Getting Started

Welcome to DPO2U's technical documentation. This guide walks you through the first steps of interacting with the protocol, whether you are a company seeking to emit compliance proofs, or a developer integrating AI Agents.

Prerequisites

Before you begin, ensure you have:

A DPO2U MCP Server URL (or the ability to run it locally)
Basic familiarity with blockchain concepts and API integrations
curl or any HTTP client for testing tool calls

For companies

If you are a business operating with user data, participating in DPO2U enables you to mathematically prove your compliance without ever leaking the sensitive data you manage.

1. Request an LGPD Kit

Contact the DPO2U team or use the MCP Server's generate_lgpd_kit tool to produce a complete privacy policy package. The tool analyzes your company profile and data processing activities and generates a policy.json strictly governed by the dpo2u/lgpd/v1 schema.

2. Review and approve

The generated kit includes privacy policies, data processing records, and a DPIA (Data Protection Impact Assessment). Your legal team reviews the documents before submission.

3. Emit the Attestation

Once approved, the DPO2U framework encrypts and uploads the content to the Lighthouse IPFS network. The Auditor Agent then assesses the generated file and creates an Attestation on the Midnight Network, resulting in an immutable score and timestamp associated only with your company identifier hash.

4. Monitor compliance

Use check_compliance_status to verify your Attestation at any time. Scores, timestamps, and proof links are publicly verifiable on-chain.

For developers & AI agents

If you are a developer looking to integrate DPO2U into your AI pipelines, the primary entry point is the MCP Server. All interactions use standard HTTP requests — no proprietary SDK required.

Checking compliance status

curl
TypeScript

curl -X POST https://mcp.dpo2u.com/tools/check_compliance_status \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DPO2U_API_KEY" \
  -d '{
    "company_id": "hashed-cnpj-identifier"
  }'

Response:

{
  "compliant": true,
  "score": 87,
  "last_validated": "2026-02-28T14:30:00Z",
  "proof_url": "https://explorer.midnight.network/tx/0xabc..."
}

const response = await fetch('https://mcp.dpo2u.com/tools/check_compliance_status', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${process.env.DPO2U_API_KEY}`,
  },
  body: JSON.stringify({
    company_id: 'hashed-cnpj-identifier',
  }),
});

const result = await response.json();

if (!result.compliant) {
  console.log('Supplier is not compliant. Aborting data transfer.');
  process.exit(1);
}

console.log(`Compliance score: ${result.score}/100`);

Workflow

Using the MCP Server allows your LLMs to natively run check_compliance_status(company_id). Before your application processes third-party data or shares insights with an external supplier, your AI agent can halt the execution if the supplier lacks a valid on-chain DPO2U Attestation.

MCP Server

For detailed API usage, authentication, error handling, and the full list of exposed tools, head to the MCP Server documentation.

What's next

MCP Server — full API reference, authentication, and error codes
Architecture — understand the 5-layer protocol stack
Schemas — the dpo2u/lgpd/v1 schema specification

For companies​

1. Request an LGPD Kit​

2. Review and approve​

3. Emit the Attestation​

4. Monitor compliance​

For developers & AI agents​

Checking compliance status​

Workflow​

What's next​