Skip to content

feat(privacy): GDPR-ready PII export & delete workflow [Issue #76]#353

Open
yay9096-hub wants to merge 1 commit intorohitdash08:mainfrom
yay9096-hub:feature/pii-export-delete-76
Open

feat(privacy): GDPR-ready PII export & delete workflow [Issue #76]#353
yay9096-hub wants to merge 1 commit intorohitdash08:mainfrom
yay9096-hub:feature/pii-export-delete-76

Conversation

@yay9096-hub
Copy link

@yay9096-hub yay9096-hub commented Mar 10, 2026

Summary

This PR implements the PII Export & Delete Workflow requested in issue #76, making FinMind GDPR-ready by giving users full control over their personal data.

Claiming the $500 Algora bounty for issue #76.

What was implemented

New endpoints (/privacy/*)

Method Path Description
GET /privacy/export Download a ZIP archive of all personal data
POST /privacy/delete Permanently & irreversibly delete the account
GET /privacy/audit-log View your own audit trail (paginated)

GET /privacy/export

  • Requires JWT authentication
  • Collects all personal data: profile, expenses, categories, bills, reminders, recurring expenses, subscriptions
  • Returns a finmind_export_<uid>.zip containing:
    • data.json — machine-readable JSON of every record
    • README.txt — human-readable summary and erasure instructions
  • Records a PII_EXPORT entry in the audit trail

POST /privacy/delete

  • Requires JWT + current password confirmation to prevent accidental deletions
  • Permanently deletes the account row; all related data removed via ON DELETE CASCADE
  • Audit entry ACCOUNT_DELETED is flushed before the user row is deleted so it survives
  • Returns a clear message confirming the irreversible action

GET /privacy/audit-log

  • Returns the caller's own audit-log entries (most recent first)
  • Supports ?limit= and ?offset= for pagination

Schema changes

  • Added details VARCHAR(500) column to audit_logs for richer event metadata
  • Schema migration guard (ADD COLUMN IF NOT EXISTS) ensures zero-downtime upgrades
  • Compat patch added to _ensure_schema_compatibility() for existing PostgreSQL deployments

Tests

16 new tests in packages/backend/tests/test_privacy.py:

  • Auth enforcement (401 without token)
  • ZIP structure and content validation
  • Data completeness (all keys present in export)
  • Password confirmation (missing / wrong / correct)
  • Irreversibility (user gone after deletion, old JWT returns 404)
  • Audit trail persistence (entry survives account deletion)
  • Pagination on audit-log endpoint

Acceptance criteria

  • Export package generation (ZIP with JSON + README)
  • Irreversible deletion workflow (password confirmation + cascade delete)
  • Audit trail logging (PII_EXPORT + ACCOUNT_DELETED events in DB)

Closes #76

@yay9096-hub
feat(privacy): implement GDPR-ready PII export & delete workflow (roh…
3bc32af 
…itdash08#76)

Implements the PII Export & Delete Workflow requested in issue rohitdash08#76.

## Changes

### New: packages/backend/app/routes/privacy.py
- GET /privacy/export  — generates a downloadable ZIP archive containing
  all personal data for the authenticated user (profile, expenses,
  categories, bills, reminders, recurring expenses, subscriptions) as a
  JSON payload plus a human-readable README.txt.
- POST /privacy/delete — permanently and irreversibly deletes the user
  account after verifying the current password.  ON DELETE CASCADE in
  the DB removes all related rows.  The audit entry is flushed before
  deletion so the record survives the user row being removed.
- GET /privacy/audit-log — returns the caller's own audit-trail entries
  with pagination (limit/offset).

### Updated: app/models.py
- Added optional `details` column to AuditLog for richer event metadata.

### Updated: app/db/schema.sql
- Added `details VARCHAR(500)` column to audit_logs with a safe
  ADD COLUMN IF NOT EXISTS migration guard.

### Updated: app/__init__.py
- Schema compatibility patch now also runs the audit_logs.details ALTER.

### New: packages/backend/tests/test_privacy.py
- 16 tests covering export, delete, and audit-log endpoints including
  auth enforcement, ZIP structure, password confirmation, cascade
  deletion, and audit-trail persistence.

Closes rohitdash08#76
Part of Algora bounty — https://console.algora.io/challenges
yay9096-hub
yay9096-hub commented Mar 10, 2026
View reviewed changes
Copy link
Author

@yay9096-hub yay9096-hub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ready for review for this pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohitdash08 rohitdash08 Awaiting requested review from rohitdash08 rohitdash08 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PII Export & Delete Workflow (GDPR-ready)

1 participant

@yay9096-hub