Skip to content
This repository was archived by the owner on Jun 19, 2026. It is now read-only.

feat: GDPR-compliant PII Export and Delete Workflow#1121

Open
fennhelloworld wants to merge 1 commit into
rohitdash08:mainfrom
fennhelloworld:bounty/issue-76
Open

feat: GDPR-compliant PII Export and Delete Workflow#1121
fennhelloworld wants to merge 1 commit into
rohitdash08:mainfrom
fennhelloworld:bounty/issue-76

Conversation

@fennhelloworld

Copy link
Copy Markdown

Closes #76.

Summary

Implements GDPR-compliant PII export and delete workflow for FinMind backend.

Changes

New files:

  • packages/backend/app/routes/gdpr.py — GDPR endpoints (GET export, DELETE user)
  • packages/backend/app/services/gdpr.py — Service layer for data collection and deletion
  • packages/backend/tests/test_gdpr.py — 12 comprehensive tests

Modified files:

  • packages/backend/app/__init__.py — Schema compatibility patch for audit_logs.ip_address
  • packages/backend/app/db/schema.sql — Added ip_address column to audit_logs
  • packages/backend/app/models.py — Added ip_address field to AuditLog model
  • packages/backend/app/routes/__init__.py — Registered GDPR blueprint at /gdpr
  • packages/backend/tests/conftest.py — Added autouse Redis mock fixture

Features

  • PII Export (GET /gdpr/users/:id/export): Returns all personal data as JSON
  • PII Delete (DELETE /gdpr/users/:id): Irreversibly deletes user and all associated data
  • Audit Trail: Logs GDPR_DATA_EXPORT and GDPR_DATA_DELETE actions with IP addresses
  • Authorization: Users can only export/delete their own data
  • Confirmation: Delete requires explicit {confirm: true} payload
  • Ad Impression Anonymization: Ad impressions are anonymized (user_id → NULL) rather than deleted
  • Audit Log Survival: Audit logs survive user deletion (user_id set to NULL)

@fennhelloworld

Copy link
Copy Markdown
Author

Hi @rohitdash08 👋, just checking in on this PR. It's been about 13 days since submission with no review feedback yet. The GDPR PII Export and Delete workflow is fully implemented with 12 comprehensive tests. Is there anything I can do to help move this forward? Happy to make any adjustments if needed. Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

PII Export & Delete Workflow (GDPR-ready)

1 participant