Clean up dead user accounts for GDPR compliance

Question

Clean up dead user accounts for GDPR compliance

muety opened this issue 3 months ago · comments

Automatically delete users who don't have any data and didn't log in within a year. Additionally (perhaps in a second step), send out deletion notices to users who do have data, but didn't log in within a year and also delete them after some grace period.

Ferdinand Mütsch · Answer 1 · Wed Mar 27 2024 17:01:19 GMT+0800 (China Standard Time)

Only implemented clean up for inactive users (>= 12 months by default) who don't have data. Didn't implement deletion of users with data, yet.

Kipras Melnikovas · Answer 2 · Sun Mar 31 2024 03:21:06 GMT+0800 (China Standard Time)

hmmm idk about the auto-deletion of inactive users, does not sound good. especially for self-hosted instances. maybe could be an opt-in via ENV var or something, instead of opt-out?

Ferdinand Mütsch · Answer 3 · Sun Mar 31 2024 04:13:29 GMT+0800 (China Standard Time)

Fair point, will change this with the next release.

Ferdinand Mütsch · Answer 4 · Sun Mar 31 2024 04:15:54 GMT+0800 (China Standard Time)

Actually, I found a bug with the latest release. Please do not set WAKAPI_MAX_INACTIVE_MONTHS to -1. Will push a fix in a second.

Kipras Melnikovas · Answer 5 · Thu Apr 11 2024 01:24:38 GMT+0800 (China Standard Time)

@muety any reason why you've made this opt-out instead of opt-in? again, since many people will want to self-host, this is an easy thing to miss and could end up being really annoying..
thanks

Ferdinand Mütsch · Answer 6 · Thu Apr 11 2024 01:37:44 GMT+0800 (China Standard Time)

It's opt-out (default value is -1), only forgot to update README.

Kipras Melnikovas · Answer 7 · Thu Apr 11 2024 01:43:25 GMT+0800 (China Standard Time)

sweet, thanks