Allow users to remove their account

Question

I am developing a gallery which allows users to post photos, comments, vote and do many other tasks.

Now I think that it is correct to allow users to unsubscribe and remove all their data if they want to. However it is difficult to allow such a thing because you run the risk to break your application (e.g. what should I do when a comment has many replies? what should I do with pages that have many revisions by different users?).

Photos can be easily removed, but for other data (i.e. comments, revisions...) I thought that there are three possibilities:

• assign it to the admin
• assign it to a user called "removed-user"
• mantain the current associations (i.e. the user ID) and only rename user's data (e.g. assign a new username such as "removed-user-24" and a non-existent e-mail such as "[email protected]"

What are the best practices to follow when we allow users to remove their accounts? How do you implement them (particularly in Rails)?

Answer 1

I've typically solved this type of problem by having an active flag on user, and simply setting active to false when the user is deleted. That way I maintain referential integrity throughout the system even if a user is "deleted". In the business layer I always validate a user is active before allowing them to perform operations. I also filter inactive users when retrieving data.

Answer 2

The usual thing to do is instead of deleting them from a database, add a boolean flag field and have it be true for valid users and false for invalid users. You will have to add code to filter on the flag. You should also remove all relevant data from the user that you can. The primary purpose of this flag is to keep the links intact. It is a variant of the renaming the user's data, but the flag will be easier to check.

Answer 3

I generally don't like to delete anything and instead opt to mark records as deleted/unpublished using states (with AASM i.e. acts as state machine).

I prefer states and events to just using flags as you can use events to update attributes and send emails etc. in one foul swoop. Then check states to decide what to do later on.

HTH.

Answer 4

I would recommend putting in a delete date field that contains the date/time the user unsubscribed - not only to the user record, but to all information related to that user. The app should check the field prior to displaying anything. You can then run a hard delete for all records 30 days (your choice of time) after the delete date. This will allow the information not to be shown (you will probably need to update the app in a few places), time to allow the user to re-subscribe (accidental or rethinking) and a scheduled process to delete old data. I would remove ALL information about the member and any related comments about the member or their prior published data (photos, etc.)

Answer 5

I am sure it changing lot since update with Data Protection and GDPR, etc.

the reason I found this page as I was looking for advice because of new Apply policy on account deletion requirements extended https://developer.apple.com/news/?id=i71db0mv

We are using Ruby on Rails right now. Your answers seem a little outdated? or not or still useful right now

I was thinking something like that

create a new table “old_user_table” with old user_id , First name, Second name, email, and booking slug.

It will allow keep all users who did previous booking. And deleted their user ID in the app. We need to keep all records for booking for audit purpose in the last 5 years in the app.

the user setup with this app, the user but never booking, then the user will not transfer to “old_user_table” cos the user never booking.

Does it make sense? something like that?