user-data-rights
Implements GDPR Art. 15 (access / my-audit-log query), Art. 17 (erasure / request-deletion + cancel-deletion, plus the anonymous email-verified request-deletion-by-email + confirm-deletion-by-token flow for lockout-safe self-service, + cron cleanup with grace period), Art. 18 (restriction / restrict-account + lift-restriction), and Art. 20 (portability / async request-export → ZIP via file-foundation, Magic-Link download) as first-class HTTP handlers and cron jobs. Each domain feature opts in by calling r.useExtension(EXT_USER_DATA, "<entity>", { export, delete }) — the feature then orchestrates the export and forget pipelines across all registered hooks automatically. Requires user, data-retention, compliance-profiles, and sessions.
Dependencies
Section titled “Dependencies”- Requires:
user,data-retention,compliance-profiles,sessions - Activation: always on (not toggleable)
Extensions & cross-feature APIs
Section titled “Extensions & cross-feature APIs”- Exposes API:
userDataRights.runForget,userDataRights.runExport - Uses API:
compliance.forTenant,retention.policyFor,sessions.revokeAllForUser