Download the PHP package ginkelsoft/laravel-data-right-to-be-forgotten without Composer

On this page you can find all versions of the php package ginkelsoft/laravel-data-right-to-be-forgotten. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package laravel-data-right-to-be-forgotten

Ginkelsoft Laravel Data Right to Be Forgotten

Tests Laravel PHP

Overview

Implements GDPR art. 17 — the right to be forgotten for a Laravel application. When a subject ("forget everything about me") files a request, this package sweeps every model you have registered as containing personal data for that subject and either deletes or anonymizes the matching records. Every action is recorded in a tamper-evident forget_log chain built on the shared HashChain from ginkelsoft/laravel-compliance-core.

This is the right to be forgotten member of the GinkelSoft compliance family — install the hub to get the whole family in one go.

The family

Package GDPR Article(s) Role
laravel-compliance-core art. 5(2) Shared primitives (hash chain, strategies, subject hash)
laravel-data-retention art. 5(1)(e) Storage limitation / time-based sweeps
laravel-data-right-to-be-forgotten art. 17 Subject-driven erasure — this package
laravel-data-subject-access art. 15 + 20 Read-only subject export
laravel-data-consent art. 6(1)(a) + 7 Consent registry
laravel-data-breach-registry art. 33 + 34 Personal-data breach register
laravel-compliance-hub art. 5(2) Umbrella: installs the whole family, verifies every chain

Why a separate package from retention?

Time-based retention answers "is this data old enough to remove?". GDPR art. 17 answers a different question: "this specific person has asked me to remove everything about them, today." The two controls share building blocks (delete vs. anonymize, per-field strategies, append-only audit log) but the trigger and the audit-chain are different — retention writes to retention_log, forget writes to forget_log. Keeping them in separate packages keeps each chain internally consistent and independently auditable.

How it works

1. Declare which models hold subject data

An attribute for simple cases, a property for anonymize. Models must additionally implement the Forgettable contract — the trait provides the default implementation, the interface gives the orchestrator the type safety it needs.

For complex subject mappings (subject can appear in either of two columns, polymorphic relation, etc) override the static forSubjectQuery method on the model. See tests/Models/ForgetTicket.php for an OR-across-two-columns example.

2. Register the models

3. Run the sweep

The command name keeps the retention: prefix for BC with the v1.x monolithic package. The first argument is the subject identifier: whatever string consistently identifies the person across your models. The orchestrator iterates every registered model and applies its policy to records linked to that subject. Idempotent: a second run finds no new records and writes no new log entries.

4. Verify the audit chain

Or run php artisan compliance:verify from the hub to verify every chain in the family in one shot.

What the log holds (and what it does not)

The forget_log rows contain subject_hash (an irreversible SHA-256 of the subject identifier plus compliance.log_secret), the source model class and primary key, the action (forgotten_deleted or forgotten_anonymized), timestamps, and the chain hashes. No subject identifier, no field values — just the proof that the person was forgotten.

Compliance notes

This package is not legal advice. The decision to delete vs. anonymize per field belongs to your DPO.

Installation

Then add a secret to .env (shared with the rest of the family):

Gotchas

Testing

Reporting bugs

Found a bug or unexpected behaviour? We want to hear about it.

Preferred — open a GitHub issue: https://github.com/ginkelsoft-development/laravel-data-right-to-be-forgotten/issues/new

When opening an issue, please include:

  1. Versions — PHP, Laravel, and the package version (composer show ginkelsoft/laravel-data-right-to-be-forgotten).
  2. What you did — the artisan command, code snippet, or steps that triggered the bug.
  3. What you expected vs what actually happened — include full error output or a stack trace if there is one.
  4. A minimal reproduction if you can — a failing test or a small code sample beats a long description.

Security-sensitive findings (anything that could expose personal data, break a hash-chain, or bypass an audit log) — please do not open a public issue. E-mail [email protected] directly with "SECURITY" in the subject line and we will respond privately.

Not on GitHub? You can also e-mail [email protected] with the same information.

Contact

For commercial support, integration questions, or anything that doesn't fit a GitHub issue: [email protected]https://ginkelsoft.com.

License

MIT License — see LICENSE. (c) 2026 Ginkelsoft


All versions of laravel-data-right-to-be-forgotten with dependencies

PHP Build Version
Package Version
Requires php Version ^8.2
illuminate/support Version ^10.0 || ^11.0 || ^12.0 || ^13.0
illuminate/database Version ^10.0 || ^11.0 || ^12.0 || ^13.0
illuminate/console Version ^10.0 || ^11.0 || ^12.0 || ^13.0
nesbot/carbon Version ^2.62 || ^3.0
ginkelsoft/laravel-compliance-core Version dev-development
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package ginkelsoft/laravel-data-right-to-be-forgotten contains the following files

Loading the files please wait ...