Skip to main content

GDPR API

API endpoints for GDPR compliance including data export (Right to Access) and data deletion (Right to Erasure). Base Path: /api/gdpr
Code Reference: app/api/gdpr_routes.py

Data Export

Export User Data

Export all user data for GDPR compliance (Right to Access). Request Body:
Response:
Permissions: Users can export their own data. Admins can export any user’s data.

Data Deletion

Delete User Data

Delete user data for GDPR compliance (Right to Erasure). Request Body:
Response:
Permissions: Users can delete their own data. Admins can delete any user’s data (except themselves). Note: By default, data is soft-deleted (anonymized) to preserve audit trails. Hard delete is available but not recommended.

Compliance Status

Get GDPR Compliance Status

Get GDPR compliance status and available actions. Response:

Data Retention Cleanup

Run Data Retention Cleanup

Run automated data retention cleanup (admin only). Query Parameters:
  • dry_run: Run in dry-run mode (default: true)
Request Body:
Response:
Permissions: Admin only

Exported Data Structure

The exported data includes:
  • User Profile: Account information, preferences, wallet address
  • Documents: All uploaded documents and metadata
  • Workflows: All workflow assignments and approvals
  • Policy Decisions: All policy decisions involving the user
  • Audit Logs: All audit log entries for the user
  • Applications: All loan/credit applications
  • Deals: All deals where user is applicant
  • Inquiries: All support inquiries
  • Meetings: All scheduled meetings

Deletion Behavior

Soft Delete (Default)

  • User email anonymized: deleted_{user_id}@deleted.local
  • Display name set to “Deleted User”
  • Profile data cleared
  • Wallet address removed
  • Documents anonymized
  • Refresh tokens revoked
  • Audit logs preserved for compliance
  • Complete removal from database
  • Loses audit trail (not recommended for compliance)

Error Responses

400 Bad Request

  • Missing confirm=true for deletion
  • Invalid email format
  • Admin attempting self-deletion

403 Forbidden

  • User attempting to export/delete another user’s data (non-admin)
  • Non-admin attempting cleanup

404 Not Found

  • User not found

Audit Logging

All GDPR operations are logged in the audit trail:
  • Export: Logged with EXPORT action
  • Deletion: Logged with DELETE action
  • Cleanup: Logged with UPDATE action
Code Reference: app/utils/audit.py

Additional Resources


Last Updated: 2026-01-14
Code Reference: app/api/gdpr_routes.py