77 lines
2.9 KiB
Markdown
77 lines
2.9 KiB
Markdown
# 23. Data Export & Deletion Tools
|
|
|
|
meta:
|
|
id: web-production-23
|
|
feature: web-production
|
|
priority: P2
|
|
depends_on: []
|
|
tags: [compliance, gdpr, privacy, production]
|
|
|
|
objective:
|
|
- Implement user-facing data export and account deletion tools to comply with GDPR and CCPA requirements
|
|
|
|
deliverables:
|
|
- Data export API and UI (/settings/data-export)
|
|
- Account deletion API and UI (/settings/delete-account)
|
|
- Data retention policy enforcement
|
|
- Deletion confirmation and grace period
|
|
|
|
steps:
|
|
1. Create data export functionality:
|
|
- API endpoint: POST /api/trpc/user.exportData
|
|
- Collect all user data: profile, alerts, exposures, subscriptions, family members
|
|
- Format as JSON or machine-readable format
|
|
- Include metadata: export date, data categories
|
|
- Email download link or provide direct download
|
|
- Complete within 30 days (GDPR requirement)
|
|
2. Create account deletion:
|
|
- UI in settings page with warning and confirmation
|
|
- Require password re-entry for confirmation
|
|
- API endpoint: POST /api/trpc/user.delete
|
|
- Soft delete first (mark deletedAt, anonymize)
|
|
- Hard delete after 30-day grace period
|
|
- Cancel active subscriptions via Stripe
|
|
- Remove from email lists
|
|
3. Implement family data handling:
|
|
- If family group owner: transfer ownership or delete group
|
|
- If family member: remove from group
|
|
- Notify family members of account deletion
|
|
4. Add data retention policy:
|
|
- Define retention periods per data type
|
|
- Automated cleanup of deleted accounts after 30 days
|
|
- Audit logs retained for 1 year
|
|
- Backup deletion after retention period
|
|
5. Add admin tools:
|
|
- Admin endpoint to fulfill data export requests
|
|
- Admin endpoint to process deletion requests
|
|
- Audit log of all export/deletion actions
|
|
|
|
tests:
|
|
- Unit: Test export includes all user data
|
|
- Integration: Test deletion flow end-to-end
|
|
- Compliance: Verify grace period and hard delete
|
|
|
|
acceptance_criteria:
|
|
- Users can export all personal data from settings
|
|
- Export includes: profile, alerts, exposures, watchlist, subscriptions, family data
|
|
- Export delivered within 30 seconds (async for large data)
|
|
- Account deletion requires password confirmation
|
|
- Deleted accounts soft-deleted immediately, hard-deleted after 30 days
|
|
- Active subscriptions cancelled on deletion
|
|
- Family group handled correctly (ownership transfer)
|
|
- Deletion audit log maintained
|
|
- Data retention policy documented and enforced
|
|
|
|
validation:
|
|
- Export data → JSON file contains all user data
|
|
- Delete account → user marked deleted, can login to restore within 30 days
|
|
- After 30 days → user data completely removed from DB
|
|
- Check Stripe → subscription cancelled
|
|
- Check audit log → deletion action recorded
|
|
|
|
notes:
|
|
- Soft delete preserves referential integrity for family groups
|
|
- Hard delete must cascade through all related tables
|
|
- Consider GDPR Article 17 exceptions (legal obligations)
|
|
- Backup restoration may temporarily restore deleted data
|