Skip to content

feat: GDPR PII Export/Delete Workflow#661

Open
chengyixu wants to merge 1 commit intorohitdash08:mainfrom
chengyixu:feat/gdpr-pii-export-delete
Open

feat: GDPR PII Export/Delete Workflow#661
chengyixu wants to merge 1 commit intorohitdash08:mainfrom
chengyixu:feat/gdpr-pii-export-delete

Conversation

@chengyixu
Copy link

@chengyixu chengyixu commented Mar 26, 2026

/claim #76

Summary

Full GDPR-compliant PII export, deletion, and anonymization workflow:

  • Data Export (GET /gdpr/export): Downloads all user personal data as structured JSON (profile, expenses, categories, bills, recurring expenses, reminders, subscriptions, audit logs)
  • Account Deletion with Grace Period (POST /gdpr/delete): 30-day grace period with password re-confirmation, cancellable via POST /gdpr/delete/cancel
  • Immediate Irreversible Deletion (POST /gdpr/delete/confirm): Cascading hard-delete across all user-owned tables with password verification
  • Data Anonymization (POST /gdpr/anonymize): Replaces PII with anonymous placeholders while preserving financial records for users who want history kept
  • Immutable GDPR Audit Trail: Dedicated gdpr_audit_logs table with no FK to users (survives deletion), logging every export/delete/anonymize action with IP, user agent, timestamp, and details
  • Admin Audit Log Viewer (GET /gdpr/audit-logs): Paginated, filterable by user, admin-only access
  • Deletion Status Check (GET /gdpr/delete/status): Check if a deletion request is pending
  • Frontend Privacy & Data Page: Full UI for export download, anonymization, and deletion with password confirmation flows
  • 20 comprehensive tests covering all workflows, access control, idempotency, and audit trail persistence

Changes

File Description
packages/backend/app/models.py Added GdprAuditLog and DeletionRequest models
packages/backend/app/db/schema.sql Added gdpr_audit_logs and deletion_requests tables with indexes
packages/backend/app/services/gdpr.py Core GDPR service: export, delete, anonymize, audit logging
packages/backend/app/routes/gdpr.py 7 API endpoints under /gdpr/ with JWT auth and password verification
packages/backend/app/routes/__init__.py Registered gdpr_bp blueprint
packages/backend/app/openapi.yaml Full OpenAPI spec for all GDPR endpoints
packages/backend/tests/test_gdpr.py 20 tests: export, deletion, cancellation, anonymization, audit trail
app/src/api/gdpr.ts Frontend API client for all GDPR endpoints
app/src/pages/Privacy.tsx Privacy & Data management page
app/src/pages/Account.tsx Added "Manage Privacy" link to Account Settings
app/src/App.tsx Added /privacy route

Test plan

  • All 20 GDPR tests pass
  • All 22 existing tests pass (no regressions)
  • Export returns all user data categories with correct structure
  • Export only returns data owned by the requesting user
  • Deletion requires password re-confirmation
  • Deletion request creates pending state with 30-day grace period
  • Duplicate deletion requests are idempotent
  • Cancellation during grace period works correctly
  • Immediate deletion cascades across all tables
  • GDPR audit logs survive user deletion (no FK constraint)
  • Anonymization replaces PII in all free-text fields
  • Admin-only access control on audit log viewer
  • Frontend Privacy page integrates with all API endpoints

🤖 Generated with Claude Code

@chengyixu @claude
feat: add GDPR PII export, delete, and anonymization workflow (rohitd…
f8e997f 
…ash08#76)

Implements full GDPR compliance with:
- Data export endpoint (GET /gdpr/export) - downloads all user PII as JSON
- Account deletion with 30-day grace period (POST /gdpr/delete)
- Immediate irreversible deletion (POST /gdpr/delete/confirm)
- Deletion cancellation during grace period (POST /gdpr/delete/cancel)
- Data anonymization alternative (POST /gdpr/anonymize)
- Immutable GDPR audit trail logging (survives user deletion)
- Admin audit log viewer (GET /gdpr/audit-logs)
- Frontend Privacy & Data page with export/anonymize/delete UI
- 20 comprehensive tests covering all workflows
- OpenAPI spec updated with all new endpoints

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@chengyixu chengyixu requested a review from rohitdash08 as a code owner March 26, 2026 18:38
@algora-pbc algora-pbc bot mentioned this pull request Mar 26, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohitdash08 rohitdash08 Awaiting requested review from rohitdash08 rohitdash08 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

🙋 Bounty claim

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chengyixu