Implement SelfErase: Zero-trust privacy toolkit with local encryption and stateless edge layer

[Copilot]

Implements a privacy-first data broker management system where all PII remains encrypted on-device, with public metadata served via stateless Workers.

Architecture

Local Flutter App

• AES-256-GCM encrypted storage with platform keystore integration
• Broker search, opt-out request generation, progress tracking
• Offline-first with cached metadata
• Cross-platform (iOS/Android/Windows/macOS/Linux)

Cloudflare Workers

• Stateless APIs serving only public broker metadata
• Health checks, template distribution, category endpoints
• Zero PII processing capability by design

Data Layer

• 5 initial brokers (Whitepages, Spokeo, BeenVerified, TruthFinder, Intelius)
• JSON schema validation for broker definitions
• GDPR/CCPA/generic opt-out templates

Key Files

flutter_app/
├── lib/services/storage_service.dart    # AES-256 encryption layer
├── lib/services/broker_service.dart     # Public metadata fetching
└── lib/screens/*                        # UI (dashboard, brokers, profile, requests)

cloudflare_workers/src/
├── index.ts        # Router with security headers
├── brokers.ts      # Metadata API
├── health.ts       # Availability checks
└── templates.ts    # Opt-out templates

data/
├── brokers/brokers.json    # Broker database
└── schema.json             # Validation schema

Security Model

// All PII encrypted before storage
class StorageService {
  Future<void> saveUserData(UserData userData) async {
    final encrypted = _encrypt(jsonEncode(userData.toJson()));
    await _prefs.setString(_userDataKey, encrypted);
  }
}

Guarantees:

• No network transmission of PII (Workers API enforces public-only data)
• Keys in platform secure storage (Keychain/KeyStore)
• Works fully offline (broker data cached locally)

CI/CD

• Multi-platform builds with checksums
• CodeQL security scanning (0 alerts)
• Broker schema validation
• Workflow permissions hardened (least privilege)

Documentation

• SECURITY.md: Threat model, encryption details, data flow analysis
• docs/broker-guide.md: Community contribution process
• docs/architecture.md: System design, scalability considerations

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Project Brief</issue_title>
<issue_description>Below is an updated, unified project concept that incorporates:

✅ Cloudflare Workers for automation, scanning, and re-checks
✅ A local Flutter app for all sensitive personal data handling
❌ No reliance on GitHub Pages for storing or processing personal data
➡️ GitHub will host code only, never user data
⬇️ Optional “portable mode” via downloadable ZIP the user can run locally

Everything is now designed around a security-first, zero-data-retention model.

---

SelfErase (Updated Architecture Concept)

An open-source, hybrid local+edge privacy toolkit for managing and deleting personal data online.

---

Design Goal

Provide users with a complete data-removal system that:

• Never stores personal data on any third-party servers (including Cloudflare, GitHub, or us)
• Uses Cloudflare Workers only for stateless automation
• Uses a local Flutter app for all private data handling
• Allows convenient deployment, but ensures zero trust required for any service
• Gives users a portable, offline-capable app they fully own

---

Why This Architecture Works

1. Cloudflare Workers Handle Automation

Cloudflare Workers perform tasks that don’t require user PII, such as:

• Checking if data broker pages are online or changed
• Monitoring broker API changes
• Providing lists of brokers and opt-out methods
• Scheduling re-scan suggestions (no PII included)

Workers compute and serve only public metadata, like:
brokers.json, opt-out instructions, form templates, availability tests.

2. Flutter App Handles All Personal Data

The Flutter app (runs on iOS, Android, macOS, Windows, Linux) will:

• Store all user PII locally, encrypted
• Construct opt-out requests
• Generate emails, form submissions, or automated scripts
• Organize the user’s personal “exposure map”
• Talk to Cloudflare Workers only for public data (no PII passes through)

No personal data ever leaves the device
except when the user manually sends deletion/opt-out requests to brokers.

3. Optional ZIP Download / Portable Mode

For users who want:

• A fully offline solution
• No app store
• Self-verifiable code
• Maximum privacy

We will offer a portable ZIP download containing a self-contained Flutter desktop app.

Users can:

• Build it from source
• Download a GitHub release
• Verify signatures
• Run locally with no installation

4. GitHub Pages Cannot Store Data — So It Stores Only Static Files

GitHub will host:

• Documentation
• The website marketing/info
• The open-source code
• Guides
• Broker metadata

No dynamic data. No PII. No user uploads.
That keeps GitHub simple, safe, and fully open-source.

---

Security Model Overview

A. Zero PII Transmission

• Cloudflare Workers never receive PII.
• Flutter app never transmits PII.
• All sensitive data stays encrypted at rest on the local device.

B. Encrypted Local Storage

Flutter app uses:

• SQLCipher or secure keystore on mobile
• AES-256 encryption for desktop
• Optional local password or biometric lock

C. Verification & Reproducibility

• Deterministic builds for Flutter
• GitHub Actions produce signed binaries
• Users can reproduce builds and verify checksums

D. No Third-Party Tracking

• App contains no analytics, no logging
• Workers log no requests (disables logs if possible)
• Complete transparency in codebase

---

Updated Project Description for the Repository

SelfErase

SelfErase is an open-source privacy toolkit that helps individuals identify, manage, and remove their personal data from data brokers—without ever sharing personal information with any external service.

SelfErase uses a hybrid model:

Local Flutter App (User-Controlled)

• Handles all sensitive personal data locally
• Generates and sends opt-out requests
• Manages encrypted personal records
• Provides a dashboard of exposure risk
• Runs fully offline if desired

Cloudflare Workers (Stateless Automation)

• Maintain and update public broker lists
• Check broker endpoint availability
• Provide opt-out templates
• Offer re-check schedules (no PII)
• Run predictably on user-owned deployments

This ensures a secure, privacy-first system where all personal data remains fully owned and controlled by the user.

---

High-Level Architecture

                +---------------------------+
                |   GitHub (Code Only)      |
                |  - docs                   |
                |  - broker metadata        |
                |  - source code            |
                +------------+--------------+
                             |
                             v
                +------------+--------------+
                | Cloudflare Workers        |
                | - Public...

</details>

- Fixes OWASP-BLT/SelfErase#1

<!-- START COPILOT CODING AGENT TIPS -->
---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey).