Images

Author: Dan Costello

app/docs/layout.tsx

@@ -31,7 +31,7 @@ export default function Layout({ children }: { children: ReactNode }) {
       ],
     },
   };
-  console.log(options);
+
   return (
     <DocsLayout {...options}>
       {children}

content/docs/data-access/definitions/access-policies.md

@@ -12,34 +12,18 @@ Access Policies control the circumstances under which data can be retrieved or e
 
 Access Policies are executed in three places in UserClouds:
 
-- Every <<glossary:accessor>> (read path) is associated with an access policy that controls access for each target user record and filters the records in the response accordingly.
-- Every <<glossary:mutator>> (write path) is associated with an access policy that governs whether the write is allowed.
-- Every <<glossary:token>> is associated with an access policy that governs the circumstances in which the token can be exchanged for the original data ("resolved").
+- Every <glossary>accessor</glossary> (read path) is associated with an access policy that controls access for each target user record and filters the records in the response accordingly.
+- Every <glossary>mutator</glossary> (write path) is associated with an access policy that governs whether the write is allowed.
+- Every <glossary>token</glossary> is associated with an access policy that governs the circumstances in which the token can be exchanged for the original data ("resolved").
 
 In addition, two special types of access policies are available:
 
-- **Column Default Access Policies**: These policies are associated with specific columns and are applied by default to all reads that extract data from those columns. They ensure consistent application of access rules for sensitive data, such as automatically applying a role check to the SSN column. They can be overridden for individual accessors. Learn more [here](https://docs.userclouds.com/docs/protect-a-column-with-defaults). 
-- **Global Baseline Access Policies**: These policies are applied by default to all reads, providing a consistent security baseline. For example, a global policy might always require a valid token or restrict access to trusted IP addresses. They cannot be overridden. Learn more [here](https://docs.userclouds.com/docs/apply-global-protection-policies). 
+- **Column Default Access Policies**: These policies are associated with specific columns and are applied by default to all reads that extract data from those columns. They ensure consistent application of access rules for sensitive data, such as automatically applying a role check to the SSN column. They can be overridden for individual accessors. Learn more [here](https://docs.userclouds.com/docs/protect-a-column-with-defaults).
+- **Global Baseline Access Policies**: These policies are applied by default to all reads, providing a consistent security baseline. For example, a global policy might always require a valid token or restrict access to trusted IP addresses. They cannot be overridden. Learn more [here](https://docs.userclouds.com/docs/apply-global-protection-policies).
 
 Access policies provide central, fine-grained control over sensitive data access. They can evaluate purpose, identity, authorization, location, , and more. They can range from simple "always allow resolution" policies to complex evaluations.
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/0f48153-Diagram_showing_an_access_policy.png",
-        "",
-        "Access policies give you central, fine-grained control over sensitive data access. Policies can evaluate purpose, identity, permissions, location, expiration timelines, rate limits and more."
-      ],
-      "align": "center",
-      "sizing": "400px",
-      "caption": "Access policies give you central, fine-grained control over sensitive data access. Policies can evaluate purpose, identity, permissions, location, expiration timelines, rate limits and more."
-    }
-  ]
-}
-[/block]
-
+![Access policies give you central, fine-grained control over sensitive data access. Policies can evaluate purpose, identity, permissions, location, expiration timelines, rate limits and more.](/assets/images/what-userclouds-does.webp)
 
 ## Example Use Cases
 

content/docs/data-access/definitions/accessors-read-apis.md

@@ -10,35 +10,21 @@ updatedAt: "Tue Sep 10 2024 16:09:30 GMT+0000 (Coordinated Universal Time)"
 
 Accessors are configurable APIs that allow a client to retrieve data from the user store. Accessors are intended to be use-case specific. For example, you might configure two separate accessors `GetEmailForMarketing` and `GetEmailForAuthentication`. They enforce data usage policies and minimize outbound data from the store for their given use case.
 
-As an example of data minimization, you might configure an accessor called `GetPhoneCountryCodeForAnalytics` that returns the country code of a user's phone number when called, instead of the raw phone number. This reduces the sensitivity of the data outside your store, minimizing your surface area for an attack and simplifying compliance. 
+As an example of data minimization, you might configure an accessor called `GetPhoneCountryCodeForAnalytics` that returns the country code of a user's phone number when called, instead of the raw phone number. This reduces the sensitivity of the data outside your store, minimizing your surface area for an attack and simplifying compliance.
 
