22 seeded data-subject requests across GDPR Article 15 (access), 16 (rectification), 17 (erasure / right to be forgotten), 20 (portability), and CCPA right-to-know / delete / opt-out. Each tracks identity-verification, sub-system fanout (Stripe, Snowflake, Sentry, etc.), and the regulatory clock down to the day.