Skip to content

feat: GDPR-compliant PII export and deletion workflow#696

Open
shaidshark wants to merge 1 commit intorohitdash08:mainfrom
shaidshark:feat/gdpr-pii-export-delete
Open

feat: GDPR-compliant PII export and deletion workflow#696
shaidshark wants to merge 1 commit intorohitdash08:mainfrom
shaidshark:feat/gdpr-pii-export-delete

Conversation

@shaidshark
Copy link
Copy Markdown

@shaidshark shaidshark commented Apr 2, 2026

Summary

This PR implements a complete GDPR-compliant PII export and deletion workflow for FinMind, addressing issue #76.

Features Implemented

Export Endpoint (GET /gdpr/export)

  • Generates a ZIP file containing complete user data export
  • Includes all PII: user profile, categories, expenses, recurring expenses, bills, reminders, ad impressions, subscriptions
  • Returns downloadable archive with README instructions
  • Audit logging for every export request

Deletion Request Workflow

  • POST /gdpr/delete-request: Initiates 30-day grace period before permanent deletion
  • DELETE /gdpr/delete-request: Cancels pending deletion request during grace period
  • GET /gdpr/status: Shows pending deletion status and days remaining

Immediate Deletion (DELETE /gdpr/delete)

  • Requires explicit confirmation
  • Irreversible deletion of all user data
  • Respects foreign key constraints (deletes in correct order)
  • Anonymizes ad impressions instead of deleting (keeps analytics)
  • Audit trail preserved even after user deletion

Database Changes

  • Added deletion_requests table for grace period tracking
  • Added audit_logs table for GDPR action logging
  • All tables have proper foreign key constraints

Technical Improvements

  • Made Redis initialization lazy for better test compatibility
  • Added fakeredis for unit testing without Redis dependency
  • Comprehensive test suite with 9 passing tests

Acceptance Criteria

  • Export package generation
  • Irreversible deletion workflow
  • Audit trail logging
  • 30-day grace period option
  • Tests included
  • Documentation in README

Fixes #76

@shaidshark
feat: GDPR-compliant PII export and deletion workflow
1268114 
- Add GDPR endpoints for data export and deletion
- Export endpoint (GET /gdpr/export) returns ZIP with complete user data
- Delete request endpoint (POST /gdpr/delete-request) starts 30-day grace period
- Cancel deletion endpoint (DELETE /gdpr/delete-request) cancels pending requests
- Immediate deletion endpoint (DELETE /gdpr/delete) with confirmation requirement
- Status endpoint (GET /gdpr/status) shows pending deletion status
- Add DeletionRequest model for grace period tracking
- Add audit logging for all GDPR actions
- Update schema.sql with deletion_requests and audit_logs tables
- Make Redis initialization lazy for test compatibility
- Add comprehensive test suite with fakeredis

Fixes rohitdash08#76
@shaidshark shaidshark requested a review from rohitdash08 as a code owner April 2, 2026 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohitdash08 rohitdash08 Awaiting requested review from rohitdash08 rohitdash08 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PII Export & Delete Workflow (GDPR-ready)

1 participant

@shaidshark