Skip to content

feat: add GDPR-compliant PII export and delete workflow#954

Open
bbb-build wants to merge 1 commit intorohitdash08:mainfrom
bbb-build:feat/gdpr-workflow
Open

feat: add GDPR-compliant PII export and delete workflow#954
bbb-build wants to merge 1 commit intorohitdash08:mainfrom
bbb-build:feat/gdpr-workflow

Conversation

@bbb-build
Copy link
Copy Markdown

@bbb-build bbb-build commented Apr 30, 2026

Summary

Implements Issue #76: PII Export & Delete Workflow (GDPR-ready) — a complete personal data management system with export, two-step deletion, and audit trail.

What's included

Backend:

  • DataRequest model for tracking export/delete requests
  • Full data export package collecting all user data (profile, expenses, bills, reminders, categories, subscriptions, audit logs)
  • Two-step deletion with time-limited confirmation token (30 min)
  • Cascade deletion in dependency order with anonymized audit trail
  • 5 REST endpoints for export, download, deletion request/confirm, request history

Frontend:

  • Privacy page with "Your Data" export section
  • Three-step delete flow: button → confirmation token → type "DELETE" → execute
  • Request history with status indicators and download links
  • Auto-logout and redirect after account deletion

Tests:

  • 17 pytest cases covering export completeness, download, deletion cascade, token verification, anonymized audit trail, auth enforcement

Security considerations

  • Confirmation tokens expire after 30 minutes
  • Tokens are single-use (request goes to PROCESSING state)
  • Audit trail preserves anonymized record (hashed email, null user_id)
  • Ad impressions are anonymized rather than deleted (analytics preservation)

Resolves #76

/claim #76

@bbb-build @claude
feat: add GDPR-compliant PII export and delete workflow
1719c4f 
- Add DataRequest model for tracking export/delete requests
- Add details column to AuditLog for GDPR event tracking
- Implement full data export package (all user data as JSON)
- Add two-step deletion with confirmation token
- Cascade delete all user data with anonymized audit trail
- Create privacy management page with export/download and deletion UI
- Add Privacy link to navbar (desktop and mobile)
- Add comprehensive test coverage for GDPR workflows
- Update schema.sql with data_requests table

Resolves rohitdash08#76

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@bbb-build bbb-build requested a review from rohitdash08 as a code owner April 30, 2026 23:10
@algora-pbc algora-pbc Bot mentioned this pull request Apr 30, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohitdash08 rohitdash08 Awaiting requested review from rohitdash08 rohitdash08 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

🙋 Bounty claim

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PII Export & Delete Workflow (GDPR-ready)

1 participant

@bbb-build