Database Configuration (For Self-Hosting)
INFO
Note for DPOs: If you're using our hosted API service, you can skip this section. This information is only relevant for organizations choosing to self-host Daisy to maintain complete control over compliance data.
Data Storage for GDPR Compliance
When self-hosting Daisy for your organization, proper database configuration is essential to maintain GDPR compliance. This guide explains how to configure a compliant data storage environment.
Compliance-Focused Setup Guide
1. Prerequisites
- PostgreSQL 14+ installed
- Database encryption capabilities
- Access controls configured
- Audit logging enabled
2. GDPR-Compliant Database Setup
To create a database that will meet GDPR requirements:
- Create a dedicated database for Daisy
- Create a restricted user account with minimal privileges
- Enable encryption for data at rest
- Configure proper access controls
- Set up audit logging for database access
3. Essential Environment Configuration
Configure your environment with these security-focused settings:
- Database connection parameters
- SSL encryption (required for GDPR compliance)
- Audit logging parameters
- Backup configuration
4. Database Security Best Practices
For DPOs ensuring GDPR compliance:
- Access Control: Limit database access to essential personnel only
- Data Encryption: Ensure all sensitive data is encrypted at rest
- Audit Trails: Maintain comprehensive logs of all database access
- Regular Backups: Implement automated, encrypted backups
- Data Minimization: Configure retention periods to automatically purge unnecessary data
Data Storage Compliance Considerations
Data Residency Requirements
For European organizations, ensure your PostgreSQL database is hosted within the EU/EEA to comply with data transfer restrictions. Our self-hosting option allows you to maintain complete control over data location.
Data Subject Rights Implementation
The database schema supports GDPR data subject rights:
- Right to Access: Easily retrieve all data related to a specific data subject
- Right to Erasure: Securely delete personal data when requested
- Data Portability: Export data in machine-readable formats
- Processing Limitations: Implement processing restrictions through database flags
Breach Detection and Notification
Proper database configuration enables:
- Early detection of unauthorized access
- Comprehensive breach investigation capabilities
- Detailed audit trails for notification documentation
- Evidence preservation for supervisory authority reporting
Backup and Recovery for Compliance
Compliant Backup Strategy
- Implement encrypted backups
- Store backups in a secure, separate environment
- Test restoration procedures regularly
- Document backup procedures for supervisory authorities
Retention Policy Implementation
Configure automated retention policies to ensure:
- Data is not kept longer than necessary
- Historical compliance documentation is preserved
- Deletion processes meet GDPR requirements
- Audit trails document all deletion activities
Technical Support for DPOs
If your technical team needs assistance with GDPR-compliant database configuration, our support team includes data protection specialists who can provide guidance specific to your regulatory environment.
Database Schema
Daisy uses several tables to store information:
- Legal Documents: Stores document information and content
- Questionnaires: Stores document generation questionnaires
- Assets: Stores file metadata
- Chat Memory: Stores conversation history
Backup Recommendations
We recommend regular database backups using standard PostgreSQL tools. For automated backups, consider using a tool like pgBackRest or setting up cron jobs.
Need Help?
If you're having trouble setting up your database, please contact our support team: