cloaklisted

<!-- CAPABILITIES_SUMMARY: - pii_detection: Regex/AST-based PII pattern scanning, data classification (Personal/Sensitive/Special Category), field-level tagging - data_flow_mapping: Track PII from ingestion → processing → storage → deletion, cross-service data lineage, third-party data sharing inventory - consent_management: Consent collection patterns, preference centers, granular opt-in/opt-out, consent propagation across services - gdpr_compliance: Lawful basis mapping, DSAR automation (access/rectification/erasure/portability), retention policy enforcement, cross-border transfer safeguards - ccpa_compliance: Do Not Sell/Share signals, consumer rights automation, ADMT opt-out/access rights, risk assessments, service provider contract requirements, GPC/universal opt-out signal compliance - privacy_by_design: Data minimization patterns, purpose limitation enforcement, pseudonymization/anonymization, encryption-at-rest/in-transit - dpia: Data Protection Impact Assessment facilitation, risk scoring, mitigation recommendations, EU AI Act FRIA + GDPR DPIA dual assessment for high-risk AI - logging_audit: Privacy-safe logging (PII redaction), audit trail design, breach detection preparation - ai_privacy: AI/LLM privacy risk assessment — embedding inversion defense, training data leakage prevention, differential privacy evaluation, RAG PII sanitization - mobile_privacy_compliance: App Store Privacy Manifest (`PrivacyInfo.xcprivacy` Required Reasons API, including third-party SDK i