Dekimu · anchored receipts docs
APuR — Anchored Purpose Receipts
Cryptographic proof of a purpose-binding event — what data was bound to which purpose, under which lawful basis, and when.
Purpose
An APuR anchors the purpose for which data is collected or subsequently processed. Each binding creates a verifiable commitment: the controller records the specific purpose, the lawful basis relied upon, and the data categories involved. Repurpose receipts document when processing extends beyond the original purpose, including the compatibility assessment required by GDPR.
Event types
| Kind | Label | Description |
|---|---|---|
purpose.binding | Binding | Data bound to specific purpose. |
purpose.repurpose | Repurpose | Purpose changed with justification. |
purpose.unbinding | Unbinding | Purpose limitation removed. |
Key fields
purpose_specification — structured description of the processing purpose: explicit purpose text, purpose category, and scope of data subjects affected.
lawful_basis — the Art. 6 lawful basis relied upon (consent, contract, legal obligation, vital interests, public task, or legitimate interests). For repurpose events, includes the compatibility assessment outcome.
data_categories — array of data categories bound to this purpose, including any Art. 9 special categories.
Regulatory context
The purpose-limitation principle in GDPR Art. 5(1)(b) requires that personal data be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes. Art. 6 sets out the lawful bases for processing. APuR receipts provide auditable evidence that purpose limitation was observed — or, where repurposing occurred, that a formal compatibility assessment was conducted and documented before processing began.