# Parental Consents

📖 Consentements parentaux pour utilisateurs 13-15 ans (Article 8 RGPD)

## Diagramme

```kroki-dbml
Table users {
  id uuid [primary key]
  birthdate date [not null]
}

Table parental_consents {
  id uuid [primary key]
  user_id uuid [not null, unique, ref: > users.id, note: 'Ado 13-15 ans (1 consent par user max)']
  parent_email varchar(255) [not null, note: 'Email du parent pour validation']
  validation_token varchar(64) [unique, note: 'Token de validation envoyé par email (expire 7j)']
  validated boolean [not null, default: false, note: 'true après clic parent sur lien email']
  token_expires_at timestamp [not null, note: 'validation_token expire après 7 jours']
  validated_at timestamp [note: 'Timestamp de validation parent (NULL si non validé)']
  parent_ip inet [note: 'IP du parent lors de la validation']
  parent_user_agent text [note: 'User agent parent (preuve validation)']
  revoked_at timestamp [note: 'Révocation du consentement parental']
  revocation_reason text [note: 'Raison de la révocation (optionnel)']

  indexes {
    (user_id) [unique, note: 'Un seul consentement parental actif par user']
    (validation_token) [unique, note: 'Lookup rapide pour validation lien email']
    (validated, token_expires_at) [note: 'Cleanup des tokens expirés non validés']
  }
}

Table parental_controls {
  id uuid [primary key]
  parental_consent_id uuid [not null, unique, ref: - parental_consents.id, note: 'One-to-one relationship']
  gps_enabled boolean [not null, default: false, note: 'Autoriser GPS précis (false = GeoIP uniquement)']
  messaging_enabled boolean [not null, default: false, note: 'Autoriser messagerie privée']
  content_16plus_enabled boolean [not null, default: false, note: 'Autoriser contenu 16+']
  weekly_digest_config jsonb [note: 'Config notifications hebdo parent (email, contenu, format)']
  updated_at timestamp [not null, default: `now()`]

  indexes {
    (parental_consent_id) [unique]
  }
}
```

## Légende

**Workflow** :
1. Ado saisit email parent → `validation_token` généré (expire 7j)
2. Parent clique lien → `validated = true`
3. Parent configure `PARENTAL_CONTROLS`
4. Révocation possible → `revoked_at` renseigné

**Restrictions par défaut (13-15 ans)** :

- `gps_enabled`: `false` (GeoIP uniquement)
- `messaging_enabled`: `false`
- `content_16plus_enabled`: `false`
- Dashboard parent : notifications hebdomadaires activité