Sample of general purpose functions for user data deletion and export
This is not an official Google product. This repo is an example of using Cloud
Functions for Firebase to protect user privacy. Specifically, it demonstrates
removing user data from specific services (Realtime Database, Firestore, and
Storage) when they delete their account (the clearData
function)
and copying out data at when a user requests it (the exportData
function).
The functions are flexible and easy to change to fit the needs of your specific
users and apps.
This sample is no longer actively maintained and is left here for reference only.
The index.js
file has comments about how the functions work; this is about
how to wire it up.
The developer specifies the paths to data to clear or export. Those paths
live in user_privacy.json
. The data structures vary for each of the products:
"/users/uid/follows/..."
{
"collection": "admins",
"doc": "UID_VARIABLE",
"field": "email"
}
["cool-project.appspot.com", "users/uid/avatar.jpg"]
The clearData function as written is triggered when a user deletes their account using Firebase Auth, and it performs a deletion from all three services.
Steps to start using clearData:
require
s and convenience variables) in functions/index.js
user_privacy.json
, add paths to personal information for all the
products you’re using.Clearing the data is implemented by collecting a promise for every deletion event that needs to occur. Only when all promises resolve is the clear considered complete. Keep that in mind if you send a confirmation message that the data has been removed.
The exportData function is triggered via a HTTP request. The sample app in
/public
has a button that’s wired up to trigger a data export; in a
traditional app, this could be in settings.
In order to start using it:
functions/index.js.
user_privacy.json
, add:
"exportDataUploadBucket"
key that maps to the name of your primary
bucket (or in the case of the free tier, your only bucket).public/index.html
makes a POST
request and a rewrite entry in firebase.json
reroutes the request to the
function.For Realtime Database and Firestore we write the user data into a JSON document. For Storage we write a JSON document containing an index of stored files, and copy the files themselves into a folder.
Adding Storage Rules to protect the exported data is extremely important;
without Rules, the exported data could be broadly available. The clearData
function uploads to a top level /exportData
folder, and the Storage
Rules restrict access to the specific user who requested export. To protect the
exported data:
firebase init
flow.
This project uses Hosting, Functions, the RealTime Database, Firestore, and
Storage.cd
into the functions
directory and npm install
firebase deploy