GDPR API
3 endpoints. EU compliance affordances for end users.
| Method | Path | Purpose |
|---|---|---|
POST |
/v1/gdpr/export |
Request a full data export for the calling user. |
POST |
/v1/gdpr/erase |
Request erasure (right to be forgotten). |
PUT |
/v1/gdpr/consent/ai-training |
Set / unset consent for AI training data. |
POST /v1/gdpr/export#
Async — queues an export job, returns a job id:
json
1 | |
The job:
- Collects every event, note, todo, media, audio, comment, reaction the calling user authored or owns.
- Bundles them as a ZIP with a manifest similar to room export.
- Uploads to a one-shot signed URL (valid for 7 days).
- Notifies the user via email and an in-app notification.
Cross-tenant federated participants get their own server's export output — your server only exports what's stored locally.
POST /v1/gdpr/erase#
jsonc
{
"scope": "all", // or specific list of room_ids / note_ids
"delete_account": false, // if true, the participant row is also removed
"reason": "Optional free-text"
}
Async. Erasure:
- Redacts every event the user authored (body wiped, sender_id preserved for audit consistency).
- Deletes every note + audio they own.
- Anonymises their participant row (display_name → "Erased user").
- If
delete_account=true, removes the participant row too — rooms they were the sole admin of get ownership transferred (or archived if no other admin exists).
Returns immediately with a job id. Erasure typically completes within a minute.
PUT /v1/gdpr/consent/ai-training#
json
1 | |
When false, this user's messages and notes are excluded from any
training-data export job the tenant might run. Default at tenant
level is configurable; users can override per-user.