This repository was archived by the owner on Jun 19, 2026. It is now read-only.
feat(gdpr): PII export download + irreversible account deletion with audit trail#1070
Open
Entr0zy wants to merge 2 commits into
Open
feat(gdpr): PII export download + irreversible account deletion with audit trail#1070Entr0zy wants to merge 2 commits into
Entr0zy wants to merge 2 commits into
Conversation
…h08#121) Implements the weekly digest feature requested in issue rohitdash08#121. ## What changed ### New: packages/backend/app/services/digest.py - build_weekly_digest(uid, reference_date) - aggregates the past 7 days of EXPENSE transactions: total spend, category breakdown (top 3), week-over-week % change vs the prior 7-day window, and the largest single expense. - render_digest_html(data) - renders digest data into a styled HTML email (inline CSS, no extra template-engine dependency). - send_weekly_digest(user) - builds and emails a digest to one user. - send_all_weekly_digests() - fan-out over all users. - init_digest_scheduler(app) - APScheduler job every Monday at 08:00. ### New: packages/backend/app/routes/digest.py - GET /digest/preview - returns digest JSON for the authenticated user. - POST /digest/send-test - immediately emails the digest (202 if SMTP not configured). ### Modified: routes/__init__.py and app/__init__.py - Registers blueprint and initialises scheduler on startup. ### New: packages/backend/tests/test_digest.py - 14 tests: aggregation, income exclusion, 7-day boundary, WoW change, top-3 cap, send-test, JWT protection, HTML renderer. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
) Implements the GDPR-ready PII Export and Delete Workflow from issue rohitdash08#76. ## What changed ### New: packages/backend/app/services/gdpr.py - build_export_package(uid) - serialises profile, expenses, recurring expenses, bills, reminders, categories, and subscriptions into a single JSON-safe dict with schema_version and exported_at timestamp. Password hash is never included. - delete_user_data(uid) - irreversible deletion in FK-safe order: reminders > expenses > recurring_expenses > bills > subscriptions > ad_impressions > audit_logs > categories > user row. Writes an audit trail entry before deletion begins. Best-effort Redis refresh-token revocation via SCAN pattern. ### New: packages/backend/app/routes/gdpr.py - GET /gdpr/export - returns personal data as a downloadable application/json file (Content-Disposition: attachment). - POST /gdpr/delete-account - password confirmation required; returns 204 on success. Token remains syntactically valid but the user row no longer exists so subsequent protected calls return 404. ### Modified: packages/backend/app/routes/__init__.py - Registers gdpr blueprint at /gdpr. ### New: packages/backend/tests/test_gdpr.py (15 tests) - Export: auth gate, empty account, full data, no password hash, filename date stamp, valid JSON, required-key structure - Delete: auth gate, missing password, wrong password, 204 on success, user removed from DB, expenses purged, bills/categories purged, old token returns 404, build_export_package structure Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Author
✅ Live Demo — GDPR PII Export & Account DeletionTested against local Flask server (SQLite, no Docker required):
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
/claim #76
What this PR adds
A complete GDPR-ready PII Export and Account Deletion workflow, fulfilling all acceptance criteria in issue #76.
Changes
packages/backend/app/services/gdpr.py(new)build_export_package(uid)schema_versionandexported_atincluded. Password hash is never included.delete_user_data(uid)SCAN.packages/backend/app/routes/gdpr.py(new)GET /gdpr/exportContent-Disposition: attachment). JWT required.POST /gdpr/delete-account{"password": "..."}confirmation. Returns204 No Contenton success.Modified:
packages/backend/app/routes/__init__.pyRegisters
gdprblueprint at/gdpr.packages/backend/tests/test_gdpr.py(new — 15 tests)build_export_packagestructureVerification