> ## Documentation Index > Fetch the complete documentation index at: https://sdk.umbraprivacy.com/llms.txt > Use this file to discover all available pages before exploring further. # Compliance > API reference: getComplianceGrantIssuerFunction, getComplianceGrantRevokerFunction, getUserComplianceGrantQuerierFunction, re-encryption for user/network grants. Compliance grants allow authorized third parties (regulators, compliance tools) to read encrypted data. Grants are stored on-chain and come in two kinds: * **User grants** - Authorized by the user. Grants a third party access to the user's shared-mode ciphertexts. * **Network grants** - Authorized by the Arcium network. Grants access to MXE-mode or shared-mode ciphertexts without requiring user interaction. *** ## getComplianceGrantIssuerFunction **Import:** `@umbra-privacy/sdk/compliance` ```typescript theme={null} function getComplianceGrantIssuerFunction( args: GetCreateUserGrantedComplianceGrantFunctionArgs, deps?: GetCreateUserGrantedComplianceGrantFunctionDeps, ): CreateUserGrantedComplianceGrantFunction ``` Creates an on-chain compliance grant signed by the user, authorizing a third-party receiver to re-encrypt and read the user's shared-mode ciphertexts. ### GetCreateUserGrantedComplianceGrantFunctionArgs * `client: IUmbraClient` ### GetCreateUserGrantedComplianceGrantFunctionDeps * `getLatestBlockhash?: GetLatestBlockhash` * `transactionForwarder?: TransactionForwarder` * `masterViewingKeyX25519KeypairGenerator?: MasterViewingKeyX25519KeypairGeneratorFunction` ### Returns `CreateUserGrantedComplianceGrantFunction` ```typescript theme={null} type CreateUserGrantedComplianceGrantFunction = ( receiver: Address, granterX25519: X25519PublicKey, receiverX25519: X25519PublicKey, nonce: RescueCipherEncryptionNonce, optionalData?: OptionalData32, hooks?: ComplianceTransactionHooks, ) => Promise ``` * `receiver: Address` - The third-party account that will be authorized to call re-encryption. * `granterX25519: X25519PublicKey` - The granter's X25519 public key (MVK encrypting key). * `receiverX25519: X25519PublicKey` - The receiver's X25519 public key (the target re-encryption key). * `nonce: RescueCipherEncryptionNonce` - Grant nonce, used to differentiate multiple grants to the same receiver. ### Example ```typescript theme={null} import { getComplianceGrantIssuerFunction } from "@umbra-privacy/sdk/compliance"; const createGrant = getComplianceGrantIssuerFunction({ client }); const signature = await createGrant( receiverAddress, granterX25519PublicKey, receiverX25519PublicKey, grantNonce, ); ``` *** ## getComplianceGrantRevokerFunction **Import:** `@umbra-privacy/sdk/compliance` ```typescript theme={null} function getComplianceGrantRevokerFunction( args: GetDeleteUserGrantedComplianceGrantFunctionArgs, deps?: GetDeleteUserGrantedComplianceGrantFunctionDeps, ): DeleteUserGrantedComplianceGrantFunction ``` Revokes an existing user-granted compliance grant, removing the third-party's authorization to re-encrypt. ### GetDeleteUserGrantedComplianceGrantFunctionArgs * `client: IUmbraClient` ### GetDeleteUserGrantedComplianceGrantFunctionDeps * `getLatestBlockhash?: GetLatestBlockhash` * `transactionForwarder?: TransactionForwarder` * `masterViewingKeyX25519KeypairGenerator?: MasterViewingKeyX25519KeypairGeneratorFunction` ### Returns `DeleteUserGrantedComplianceGrantFunction` ```typescript theme={null} type DeleteUserGrantedComplianceGrantFunction = ( receiver: Address, granterX25519: X25519PublicKey, receiverX25519: X25519PublicKey, nonce: RescueCipherEncryptionNonce, optionalData?: OptionalData32, hooks?: ComplianceTransactionHooks, ) => Promise ``` Parameters are identical to `CreateUserGrantedComplianceGrantFunction` - pass the same values used when creating the grant. *** ## getUserComplianceGrantQuerierFunction **Import:** `@umbra-privacy/sdk/compliance` ```typescript theme={null} function getUserComplianceGrantQuerierFunction( args: GetQueryUserComplianceGrantFunctionArgs, deps?: GetQueryUserComplianceGrantFunctionDeps, ): QueryUserComplianceGrantFunction ``` Checks whether a specific user-granted compliance grant exists on-chain. ### GetQueryUserComplianceGrantFunctionArgs * `client: IUmbraClient` ### GetQueryUserComplianceGrantFunctionDeps * `accountInfoProvider?: AccountInfoProviderFunction` ### Returns `QueryUserComplianceGrantFunction` ```typescript theme={null} type QueryUserComplianceGrantFunction = ( granterX25519: X25519PublicKey, nonce: RescueCipherEncryptionNonce, receiverX25519: X25519PublicKey, ) => Promise ``` *** ## getNetworkComplianceGrantQuerierFunction **Import:** `@umbra-privacy/sdk/compliance` ```typescript theme={null} function getNetworkComplianceGrantQuerierFunction( args: { client: IUmbraClient }, deps?: { accountInfoProvider?: AccountInfoProviderFunction }, ): NetworkComplianceGrantQuerierFunction; ``` Checks whether a **network