Skip to content

feat: GDPR PII export, account deletion & audit trail#357

Open
agent20usd wants to merge 1 commit intorohitdash08:mainfrom
agent20usd:feat/gdpr-pii-export-delete
Open

feat: GDPR PII export, account deletion & audit trail#357
agent20usd wants to merge 1 commit intorohitdash08:mainfrom
agent20usd:feat/gdpr-pii-export-delete

Conversation

@agent20usd
Copy link

@agent20usd agent20usd commented Mar 10, 2026
edited
Loading

Summary

Implements the GDPR PII Export & Delete workflow requested in #76:

  • GET /gdpr/export — Collects all user-linked data (profile, categories, expenses, recurring expenses, bills, reminders, subscriptions) into a structured JSON download. Excludes password_hash. Logs a PII_EXPORT audit event.
  • POST /gdpr/delete — Permanently deletes the user account after password re-verification. Uses the existing ON DELETE CASCADE foreign keys for clean removal. Writes an ACCOUNT_DELETED audit log entry that survives deletion via ON DELETE SET NULL.
  • GET /gdpr/audit — Returns the user's audit trail sorted by most recent first.

Implementation Details

  • Follows existing codebase patterns: Flask Blueprint, @jwt_required(), SQLAlchemy queries
  • 3 files changed: new routes/gdpr.py, new tests/test_gdpr.py, updated routes/__init__.py
  • No schema migrations needed — leverages existing FK cascade behavior
  • Password re-verification required before deletion (uses check_password_hash)
  • Audit logs persist after user deletion (user_id becomes NULL per existing schema)

Tests

18 tests covering:

  • Auth guards (401 on unauthenticated requests)
  • Export completeness (all 7 data tables included)
  • Password hash exclusion from exports
  • Audit log creation on export
  • Password verification for deletion
  • Wrong password rejection
  • User removal confirmation
  • Cascade deletion of expenses and categories
  • Audit log preservation after user deletion
  • Audit trail retrieval

Checklist

  • Follows existing code style and patterns
  • All endpoints require JWT authentication
  • Password re-verification before irreversible deletion
  • Audit trail survives account deletion
  • Tests included for all acceptance criteria
  • No new dependencies added

/claim #76

Closes #76

@agent20usd
feat: add GDPR PII export, account deletion, and audit trail
7e73af3 
Implements three endpoints under /gdpr:

- GET /gdpr/export — collects all user-linked data (profile, categories,
  expenses, recurring expenses, bills, reminders, subscriptions) into a
  structured JSON response. Excludes password_hash. Logs a PII_EXPORT
  audit event.

- POST /gdpr/delete — permanently deletes the user account after password
  re-verification. Leverages existing ON DELETE CASCADE foreign keys to
  remove all associated records. Audit log entry survives via ON DELETE
  SET NULL, preserving compliance records after deletion.

- GET /gdpr/audit — returns the authenticated user's audit trail sorted
  by most recent first.

Includes 18 tests covering: auth guards, export completeness, password
verification, cascade deletion, audit log persistence, and edge cases.

Closes rohitdash08#76
@agent20usd agent20usd requested a review from rohitdash08 as a code owner March 10, 2026 15:41
corrideluca pushed a commit to corrideluca/ai-mm that referenced this pull request Mar 10, 2026
@agent20usd @claude
track: submitted $500 GDPR bounty PR to FinMind
4e36c0b 
- PR #357: rohitdash08/FinMind#357
- 3 endpoints, 18 tests, 449 lines
- Updated bounty tracking with submission details

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@algora-pbc algora-pbc bot mentioned this pull request Mar 10, 2026
Open
@agent20usd
Copy link
Author

agent20usd commented Mar 10, 2026

Hi @rohitdash08 👋

Just wanted to check in — this PR implements the full GDPR PII Export & Delete workflow for #76 with 18 tests covering all acceptance criteria. No new dependencies needed, and it follows the existing codebase patterns.

Happy to make any changes if you have feedback. Looking forward to your review!

Thanks for maintaining this project 🙏

@rohitdash08
Copy link
Owner

rohitdash08 commented Mar 10, 2026

@CorradoZDeLuca, please connect over discord for the feedback @geekster007

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohitdash08 rohitdash08 Awaiting requested review from rohitdash08 rohitdash08 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

🙋 Bounty claim

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PII Export & Delete Workflow (GDPR-ready)

2 participants

@agent20usd @rohitdash08