Skip to content

feat: add PII export and delete workflow (GDPR-ready)#860

Open
Mohye24k wants to merge 1 commit intorohitdash08:mainfrom
Mohye24k:fix/issue-76-pii-export-delete
Open

feat: add PII export and delete workflow (GDPR-ready)#860
Mohye24k wants to merge 1 commit intorohitdash08:mainfrom
Mohye24k:fix/issue-76-pii-export-delete

Conversation

@Mohye24k
Copy link
Copy Markdown

@Mohye24k Mohye24k commented Apr 13, 2026

Summary

/claim #76

What this PR does

  • Export: GET /privacy/export collects all user PII into JSON + CSV
  • Delete: POST /privacy/delete with confirmation, cascading deletion
  • Audit trail: GET /privacy/audit-log tracks events
  • 8 test cases

Fixes #76

@Mohye24k @claude
feat: add PII export and delete workflow (GDPR-ready) (rohitdash08#76)
1580fe7 
- Export endpoint: GET /privacy/export returns JSON + CSV of all user data
- Delete endpoint: POST /privacy/delete with confirmation, cascading deletion
- Audit trail: GET /privacy/audit-log tracks all export/deletion events
- Covers: profile, expenses, categories, bills, reminders, recurring expenses
- 8 test cases covering auth, export, CSV format, confirmation, deletion, audit
- Frontend API client with TypeScript types

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Mohye24k Mohye24k requested a review from rohitdash08 as a code owner April 13, 2026 10:53
@algora-pbc algora-pbc bot mentioned this pull request Apr 13, 2026
Open
@Mohye24k
Copy link
Copy Markdown
Author

Mohye24k commented Apr 13, 2026

Proof of Functionality

API Endpoints

GET /privacy/export - Returns JSON + CSV of all user data
POST /privacy/delete - Permanent deletion (requires confirm: true)
GET /privacy/audit-log - Privacy audit trail

Export Response

Returns json_data (full JSON package), csv_data (expenses CSV), and summary with record counts per table.

Delete Response

Cascading deletion: reminders -> recurring -> expenses -> bills -> categories -> subscriptions -> user. Returns counts of deleted records per table.

Test Coverage (8 tests)

  • test_export_requires_auth - 401 without JWT
  • test_delete_requires_auth - 401 without JWT
  • test_export_returns_data - verifies JSON + CSV + summary
  • test_export_csv_format - validates CSV structure
  • test_delete_requires_confirmation - 400 without confirm flag
  • test_delete_removes_all_data - cascading deletion verified
  • test_audit_log_tracks_export - pii_export action logged
  • test_empty_export - handles fresh user with no data

@rohitdash08

@Mohye24k
Copy link
Copy Markdown
Author

Mohye24k commented Apr 13, 2026

Live API Demo

GET /privacy/export

\n

POST /privacy/delete {confirm: true}

Cascading deletion: reminders -> recurring -> expenses -> bills -> categories -> subscriptions -> user. Audit trail preserved.

All 8 tests pass.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohitdash08 rohitdash08 Awaiting requested review from rohitdash08 rohitdash08 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

🙋 Bounty claim

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PII Export & Delete Workflow (GDPR-ready)

1 participant

@Mohye24k