 Accessors can be configured to access either live or soft-deleted data. Soft-deleted data is data that has been deleted but is temporarily retained for a narrow set of purposes, e.g. fraud investigations. See [Data Lifecycle](https://docs.userclouds.com/docs/data-lifecycle) for more details.
 
 ## What Accessors Do
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/661fa9a-Diagram_of_what_userclouds_does.jpg",
-        "",
-        ""
-      ],
-      "align": "center"
-    }
-  ]
-}
-[/block]
-
+![What UserClouds Does](/assets/images/what-userclouds-does.webp)
 
 ## How Accessors Work
 
 1. Data, <<glossary:consent>>s and <<glossary:purpose>>s are stored inside the safety layer boundary (either in UserClouds User Store or an owned-and-operated database like RDS)
 2. Data consumers request access by sending context, like purpose or identity, to a use-case specific <<glossary:accessor>> API
 3. Several access policies are evaluated for each user record, using the data passed in <<glossary:context>> and data in the user object:
-   1. **Global baseline policy for accessors**: Applied to ensure baseline security. Learn more [here](https://docs.userclouds.com/docs/apply-global-protection-policies). 
-   2. **Column-default access policies**: Column default policies for all columns accessed by the accessor are applied, unless overridden. Learn more [here](https://docs.userclouds.com/docs/protect-a-column-with-defaults). 
+   1. **Global baseline policy for accessors**: Applied to ensure baseline security. Learn more [here](https://docs.userclouds.com/docs/apply-global-protection-policies).
+   2. **Column-default access policies**: Column default policies for all columns accessed by the accessor are applied, unless overridden. Learn more [here](https://docs.userclouds.com/docs/protect-a-column-with-defaults).
    3. **Accessor-specific access policy composition**: Applied in addition to the above policies.
 4. User data is further filtered according to whether the users have consented to the accessor's data processing purpose.
 5. For records where access is granted, the accessor's <<glossary:data transformer>>s transform each column of the outbound data, minimizing the data for the given use case. If no transformer is specified for a given column, the column's default transformer is used. Learn more [here](https://docs.userclouds.com/docs/protect-a-column-with-defaults). 
@@ -48,7 +34,7 @@ Accessors can be configured to access either live or soft-deleted data. Soft-del
 At creation time, each accessor is associated with a user record <<glossary:selector>>, a set of <<glossary:column>>s, a set of <<glossary:data transformer>>s, a <<glossary:purpose>> and an <<glossary:access policy>>.
 
 - The user record <<glossary:selector>> is a SQL-like clause that specifies which records the accessor should return data for, based on an array of values that are passed at execution time. The accessor's response will only include users that have consented to the accessor's purpose for all non-<<glossary:system column>>s used in the selector. Since UserClouds does not store consents for <<glossary:system column>>s, they can be referenced in the selector regardless of accessor purpose / user consents.
-- The columns indicate which data fields the accessor will retrieve. 
+- The columns indicate which data fields the accessor will retrieve.
 - Each column is associated with a transformer, which tokenizes, minimizes or otherwise obscures the outbound data from that column.
 - The purpose is selected from your company's list of data processing purposes. This indicates what the accessor will be used for, e.g. marketing. The accessor will run a <<glossary:purpose check>>, filtering out user records and data for which the user has not consented to the specified purpose across all columns. The accessor's response will only include users that have consented to the accessor's purpose for all columns being retrieved, and all non-system columns used in the selector. Learn more [here](https://docs.userclouds.com/docs/purpose-and-consent).
 - The access policy determines the circumstances in which the data can be retrieved. Access policies run on each user record and filter out user records which fail the access policy.

content/docs/data-access/definitions/transformers-1.md

@@ -10,22 +10,7 @@ updatedAt: "Tue Sep 10 2024 18:37:33 GMT+0000 (Coordinated Universal Time)"
 
