Skip to content
This repository was archived by the owner on Jun 19, 2026. It is now read-only.

Add GDPR privacy export and deletion workflow#1120

Open
gorkemio wants to merge 1 commit into
rohitdash08:mainfrom
gorkemio:codex/gdpr-pii-export-delete
Open

Add GDPR privacy export and deletion workflow#1120
gorkemio wants to merge 1 commit into
rohitdash08:mainfrom
gorkemio:codex/gdpr-pii-export-delete

Conversation

@gorkemio

@gorkemio gorkemio commented May 29, 2026

Copy link
Copy Markdown

/claim #76

Summary

I added a GDPR-ready privacy workflow for exporting and deleting a user’s personal data.

What changed:

  • Added GET /privacy/export, which returns a ZIP package with manifest.json, profile.json, data.json, and per-table CSV files for the authenticated user’s own records.
  • Added DELETE /privacy/me, guarded by the explicit DELETE_MY_DATA confirmation, to permanently remove user-owned records.
  • Kept auditability by anonymizing existing audit logs and retaining a deletion completion audit entry.
  • Cleared user-scoped Redis cache keys and revoked matching refresh sessions during account deletion.
  • Added Account page controls for downloading an export and deleting the account.
  • Updated OpenAPI and README with the new privacy workflow.

Validation

  • REDIS_URL=redis://localhost:6379/15 python -m pytest tests/test_privacy.py tests/test_auth.py from packages/backend (5 passed)
  • REDIS_URL=redis://localhost:6379/15 python -m pytest from packages/backend (24 passed)
  • python -m black --check packages/backend/app/routes/privacy.py packages/backend/tests/test_privacy.py
  • python -m flake8 packages/backend/app/routes/privacy.py packages/backend/tests/test_privacy.py --config=.flake8
  • npm run lint from app
  • npm run build from app

Notes

Deletion is immediate and irreversible after the DELETE_MY_DATA confirmation, which matches the acceptance criteria for this issue.

@gorkemio gorkemio changed the title [codex] Add GDPR privacy export and deletion Add GDPR privacy export and deletion workflow May 29, 2026
@gorkemio

Copy link
Copy Markdown
Author

Demo video for #76:

finmind-gdpr-demo.mp4

@gorkemio gorkemio marked this pull request as ready for review May 29, 2026 18:30
@gorkemio gorkemio requested a review from rohitdash08 as a code owner May 29, 2026 18:30
@gorkemio

Copy link
Copy Markdown
Author

Demo video added. This is ready for review.

Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant