Give users the ability to deactivate their account and destroy personal info

Question

Give users the ability to deactivate their account and destroy personal info

tobyzerner opened this issue 10 years ago · 7 comments

_1 Upvote_ Before Flarum reached beta, we had implemented a feature that allowed users to delete their account, purging it completely from the database. However, we quickly realised this was problematic for various reasons.

Instead we want to offer users the ability to permanently deactivate their account: make it so it can't be logged into, and remove their email and other personal info from the database.

What needs to be done:

Create a DeleteAccountModal which gives users info about what it means and confirms that they want to proceed
Add a button to the SettingsPage (accountItems) that opens the DeleteAccountModal
Make the DELETE /users/{id} API endpoint only disable the account for non-admin users, rather than deleting it completely...
...where "disabling" means setting their email to null, and destroying their avatar/bio.
We would want this to require a sudo mode token (#250)

Answer 1 · 2015-08-31T07:36:43.000Z

Just 2 cents on the deletion process:

The company I work for is hosting and managing more than 50 forums. We often deal with the problem that users want their deletion undone the next day or so. We created our own deletion process that puts the accounts on inactive (this hides any personal information) for around 30 days and sends the users a mail with a re-activation link. If no action occurs, the account is completely deleted after the 30-day period.

This takes a lot of work from the community managers shoulders, as they no longer have to respond to that many re-activation and deletion requests.

Answer 2 · 2015-08-31T08:40:35.000Z

+1 @darkspotinthecorner

Answer 3 · 2016-04-30T08:12:27.000Z

Make the DELETE /users/{id} API endpoint only disable the account for non-admin users, rather than deleting it completely...
...where "disabling" means setting their email to null, and destroying their avatar/bio.

Disabling the account should:

Place the account in "suspended permanently" status (to prevent access to content).
Nullify the user's email address, bio, and avatar (as above).
Disable all email notification settings (to prevent attempts to send email to a null address).

It might also be good to add a flag that extension developers can use to identify a bit of information that should be nullified when the account is disabled. That would come in handy for an extension that adds custom fields to the profile page, for example (not to mention the bio, once it becomes an extension).

Answer 4 · 2020-01-19T01:56:10.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum.
In any case, thanks for taking an interest in this software and contributing by opening the issue in the first place!

Answer 5 · 2020-02-18T02:54:02.000Z

We are closing this issue as it seems to have grown stale. If you still encounter this problem with the latest version, feel free to re-open it.

Answer 6 · 2020-11-06T21:27:22.000Z

I want to throw in my two cents that we have users who care very deeply about their privacy, so we would like to allow users to automatically delete their account. It's okay for a temporary window perhaps (maybe 30 days) before the action is completed fully, but the window would only be for a user to reverse the action, or for mods to indicate it's required to keep the user records for a compliance purpose.

Answer 7 · 2021-05-29T23:52:48.000Z

I think this should be dispersed towards the community, an initiative for GDPR compliance was already started and needs some additional effort to allow configurable ways to delete/invalidate accounts.