Building a GDPR-Compliant SaaS Platform with End-to-End Encryption

We implemented a comprehensive GDPR compliance layer with AES-256-GCM encryption, automated erasure workflows, data export, and audit logging.

Architecture

• Encryption: AES-256-GCM with AWS KMS-managed keys
• Key Management: Rotation support with shadow fields for re-encryption
• Database: PostgreSQL with Prisma ORM (60+ tables including GDPR-specific)
• Audit System: Event-driven logging for all data operations
• Auth: AWS Cognito with device-based authentication
• Rate Limiting: Redis-backed throttling

GDPR Implementation

Data Encryption

• AES-256-GCM encryption for all sensitive fields (email, personal data)
• AWS KMS for encryption key management and rotation
• Shadow fields maintaining encrypted versions alongside searchable hashes
• Key rotation without service downtime

Right to Erasure

• Automated deletion workflow triggered by user request
• Cascading deletion across 60+ related tables
• Deletion logs maintaining compliance evidence
• Configurable retention periods

Data Portability

• Complete data export in machine-readable format
• All user conversations, messages, preferences, and activity included
• Export generated asynchronously via BullMQ workers

Audit Trail

• Every data access and modification logged
• Admin events tracked separately for accountability
• Encryption audit logs for key usage and rotation
• GDPR-specific audit trail (erasure requests, exports, consent changes)

Key Features

1. Field-Level Encryption - Encrypt specific sensitive fields, not entire records
2. Key Rotation - Rotate encryption keys without re-encrypting all data
3. Automated Erasure - One-click user deletion with compliance evidence
4. Data Export - Machine-readable export of all user data
5. Audit Logging - Complete trail of all data operations
6. Rate Limiting - Redis-backed throttling to prevent abuse
7. SQL Injection Protection - Prisma ORM parameterized queries throughout