User Data Deletion Process Flow
Process Overview
┌─────────────────────────────────────────────────────────────────────────────────┐
│ USER DATA DELETION PROCESS │
└─────────────────────────────────────────────────────────────────────────────────┘
1. USER REQUEST INITIATION
┌─────────────────┐
│ User accesses │
│ /data-deletion │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ User fills form │
│ (name, email, │
│ reason) │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ Form submission │
│ validation │
└─────────┬───────┘
│
▼
2. AUTOMATIC ASANA TICKET CREATION
┌─────────────────┐
│ POST /api/ │
│ data-deletion │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ Create Asana │
│ task with: │
│ - 30-day SLA │
│ - Data deletion │
│ category │
│ - User details │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ Return success │
│ to user │
└─────────────────┘
3. ADMINISTRATIVE PROCESSING
┌─────────────────┐
│ Admin reviews │
│ Asana tickets │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ Admin accesses │
│ /admin/user- │
│ deletion │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ Enter user ID │
│ for lookup │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ GET /api/admin/ │
│ users/{userId} │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ Display user │
│ info for │
│ confirmation │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ Admin confirms │
│ deletion │
└─────────┬───────┘
│
▼
4. COMPREHENSIVE DATA DELETION
┌─────────────────┐
│ DELETE /api/ │
│ admin/users/ │
│ {userId} │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ UserDeletion │
│ Service: │
│ - MongoDB │
│ collections │
│ - Auth0 account │
│ - Waitlist │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ Return deletion │
│ results │
└─────────┬───────┘
│
▼
5. MANUAL TICKET CLOSURE
┌─────────────────┐
│ Admin verifies │
│ deletion │
│ completed │
└─────────┬───────┘
│
▼
┌─────────────────┐
│ Admin closes │
│ Asana ticket │
│ with notes │
└─────────────────┘
┌─────────────────────────────────────────────────────────────────────────────────┐
│ AUDIT TRAIL COMPLETE │
└─────────────────────────────────────────────────────────────────────────────────┘
Data Deletion Scope
MongoDB Collections (13 total):
- Candidate (primary profile)
- CandidateProfileCache (cached data)
- CandidateSummary (professional summaries)
- CandidateSearchIndex (search entries)
- Achievement (user achievements)
- Challenge (challenge participation)
- CompetencyEvidence (competency data)
- Education (educational background)
- EmploymentStint (employment history)
- Interview (interview data/recordings)
- LeadershipQuote (leadership quotes)
- NetworkConnection (network connections)
- Preference (user preferences)
External Systems:
- Auth0 (user account)
- Waitlist (if applicable)
SOC2 Compliance Features
Access Control:
- Admin-only deletion functionality
- @qwestly.co email verification
- Authentication required for all operations
Audit Trail:
- User request timestamp
- Asana ticket creation with SLA
- Admin action logging
- Deletion results tracking
- Manual ticket closure
Data Protection:
- Comprehensive deletion across all systems
- Error handling and logging
- 30-day SLA compliance
- Legal retention compliance
Process Integrity:
- Formal request process
- Administrative oversight
- Clear user consent
- Complete audit trail