Private Area

This is the technical hub for the ColivingLiguria private area used by incoming people to access the Living Register workflow and upload requested documents through a protected channel.

Public entry points:

• Login
• Private area

Technical pages:

• Authentication And Sessions
• Protected Upload Channel
• Privacy And Document Rules
• Deployment And Operations

Canonical System Boundaries

• Website source: Quartz_CL/
• Login page: Quartz_CL/content/login.tsx
• Private area page: Quartz_CL/content/private.tsx
• Cloudflare Pages auth proxy: Quartz_CL/functions/api/auth/[[path]].ts
• Living Register backend: New_CL/Business_Segments/ColivingLiguria_Living/ES_Software_Engineering/01_LivingRegister/backend/auth/
• LP personal-data operating folder: New_CL/Business_Segments/ColivingLiguria_Living/H_Human_Resources/LP_Personal_Data/
• Living variable registry: New_CL/Business_Segments/ColivingLiguria_Living/ES_Software_Engineering/01_LivingRegister/VariableRegistry/living_latex_variable_registry.json
• LP privacy skill: New_CL/Cross_Domains/AO_Admin_Organisation/01_Teams/SKLP_Legal_Privacy_Subteam_SKILL/

The website must not become a second personal-data archive. It only gives the person an authenticated way to send requested material into temporary private staging.

Operating Principle

The private area is designed for data minimisation:

• show only redacted account contact details back to the user;
• request only documents that ColivingLiguria has a defined purpose for;
• keep raw uploads out of public Quartz exports;
• track upload metadata, review state, deletion deadline, quarantine, and legal hold;
• delete or quarantine temporary files before the retention deadline.

Production Status Rule

The interface can be deployed as static Quartz content plus Cloudflare Pages Functions, but real uploads work only when the production Pages environment has a reachable Living Register auth backend configured through LROS_AUTH_API_BASE.

If that variable is absent, /api/auth/* must return a clear 503 JSON error. Silent fallback to WhatsApp, ordinary email, or public forms is not allowed for passports, permits, health coverage, deposit proof, or signed forms.