_private/qwestly-private-docs/SOC2/data-management/user-deletion/index.md

Table of Contents

User Data Deletion Process

Overview

This document outlines Qwestly's comprehensive user data deletion process designed to meet SOC2 compliance requirements. The process ensures proper handling of data deletion requests from initiation to completion, with full audit trails and administrative oversight.

Process Flow

1. User Data Deletion Request Initiation

Location: /data-deletion page
Access: Public (no authentication required)
Purpose: Allow users to formally request deletion of their personal data

User Experience:

  • User accesses the data deletion page
  • Form displays clear information about what data will be deleted:
    • Active Profile Data (career profile, professional summary, preferences, account settings)
    • Interview Data (recordings, transcripts, related data)
    • Anonymous Usage Data (platform analytics, matching data)
    • Authentication Access (user will be logged out permanently)
  • User fills out required fields:
    • Name (required)
    • Email (required)
    • Reason for deletion (optional)
  • User submits the request

Technical Implementation:

  • Form validation using Zod schema
  • Client-side validation for required fields
  • Clear warnings about permanent data loss
  • Success message explains 30-day processing timeline

2. Automatic Asana Ticket Creation

Location: /api/data-deletion endpoint
Trigger: User form submission
Purpose: Create formal tracking ticket for administrative processing

Process Details:

  • API endpoint receives deletion request
  • Validates request data using Zod schema
  • Attempts to capture authenticated user ID (if available)
  • Creates Asana task with specific configuration:
    • Category: "Data Deletion" (custom category)
    • Subject: Prefixed with "🔒 DATA DELETION REQUEST -"
    • Description: Includes user ID, contact info, and reason
    • Due Date: Automatically set to 30 days from creation (SLA compliance)
    • Project: "Support Tickets" Asana project

Asana Task Configuration:

const taskData = {
  data: {
    name: "🔒 Customer Data Deletion Request",
    notes: `User ID: ${userId || 'Not authenticated'}

Data Deletion Request Details:

Reason for deletion: ${reason || "Not provided"}

This is a formal request for data deletion in compliance with SOC2 and privacy regulations.`,
    projects: [ASANA_PROJECT_ID],
    completed: false,
    due_on: getDueDateIn30Days()
  }
};

Audit Trail:

  • Asana task ID logged for tracking
  • User contact information preserved
  • Timestamp automatically recorded
  • Due date ensures SLA compliance

3. Administrative Review and Processing

Location: /admin/user-deletion page
Access: Admin-only (@qwestly.co email required)
Purpose: Allow authorized administrators to process deletion requests

Admin Workflow:

  1. User Lookup:

    • Admin enters user ID from Asana ticket
    • System fetches user details from Auth0
    • Displays user name and email for verification
    • Shows comprehensive list of data that will be deleted

  2. Data Deletion Confirmation:

    • Admin reviews user information
    • Confirms understanding of deletion scope
    • Clicks "Delete User Data" button
    • System performs comprehensive data deletion

Technical Implementation:

  • RESTful API endpoint: DELETE /api/admin/users/{userId}
  • Admin authentication verification
  • User existence validation
  • Comprehensive data deletion using UserDeletionService

4. Comprehensive Data Deletion

Service: UserDeletionService.deleteUserCompletely()
Purpose: Remove all user data across all systems

Data Deletion Scope:

MongoDB Collections (via Mongoose):

  • Candidate - Primary user profile
  • CandidateProfileCache - Cached profile data
  • CandidateSummary - Professional summaries
  • CandidateSearchIndex - Search index entries
  • Achievement - User achievements
  • Challenge - Challenge participation
  • CompetencyEvidence - Competency evidence
  • Education - Educational background
  • EmploymentStint - Employment history
  • Interview - Interview data and recordings
  • LeadershipQuote - Leadership quotes
  • NetworkConnection - Network connections
  • Preference - User preferences

External Systems:

  • Auth0: User account deletion
  • Waitlist: Removal from waitlist (if applicable)

Deletion Process:

