Technical writing, documentation strategy, and tooling
View All Tags
Every compliance audit I've seen ends the same way: a consultant produces a 47-page PDF, emails it to someone who saves it in a shared drive, and both parties agree to pretend this constitutes "verification." The PDF is not tamper-proof. The shared drive is not immutable. The agreement is not enforceable. DPO2U replaces this entire ritual with a five-step cryptographic pipeline.
The most consequential design decision in DPO2U wasn't the choice of blockchain or the smart contract language — it was making the primary interface an MCP server. In 2026, the consumers of compliance infrastructure aren't humans clicking dashboards. They're AI agents making autonomous decisions about data transfers. The API must speak their language.
Of the 10 legal bases in LGPD Article 7, legitimate interest is the one that gets companies fined. Not because it's invalid — it's arguably the most versatile basis for data processing — but because it's the only one that requires a documented justification before you start processing. Most companies skip the documentation and hope nobody asks. The ANPD always asks.
Every LGPD implementation I've reviewed makes the same mistake: the developer picks "consent" as the legal basis for everything because it's the only one they've heard of. Brazil's data protection law defines 10 legal bases for processing personal data, and choosing the wrong one doesn't just create legal risk — it creates architectural debt that compounds with every feature you ship.
When you document a zero-knowledge system, you face a fundamental paradox: you need to explain clearly what the system does without undermining the very privacy guarantees it provides.
When I chose Docusaurus 3 for DPO2U's documentation site, the decision wasn't obvious. Here's why I picked it over Nextra, GitBook, and Mintlify — and the configuration decisions that shaped the final result.