PDPP
Enforce
Grant: idle
PDPPv0.1.0 · Open reference

Granular access
to personal data

Clients request named records and fields.
Every response stays inside the grant.
Read the docsSee the flow
Consent surface
Longview
Compensation planning

It requests pay statements and equity grants for a career-move review. Approve four pay-statement fields. The response drops the identity-heavy payroll fields.

PurposeCareer-move compensation planning
AccessContinuous
DecisionApprove 4 payroll fields
Grant + response
grant.fields = [
  "employer",
  "pay_period",
  "gross_pay",
  "net_pay"
]

GET /v1/records/pay_statements
→ 4 of 8 fields returned

The grant is the boundary. The response matches it.

8 fields on the record4 fields approved4 fields returned
ingest

Native where possible, connector-backed where needed

Platforms can implement PDPP directly. Native endpoints, browser automation, and imports can all feed the same compensation records into one grant and enforcement model.

Native API
Browser
Import
Structured records

Different realization paths. Same grant and enforcement model.

Compensation profilev1.0.0
https://registry.pdpp.org/profiles/compensation-v1
3 streams1 append only2 mutable state
Profiles
Career move planning3 streams
inventory

Records make access exact

Pay statements, equity grants, and benefits enrollments become records the server can match, project, and revoke. Once the data has shape, access can become exact.

Compensation sourcesv1.0.0
3 streams, 28 records
request

A client app requests access

Longview is the client app. It requests pay statements and equity grants for career-move compensation planning. The request names the client, the purpose, and the exact streams.

POST /authorize
client request
Longview
Compensation planning
client appverified
Career-move compensation planning
pay_statementsrequired
equity_grantsrequired
benefits_enrollmentsoptional
Client claim: planning workspace only.
grant

The grant makes it durable

Approval becomes a grant with exact streams, fields, access mode, and time window.

Active, ongoing
grt_longview01
Longview
Career-move compensation planning
Issued
Apr 15, 2026
Expires
Apr 15, 2027
Access
Continuous access until revoked
Retention
Deleted after 90 days
purpose: planning
enforce

Only the granted fields come back

Longview queries pay statements. The server returns the four granted comparison fields and leaves the identity-heavy payroll fields behind.

GET /v1/streams/pay_statements/records
Record on server (8 fields)
employerpay_periodgross_paynet_payemployee_idhome_addressbank_account_last4tax_id_fragment
grant filter
Response to client (4 fields)
employerpay_periodgross_paynet_pay
sync

Only what changed

On the next payroll cycle, one new pay statement lands. Longview syncs again and gets only the new record.

First query: 24 pay statements
next_changes_since: "cursor_a8f2..."
Sync one payroll cycle later: 1 new pay statement
changes_since: "cursor_a8f2..." → 1 record returned
revoke

Access is revocable

One click revokes the grant. The next query from Longview receives a refusal within 60 seconds.

Active, ongoing
grt_longview01
Longview
Career-move compensation planning
Issued
Apr 15, 2026
Expires
Apr 15, 2027
Access
Continuous access until revoked
Retention
Deleted after 90 days
purpose: planning
export

Self-export remains full-fidelity

Owner access can retrieve full records at any time. Every field, every stream, no third-party grant required.

Owner accessNo grant required
Click a stream to export. All fields returned, no projection.
multi

One protocol across platforms

Compensation planning is one reference world. Subscription review, travel reimbursement, and benefits disputes can use the same grant-and-enforcement model across different platforms and deployment paths.

Compensation profilev1.0.0
https://registry.pdpp.org/profiles/compensation-v1
3 streams1 append only2 mutable state
Profiles
Career move planning3 streams
spec

Built on an open specification

Every component on this page implements a section of the PDPP specification. Published, versioned, and open for review.

Enforce§8 Resource ServerField projection, effective filter composition
Request§5 Selection RequestRFC 9396 authorization_details envelope
Consent§5.1, §5.2Client display, client claims, attribution
Grant§6 GrantImmutable consent artifact with three time axes
Sync§4.1 IncrementalProjection-aware deltas via changes_since
Revoke§6.5 Revocation60s propagation window, retention governs past data
Export§8.3 Owner TokensSelf-export via owner token, no grant required
Inventory§4 Record ModelFlat relational streams with primary keys
Ingest§7 ManifestConnector manifest declares the consent surface
Read the full specification →