MXE** compliance grant exists for the given nonce and receiver key. Network MXE grants allow the Arcium network to re-encrypt MXE-mode ciphertexts. ### Returns ```typescript theme={null} type NetworkComplianceGrantQuerierFunction = ( nonce: RescueCipherEncryptionNonce, receiverX25519: X25519PublicKey, ) => Promise; ``` *** ## getSharedComplianceGrantQuerierFunction **Import:** `@umbra-privacy/sdk/compliance` ```typescript theme={null} function getSharedComplianceGrantQuerierFunction( args: { client: IUmbraClient }, deps?: { accountInfoProvider?: AccountInfoProviderFunction }, ): SharedComplianceGrantQuerierFunction; ``` Checks whether a **network shared** compliance grant exists. Allows the Arcium network to re-encrypt Shared-mode ciphertexts. ### Returns ```typescript theme={null} type SharedComplianceGrantQuerierFunction = ( granterX25519: X25519PublicKey, nonce: RescueCipherEncryptionNonce, receiverX25519: X25519PublicKey, ) => Promise; ``` ### QueryComplianceGrantResult Returned by all three query functions: * `{ state: "exists" }` - The grant is present on-chain. * `{ state: "non_existent" }` - No grant exists for the given parameters. *** ## getNetworkCiphertextReencryptorForNetworkGrantFunction **Import:** `@umbra-privacy/sdk/compliance` ```typescript theme={null} function getNetworkCiphertextReencryptorForNetworkGrantFunction( args: { client: IUmbraClient }, deps?: GetNetworkCiphertextReencryptorForNetworkGrantFunctionDeps, ): NetworkCiphertextReencryptorForNetworkGrantFunction; ``` Re-encrypts MXE-mode ciphertexts under a network grant, making them readable by the grant receiver. Queues an Arcium MPC computation. ### GetNetworkCiphertextReencryptorForNetworkGrantFunctionArgs * `client: IUmbraClient` ### GetNetworkCiphertextReencryptorForNetworkGrantFunctionDeps * `getLatestBlockhash?: GetLatestBlockhash` * `transactionForwarder?: TransactionForwarder` ### Returns `NetworkCiphertextReencryptorForNetworkGrantFunction` ```typescript theme={null} type NetworkCiphertextReencryptorForNetworkGrantFunction = ( receiverX25519Key: X25519PublicKey, nonce: RescueCipherEncryptionNonce, inputEncryptionNonce: RescueCipherEncryptionNonce, ciphertexts: readonly Uint8Array[], optionalData?: OptionalData32, hooks?: ComplianceTransactionHooks, ) => Promise ``` * `receiverX25519Key: X25519PublicKey` - The receiver's X25519 public key. * `nonce: RescueCipherEncryptionNonce` - The grant nonce identifying which network grant to use. * `inputEncryptionNonce: RescueCipherEncryptionNonce` - The nonce used when the ciphertexts were originally encrypted. * `ciphertexts: readonly Uint8Array[]` - The MXE-encrypted ciphertexts to re-encrypt. Must contain between 1 and 6 elements. *** ## getSharedCiphertextReencryptorForNetworkGrantFunction **Import:** `@umbra-privacy/sdk/compliance` ```typescript theme={null} function getSharedCiphertextReencryptorForNetworkGrantFunction( args: GetSharedCiphertextReencryptorForNetworkGrantFunctionArgs, deps?: GetSharedCiphertextReencryptorForNetworkGrantFunctionDeps, ): SharedCiphertextReencryptorForNetworkGrantFunction ``` Re-encrypts shared-mode ciphertexts under a network shared grant. ### Returns `ReencryptSharedCiphertextsNetworkGrantFunction` ```typescript theme={null} type ReencryptSharedCiphertextsNetworkGrantFunction = ( granterX25519Key: X25519PublicKey, receiverX25519Key: X25519PublicKey, nonce: RescueCipherEncryptionNonce, inputEncryptionNonce: RescueCipherEncryptionNonce, ciphertexts: readonly Uint8Array[], optionalData?: OptionalData32, hooks?: ComplianceTransactionHooks, ) => Promise ``` * `granterX25519Key: X25519PublicKey` - The granter's X25519 public key. * `receiverX25519Key: X25519PublicKey` - The receiver's X25519 public key. * `ciphertexts: readonly Uint8Array[]` - Must contain between 1 and 6 elements. *** ## getSharedCiphertextReencryptorForUserGrantFunction **Import:** `@umbra-privacy/sdk/compliance` ```typescript theme={null} function getSharedCiphertextReencryptorForUserGrantFunction( args: GetReencryptSharedCiphertextsUserGrantFunctionArgs, deps?: GetReencryptSharedCiphertextsUserGrantFunctionDeps, ): ReencryptSharedCiphertextsUserGrantFunction ``` Re-encrypts shared-mode ciphertexts under a user-granted compliance grant. ### Returns `ReencryptSharedCiphertextsUserGrantFunction` ```typescript theme={null} type ReencryptSharedCiphertextsUserGrantFunction = ( granterX25519Key: X25519PublicKey, receiverX25519Key: X25519PublicKey, nonce: RescueCipherEncryptionNonce, inputEncryptionNonce: RescueCipherEncryptionNonce, ciphertexts: readonly Uint8Array[], optionalData?: OptionalData32, hooks?: ComplianceTransactionHooks, ) => Promise ``` Identical signature to `ReencryptSharedCiphertextsNetworkGrantFunction`. The difference is which on-chain grant account is used to authorize the re-encryption. * `ciphertexts: readonly Uint8Array[]` - Must contain between 1 and 6 elements.