Privacy Settings

Grant provides built-in privacy controls for GDPR compliance: data export, account deletion with configurable retention, and automated cleanup.

Data Export

Users can download all their personal data as a structured JSON file.

Included:

Excluded (for security):

Endpoints:

bash

# REST (file download)
GET /api/me/export
Authorization: Bearer <token>

graphql

# GraphQL
query {
  myUserDataExport {
    user {
      id
      name
      email
    }
    accounts {
      id
      name
    }
    exportedAt
  }
}

Users can only export their own data — the authenticated user's identity determines the export scope.

User confirms intent by entering their user ID (works for all auth methods, including OAuth)
All accounts owned by the user are soft-deleted (deletedAt timestamp set)
All sessions are invalidated
After the retention period, the cleanup job permanently deletes the data

Type	Behavior	Reversible
Soft delete (default)	Marks with `deletedAt`, retains for retention period	Yes — within retention window
Hard delete	Immediate permanent removal	No

Endpoints:

graphql

mutation {
  deleteAccounts(input: { userId: "user-uuid", hardDelete: false }) {
    id
    deletedAt
  }
}

bash

DELETE /api/me
Authorization: Bearer <token>
Content-Type: application/json
{ "userId": "user-uuid", "hardDelete": false }

Setting	Env Variable	Default
Account deletion retention	`PRIVACY_ACCOUNT_DELETION_RETENTION_DAYS`	30 days
Backup retention	`PRIVACY_BACKUP_RETENTION_DAYS`	90 days
Cleanup schedule	`JOBS_DATA_RETENTION_SCHEDULE`	`0 2 * * *` (daily 2 AM)

The data retention cleanup job runs on the configured schedule and:

See Job Scheduling for details on the cleanup job.

Right	Implementation
Data portability	JSON export via `GET /api/me/export`
Right to erasure	Account deletion with `DELETE /api/me`
Data retention	Configurable periods with automated cleanup
Transparency	Export shows all stored personal data
Audit trail	All deletions logged — see Audit Logging

Related: