Replyion changelog

Added POST /api/v1/gdpr/export and POST /api/v1/gdpr/delete. Patients can request a full export or full deletion of their data with WhatsApp-verified identity.

Deletion is soft for 30 days, then hard-deletes via the new T+30 Inngest job. Confirmations land in the patient's WhatsApp.

Operator deletion CLI shipped at scripts/gdpr_delete.ts for offline-verified identity paths.

Every patient WhatsApp interaction now writes a consent record on the first message, language-stamped and clinic-scoped.

STOP, PARAR, DUR, plus four other language equivalents now revoke consent and silence the agent within one message.

Per-clinic template registry tracks Meta-approved templates and their status.

Quality-rating monitoring lands daily; degradation pages the clinic operator and the founder.

Five playbooks now live under 10_Admin/Runbooks/: deploy, key rotation, key leak emergency, DB restore, DNS compromise.

Disaster recovery runbook captures RTO/RPO targets and the procedure for total Supabase loss, total Vercel loss, and the combined case.

Patient phone numbers now hash with a per-clinic salt so the same phone in two clinics never collides.

Cross-tenant isolation tests pass green.