#gdpr#back office
⚠ Urgent
Reminder: 2/26/2026, 7:57:00 AM

If we take them out of firebase perhaps we can purge them in reverse, if not in fireball do not restore


TaskLoco — Deleted Account Data Purge System

Problem Statement

  • Users who permanently delete their account have data wiped from live DynamoDB tables and live S3 bucket (tasklocodetails)
  • Data survives in (a) S3 backup buckets and (b) DynamoDB PITR snapshots for up to 35 days
  • A disaster recovery restore could resurrect permanently deleted user data
  • Re-registration is intentionally allowed since Firebase Auth is preserved

Part 1 — Expand Existing Delete Lambda to Purge S3 Backup Buckets

  • Add tasklocodetails-snapshot and tasklocodetails-synchronized to the Lambda's S3 deletion logic
  • Use same deleteS3Prefix function already in Lambda, just target the backup bucket names
  • Run against private/{userUID}/ and public/{userUID}/ in both backup buckets
  • Result: S3 data is permanently and immediately unresurrectable on account deletion

Part 2 — Back Office Reconciliation Lambda

  • New Lambda: TaskLoco_PostRestoreReconciliation
  • Scans all 6 tables: LocoTasks, LocoUsers, LocoAttachments, LocoTags, LocoReminders, LocoDevices
  • Queries TaskLoco_DeletedAccounts to get all deleted users and their deletedAt timestamps
  • For each deleted user, removes any records where data timestamp is OLDER than deletedAt
  • Preserves data created AFTER deletedAt (handles re-registration scenario)
  • Intended to be run manually after any PITR restore event

Part 3 — Admin Back Office UI

  • Admin-only route in Angular app, e.g. /admin
  • Guard checks that signed-in Firebase UID matches hardcoded Cary Abramoff UID
  • Single button: "Run Post-Restore Reconciliation"
  • Displays results: tables scanned, records deleted, users processed
  • No public access, no listing in nav

Part 4 — Privacy Policy & Terms Updates

  • Add clause stating backup retention period is up to 35 days
  • State that S3 file backups are purged immediately and permanently on deletion
  • State that DynamoDB PITR backups may retain deleted data for up to 35 days per AWS backup rotation policy
  • Note that in the event of a disaster recovery restore, a reconciliation process is run to re-delete any restored data belonging to deleted accounts
  • This is GDPR-compliant standard practice

Free account · Sign in with Google · Takes 10 seconds

TaskLoco