add stories
This commit is contained in:
@@ -0,0 +1,28 @@
|
||||
# Delete My Account
|
||||
|
||||
**ID:** EU-006
|
||||
**Priority:** Medium
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As an end user, I want to permanently delete my account and all associated data so that I can exercise my right to be forgotten (GDPR compliance).
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] User can request account deletion from settings
|
||||
- [ ] Deletion requires password confirmation or 2FA
|
||||
- [ ] User sees summary of what will be deleted
|
||||
- [ ] Grace period (e.g., 30 days) before permanent deletion
|
||||
- [ ] User receives email confirmation of deletion request
|
||||
- [ ] User can cancel deletion during grace period
|
||||
- [ ] All personal data is removed after grace period
|
||||
- [ ] User is removed from all organizations they belong to
|
||||
|
||||
## Technical Notes
|
||||
- `suspendUser` and `deleteSuspendedUser` endpoints exist in admin context
|
||||
- Need user-facing self-service deletion flow
|
||||
- Consider soft delete with scheduled hard delete
|
||||
- Must handle organization ownership transfer if user owns orgs
|
||||
- Audit log should retain anonymized record for compliance
|
||||
|
||||
## Related TODOs
|
||||
- New feature - builds on existing suspension infrastructure
|
||||
Reference in New Issue
Block a user