 Transformers are re-usable functions that manipulate data in UserClouds. They allow you to minimize the data that you pass or store for each use case. This is key for complying with the data minimization principles in regulations like GDPR.
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/6d22973-Frame_1006.png",
-        "",
-        "Transformers can be arbitrarily smart about how they obfuscate data."
-      ],
-      "align": "center",
-      "sizing": "400px",
-      "caption": "Transformers can be arbitrarily smart about how they obfuscate data."
-    }
-  ]
-}
-[/block]
+![Transformers can be arbitrarily smart about how they obfuscate data.](/assets/images/user-data.webp)
 
 
 Transformers allow you to retain select structure and information from the raw data for different use cases, like sorting alphabetically, zip code analysis or simply flowing through your systems without triggering validation errors.  For example, if you want to conduct analysis assessing the differences in behavior between children and adults, you may use a data transformer to pass a string indicating `child` or `adult`, instead of pulling raw Date of Birth from the store.
@@ -45,22 +30,7 @@ In addition, column default transformers provide a way to consistently apply tra
 
 Transformers range from the simplest UUID function that replaces any given data with a unique identifier, to custom-written Javascript that runs in a carefully-controlled sandbox. 
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/22f49cc-spaces_66DzLwptb2SejhKV7Bhn_uploads_QrLi9YP9CtHG5gAgEQrd_image.webp",
-        null,
-        "One simple transformer receives raw data, and creates a UUID token."
-      ],
-      "align": "center",
-      "caption": "One simple transformer receives raw data, and creates a UUID token."
-    }
-  ]
-}
-[/block]
-
+![One simple transformer receives raw data, and creates a UUID token.](https://files.readme.io/22f49cc-spaces_66DzLwptb2SejhKV7Bhn_uploads_QrLi9YP9CtHG5gAgEQrd_image.webp)
 
 Let’s look at four possible transformers, to see how transformers work.
 
@@ -93,22 +63,7 @@ A transformer consists of:
 - `Transform Function` - a transform function with the signature `func(data Object, parameters Object) (Token | error)`
 - `Transform Parameters` - a static JSON object (not containing un-encoded PII) that is available at runtime, allowing you to parameterize and reuse functions like "obfuscate all but the first X letters of these emails"
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/f14e1c2-image_1.png",
-        null,
-        "The PreserveCommonValue parameter allows you to optionally preserve common email domains (like gmail.com). Rare domains, like userclouds.com, will be obscured."
-      ],
-      "align": "center",
-      "caption": "The PreserveCommonValue parameter allows you to optionally preserve common email domains (like gmail.com). Rare domains, like userclouds.com, will be obscured."
-    }
-  ]
-}
-[/block]
-
+![The PreserveCommonValue parameter allows you to optionally preserve common email domains (like gmail.com). Rare domains, like userclouds.com, will be obscured.](https://files.readme.io/f14e1c2-image_1.png)
 
 ## Managing Transformers
 

content/docs/data-access/how-to-guides/create-a-transformer.md

@@ -12,21 +12,7 @@ Transformers are re-usable JavaScript functions that manipulate data in UserClou
 
 Transformers can be managed in the User Store page of the UserClouds Console, or via the UserClouds API.
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/d78d5ab-image_8.png",
-        null,
-        "Transformers can be managed from the Policies page in the UserClouds Console"
-      ],
-      "align": "center",
-      "caption": "Transformers can be managed from the Policies page in the UserClouds Console"
-    }
-  ]
-}
-[/block]
+![Transformers can be managed from the Policies page in the UserClouds Console](https://files.readme.io/d78d5ab-image_8.png)
 
 
 ## How Transformers Work
@@ -49,7 +35,7 @@ Remember to convert these strings into the JavaScript objects or primitives that
 
 ## Creating a transformer in UserClouds Console
 
-To create a transformer in UserClouds, go to the Policies page, accessible from the sidebar in Console, and click Create Transformer. 
+To create a transformer in UserClouds, go to the Policies page, accessible from the sidebar in Console, and click Create Transformer.
 
