idp.global/app
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
53b36e506c55f396cc76f28b36684078df59da43
app/stories/end-user/EU-006-account-deletion.md
T
jkunz 014fb3080a add stories
2025-11-30 15:01:28 +00:00

1.1 KiB
Raw Blame History

Delete My Account

ID: EU-006 Priority: Medium Status: Planned

User Story

As an end user, I want to permanently delete my account and all associated data so that I can exercise my right to be forgotten (GDPR compliance).

Acceptance Criteria

  • User can request account deletion from settings
  • Deletion requires password confirmation or 2FA
  • User sees summary of what will be deleted
  • Grace period (e.g., 30 days) before permanent deletion
  • User receives email confirmation of deletion request
  • User can cancel deletion during grace period
  • All personal data is removed after grace period
  • User is removed from all organizations they belong to

Technical Notes

  • suspendUser and deleteSuspendedUser endpoints exist in admin context
  • Need user-facing self-service deletion flow
  • Consider soft delete with scheduled hard delete
  • Must handle organization ownership transfer if user owns orgs
  • Audit log should retain anonymized record for compliance

Related TODOs

  • New feature - builds on existing suspension infrastructure
Reference in New Issue View Git Blame Copy Permalink