YUNIT SL

Managed compliance platform

LQPD SaaS for Andorran businesses

YUNIT provides a hosted LQPD service for companies that want customer-data operations, auditor access and deletion workflows managed in a dedicated platform instead of rebuilding the full control layer internally.

Open the portal LQPD process

Commercial model

Setup fee

500 EUR one-time for onboarding, technical guidance, tenant provisioning and migration support.

Monthly service

39 EUR per month for the hosted portal, API access, auditor workflow, deletion handling and tenant administration.

Delivery scope

YUNIT advises your team on integration and migration, but your application changes remain in your own system and release process.

API operating model

  • Each customer receives an OAuth client for machine-to-machine access.
  • Your system stores only the external customer identifier and delegates personal data storage to the LQPD platform.
  • API flows support customer create, update, lookup and deletion-request initiation.
  • Auditor access requests can be invoked through the platform while maintaining an allowlisted reviewer model.

Migration and onboarding

Migration follows a staged import pattern. Customer records are prepared, uploaded, reviewed and then committed into the tenant workspace.

This model is designed to support guided migration from an existing customer base without forcing a big-bang rewrite of your operational system.

Control and audit posture

  • Tenant-scoped data separation in a dedicated Supabase project.
  • One-time auditor export workflow with expiring tokens sent by email.
  • Structured deletion workflow with status tracking and resolution metadata.
  • Stripe-backed setup and subscription billing for repeatable commercial onboarding.

Who this fits

This service is aimed at Andorran businesses that need a credible, operable LQPD control layer but do not want to design every compliance workflow from scratch.

It also suits teams that want a clear architecture story for auditors, procurement reviews or customer-data governance conversations.

Integration sequence

  1. Step 1 Create a tenant and complete Stripe checkout.
  2. Step 2 Add allowlisted auditors and generate an OAuth client in the portal.
  3. Step 3 Exchange the client credentials for a bearer token at `/oauth/token`.
  4. Step 4 Use machine endpoints so your system stores only the external customer identifier while the platform manages personal data.
  5. Step 5 Stage migration data by CSV, review it, and commit the import into the tenant workspace.

Client credential exchange

curl -u "CLIENT_ID:CLIENT_SECRET" \
  -X POST https://api.yunit.tech/oauth/token

Customer write example

curl -H "Authorization: Bearer MACHINE_TOKEN" \
  -H "Content-Type: application/json" \
  -X POST https://api.yunit.tech/machine/customers \
  -d '{
    "external_customer_id": "cust_10042",
    "full_name": "Maria Example",
    "email": "maria@example.com",
    "country": "AD"
  }'

Deletion request example

curl -H "Authorization: Bearer MACHINE_TOKEN" \
  -H "Content-Type: application/json" \
  -X POST https://api.yunit.tech/machine/deletions \
  -d '{
    "external_customer_id": "cust_10042",
    "requester_name": "Maria Example",
    "requester_email": "maria@example.com",
    "description": "Article 17 deletion request"
  }'

Operational notes

  • OAuth clients can be revoked from the tenant console without rotating the whole tenant.
  • Machine tokens are app-issued and validated against the active client record.
  • Auditor requests require an allowlisted reviewer email on the tenant.
  • The platform runs in its own Supabase project and is deployed separately from any client application.