhancement jobs are persisted.","productionMode":"Human review is required before publication; watermark removal and identity edits stay blocked."},{"id":"takedown-request","label":"Takedown and legal requests","storage":"legal inbox or approved ticketing workflow","fields":["URL","claim summary","contact channel","verification evidence"],"retention":"One year after resolution by default.","deletion":"Close and archive/delete according to counsel-approved legal hold rules.","publicSummary":"Takedown/legal requests: обращения и доказательства хранятся до одного года после решения, если legal hold не требует иначе.","localMode":"Telegram contact only; no local ticket storage.","productionMode":"Requires a dedicated LEGAL_CONTACT_EMAIL or approved legal inbox."}],"deletionRequestChannels":["/legal/takedown","https://t.me/artesc_support"],"controls":["collect only fields required for catalog, moderation, schedule, status, or legal operations","keep local dry-run modes non-persistent for contact data","separate browser-only retention from server-side retention","require admin token/session for moderation, audit, and profile write access","do not collect behavioral-factor data for artificial engagement manipulation"],"productionBoundary":["Retention periods must be reviewed by counsel before commercial launch.","LEGAL_CONTACT_EMAIL should be configured before production traffic.","External schedule, Telegram, analytics, media, and database providers must expose deletion or export procedures."]}}