 **1 Name and Describe the Transformer**
 
@@ -71,21 +57,7 @@ Transformers should be written to act on a single piece of data. UserClouds nati
 
 Finally, test your transformer by adding raw data to the "Data" field and clicking "Run Test". Once you are happy with the test results, click "Save Transformer" to finish. 
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/bee6a69-image_9.png",
-        null,
-        "The Create Transformer Page"
-      ],
-      "align": "center",
-      "caption": "The Create Transformer Page"
-    }
-  ]
-}
-[/block]
+![The Create Transformer Page](https://files.readme.io/bee6a69-image_9.png)
 
 
 ## Creating a transformer via the API

content/docs/data-access/how-to-guides/create-an-access-policy.md

@@ -16,21 +16,7 @@ New access policies can be created by writing a new policy or template from scra
 
 Access policies and templates are managed under the Access Rules element in the UserClouds Console sidebar.
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/184bfbc-image_4.png",
-        null,
-        "Policies and templates can be managed from the Policies page, accessible from the sidebar of UserClouds Console."
-      ],
-      "align": "center",
-      "caption": "Policies and templates can be managed from the Policies page, accessible from the sidebar of UserClouds Console."
-    }
-  ]
-}
-[/block]
+![Policies and templates can be managed from the Policies page, accessible from the sidebar of UserClouds Console.](https://files.readme.io/184bfbc-image_4.png)
 
 
 ## Creating Policy Templates in the UI
@@ -41,42 +27,14 @@ Policy templates are parametrizable functions that can be parametrized to create
 
 Specify a name, a description and a javascript function for your policy. The javascript function may optionally accept parameters, which you can test below. 
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/085e410-image_5.png",
-        null,
-        "The Create Policy Template page."
-      ],
-      "align": "center",
-      "caption": "The Create Policy Template page."
-    }
-  ]
-}
-[/block]
+![The Create Policy Template page.](https://files.readme.io/085e410-image_5.png)
 
 
 **2 Test and save your policy template**
 
 Use the "Test Your Draft" card at the bottom of the page to test your policy template. You can add test parameters to simulate turning the policy template into an access policy, and then test that access policy with test context. The interface will show the result of your test as "Access Allowed" or "Access Denied".
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/ef73d2e-spaces_66DzLwptb2SejhKV7Bhn_uploads_oGa62N4DTjIR8mFABEN5_image.webp",
-        null,
-        "The \"Test Your Draft\" card allows you to parametrize your draft template (creating an access policy) and then test that access policy with test context."
-      ],
-      "align": "center",
-      "caption": "The \"Test Your Draft\" card allows you to parametrize your draft template (creating an access policy) and then test that access policy with test context."
-    }
-  ]
-}
-[/block]
+![The "Test Your Draft" card allows you to parametrize your draft template (creating an access policy) and then test that access policy with test context.](https://files.readme.io/ef73d2e-spaces_66DzLwptb2SejhKV7Bhn_uploads_oGa62N4DTjIR8mFABEN5_image.webp)
 
 
 ## Creating Access Policies in the UI
@@ -87,42 +45,14 @@ To create a new access policy, click "Create Policy" from the Policies page, acc
 
 **2 Set your <<glossary:access policy>> name and description**
 
-Next, add a name and a description for your policy. 
-
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/e0bf498-image_6.png",
-        null,
-        "The Create Access Policy page in UserClouds Console."
-      ],
-      "align": "center",
-      "caption": "The Create Access Policy page in UserClouds Console."
-    }
-  ]
-}
-[/block]
+Next, add a name and a description for your policy.
+
+![The Create Access Policy page in UserClouds Console.](https://files.readme.io/e0bf498-image_6.png)
 
 
 **3 Compose your policy**
 
-[block:image]
-{
-  "images": [
-    {
-      "image": [
-        "https://files.readme.io/1249f6f-image_7.png",
-        null,
-        "The Compose Policy Card"
-      ],
-      "align": "center",
-      "caption": "The Compose Policy Card"
-    }
-  ]
-}
-[/block]
+![The Compose Policy Card](https://files.readme.io/1249f6f-image_7.png)
 
 
 Next, compose the policy from one or more policies and templates in the "Compose Policy" card.
@@ -149,7 +79,7 @@ Nice job! You created an access policy.
 
 The checkAttribute function runs a permission check against the UserClouds authorization graph. If you are using UserClouds for authorization as a service, this can verify if a user has the necessary permissions. You can read more about this in the Authorization Documentation.
 
-### Example:
+### Example
 
 **Use Case: Does the calling user have view permission on the target user?**