feat: PII Export & Delete Workflow (GDPR-ready) by lucascrespo23 · Pull Request #345 · rohitdash08/FinMind

lucascrespo23 · 2026-03-09T03:50:46Z

/claim #76

Summary

Implements PII Export & Delete Workflow as described in #76.

Export (`GET /pii/export`)

JWT-protected endpoint
Downloads complete JSON package of all user data
Includes: profile (excluding password_hash), categories, expenses, recurring expenses, bills, reminders, ad impressions, subscriptions, audit logs
Returns as downloadable application/json attachment
Creates audit trail entry on each export

Delete (`POST /pii/delete`)

Requires explicit {"confirm": true} body to prevent accidental deletion
Irreversibly deletes all user data in correct foreign key dependency order
Creates anonymized audit trail entry (hashed email) for compliance
Returns detailed deletion summary with counts per table

Files Changed

packages/backend/app/services/pii.py — Export & delete business logic
packages/backend/app/routes/pii.py — REST endpoints
packages/backend/app/routes/__init__.py — Route registration
packages/backend/tests/test_pii.py — 15 test cases

Acceptance Criteria

✅ Export package generation
✅ Irreversible deletion workflow
✅ Audit trail logging
✅ Production ready implementation
✅ Includes tests
✅ Documentation (docstrings + OpenAPI-style comments)

Implements issue rohitdash08#76 with: ## Export (GET /pii/export) - Downloads complete JSON package of all user data - Includes: profile, categories, expenses, recurring expenses, bills, reminders, ad impressions, subscriptions, audit logs - Excludes password_hash from export - Returns as downloadable JSON attachment - Creates audit trail entry on each export ## Delete (POST /pii/delete) - Requires explicit {"confirm": true} body to prevent accidents - Irreversibly deletes all user data in correct FK dependency order - Creates anonymized audit trail entry (hashed email reference) for compliance - Returns deletion summary with counts per table ## Tests (15 test cases) - Export: auth required, JSON attachment format, contains all data sections, excludes password hash, audit logging - Delete: auth required, confirmation required, removes all data, returns summary Closes rohitdash08#76

lucascrespo23 requested a review from rohitdash08 as a code owner March 9, 2026 03:50

algora-pbc bot added the 🙋 Bounty claim label Mar 9, 2026

algora-pbc bot mentioned this pull request Mar 9, 2026

PII Export & Delete Workflow (GDPR-ready) #76

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: PII Export & Delete Workflow (GDPR-ready)#345

feat: PII Export & Delete Workflow (GDPR-ready)#345
lucascrespo23 wants to merge 1 commit intorohitdash08:mainfrom
lucascrespo23:feat/pii-export-delete

lucascrespo23 commented Mar 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

lucascrespo23 commented Mar 9, 2026

Summary

Export (GET /pii/export)

Delete (POST /pii/delete)

Files Changed

Acceptance Criteria

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Export (`GET /pii/export`)

Delete (`POST /pii/delete`)