Skip to main content
PropOps includes built-in GDPR tooling to record consent before login and to generate data-subject export reports on demand.
POST /api/gdpr/consent Records a consent event for cookie acceptance, privacy policy agreement, or terms of service acceptance. This endpoint is public — it is available before the user is logged in so that pre-login consent can be captured on the login and registration pages. Permission: None — public endpoint (no authentication required)
consent_type
string
required
Type of consent being recorded. One of: cookies, privacy_policy, terms.
consent_version
string
required
Version string of the policy being accepted (e.g. "1.2"). Must match the current version of the relevant Legal Document.
accepted
boolean
required
true if the user accepted, false if they declined.
fingerprint
string
Optional browser fingerprint to link the consent record to a device before the user has an account.
curl -X POST "https://propops.yourcompany.com/api/gdpr/consent" \
  -H "Content-Type: application/json" \
  -d '{
    "consent_type": "cookies",
    "consent_version": "1.2",
    "accepted": true,
    "fingerprint": "a1b2c3d4e5f6"
  }'

{
  "success": true,
  "message": "Consent recorded"
}
Declined consent (accepted: false) is also recorded. This provides a full audit trail required under UK GDPR Article 7 for demonstrating the ability to prove consent was or was not given.

GDPR Data Export

Generate a data-subject export

GET /api/tenants/gdpr-report?tenant_uuid=<uuid> Generates a portable GDPR data-subject access report for a tenant. The report includes all personal data held for the tenant — contact details, job history, case notes, and consent records. Accessible to staff only. Required permission: api.tenants.gdpr-report.manage
Account types: Staff only
tenant_uuid
string
required
UUID of the tenant to generate the export for.
curl -X GET "https://propops.yourcompany.com/api/tenants/gdpr-report?tenant_uuid=990e8400-e29b-41d4-a716-446655440001" \
  -H "Authorization: Bearer <token>"

{
  "success": true,
  "data": {
    "tenant": {
      "uuid": "990e8400-e29b-41d4-a716-446655440001",
      "full_name": "Jane Smith",
      "email": "jane.smith@example.com",
      "phone": "07700000002",
      "address": "4 Pine Street, Leeds, LS1 1AB"
    },
    "jobs": [
      {
        "job_ref": "JOB-1042",
        "job_title": "Boiler service",
        "created_at": "2024-05-10T09:00:00Z",
        "completed_at": "2024-05-15T14:00:00Z"
      }
    ],
    "consent_records": [
      {
        "consent_type": "cookies",
        "consent_version": "1.2",
        "accepted": true,
        "recorded_at": "2024-01-12T08:30:00Z"
      }
    ],
    "generated_at": "2024-06-14T12:00:00Z"
  },
  "message": "GDPR report generated"
}
The response is designed to be directly downloadable as a JSON file to fulfil a Data Subject Access Request (DSAR). You can also pipe it through a PDF renderer for a printable report.