Closes #76

What

I built a complete GDPR compliance module that lets users export their personal data and request permanent deletion. The addation covers JSON and CSV export formats, secure deletion with audit trails, and a service layer that handles PII responsibly throughout.

Why

We needed to meet GDPR requirements for data portability and the right to be forgotten. The existing system had no systematic way to handle these requests, which put us at compliance risk. I wanted to build something that actually protects user privacy rather than just checking boxes.

How

I structured this as a dedicated module with clear separation of concerns:

• Endpoints: RESTful routes for export and delete requests with proper authentication
• Service layer: Business logic for data aggregation and sanitization
• Audit logging: Immutable records of every export and deletion for compliance proof

For exports, I gather all PII across related tables and format it as either machine-readable JSON or human-readable CSV. The deletion path uses soft-delete with a grace period, then hard removal after verification, with full audit trails at each step.

I paid special attention to edge cases: what happens when a user has active subscriptions, shared content, or legal holds. The service layer checks these conditions before proceeding.

The audit logs are append-only and include request metadata, execution timestamps, and anonymized user identifiers. This gives us defensible records without creating new PII risks.

I also added rate limiting on deletion requests to prevent abuse, and confirmation flows that require explicit user consent.

All new code includes unit tests and follows the existing linter rules. I checked requirements.txt before starting to avoid dependency conflicts, and the branch is rebased on latest main.

Happy to adjust the export schemas or retention policies based on feedback.