  1. Database Cleanup: Delete all records with matching user_id
  2. Auth0 Deletion: Remove user account from Auth0
  3. Waitlist Removal: Remove from waitlist if present
  4. Result Tracking: Log deletion counts and any errors
  5. Audit Logging: Record admin who performed deletion

Error Handling:

  • Individual collection deletion failures don't stop overall process
  • All errors logged and returned in response
  • Partial deletion results tracked
  • Admin notified of any issues

5. Asana Ticket Closure (Manual Process)

Location: Asana "Support Tickets" project
Responsibility: Processing admin
Purpose: Complete the audit trail and close the request

Closure Process:

  1. Verification: Confirm all data has been deleted
  2. Documentation: Add notes about deletion completion
  3. Resolution: Mark task as completed in Asana
  4. Notification: Update requester (if contact information available)

Required Documentation:

  • Confirmation of data deletion completion
  • Any exceptions or partial deletions
  • Admin who performed the deletion
  • Completion timestamp

Compliance Features

SOC2 Requirements Addressed:

CC6.1 - Logical Access Security

  • Admin-only access to deletion functionality
  • Email domain verification (@qwestly.co requirement)
  • Authentication required for all admin operations

CC6.2 - Access Restriction

  • Role-based access control for admin functions
  • Principle of least privilege - only admins can delete data
  • Access logging through Auth0 and application logs

CC6.3 - Data Protection

  • Comprehensive data deletion across all systems
  • Audit trail through Asana ticket system
  • Data retention compliance with legal requirements

CC6.6 - Data Processing Integrity

  • Formal request process with clear user consent
  • Administrative oversight for all deletions
  • Error handling and logging for process integrity

Data Retention Compliance:

Standard Retention Periods (from Data Management Policy):

  • Active profiles: While active
  • Inactive profiles: 3 years
  • Interview data: 3 years
  • Anonymous usage: Up to 3 years
  • Financial data: 7 years (legal requirement)
  • Background checks: 2 years or by law
  • AI training data: 7 years (anonymized)
  • Consent records: 10 years (legal compliance)

Deletion Exceptions:

  • Some data may be retained longer due to legal requirements
  • Only legally permissible data is deleted
  • Financial and consent records may be retained per legal obligations

Technical Architecture

API Endpoints:

  • POST /api/data-deletion - User deletion request
  • GET /api/admin/users - Admin user info
  • GET /api/admin/users/{userId} - User lookup
  • DELETE /api/admin/users/{userId} - User deletion

Services:

  • AsanaService - Ticket creation and management
  • UserDeletionService - Comprehensive data deletion
  • Auth0Service - User account management

Database Models:

  • 13 MongoDB collections with user data
  • Mongoose-based deletion for data integrity
  • Version tracking and validation

Monitoring and Auditing

Logging Requirements:

  • All deletion requests logged
  • Admin actions tracked with user identification
  • Error conditions logged with full context
  • Asana task IDs preserved for audit trail

Audit Trail Components:

  1. User Request: Form submission timestamp and data
  2. Asana Ticket: Task creation with due date and SLA
  3. Admin Action: User lookup and deletion execution
  4. Deletion Results: Comprehensive deletion outcome
  5. Ticket Closure: Manual completion in Asana

SLA Compliance:

  • 30-day processing deadline automatically set
  • Due date tracking in Asana
  • Escalation process for overdue tickets
  • Completion verification before ticket closure

Security Considerations

Access Control:

  • Admin-only deletion functionality
  • Email domain verification
  • Authentication required for all operations
  • Principle of least privilege

Data Protection:

  • Comprehensive deletion across all systems
  • Error handling prevents partial deletions
  • Audit logging for all operations
  • Secure API endpoints with proper validation

Privacy Compliance:

  • Clear user consent process
  • Transparent data deletion scope
  • Formal request tracking
  • Administrative oversight

Process Improvements

Future Enhancements:

  1. Automated Ticket Closure: System could automatically close Asana tickets upon successful deletion
  2. Email Notifications: Send confirmation emails to users upon completion
  3. Bulk Deletion: Support for processing multiple deletion requests
  4. Deletion Scheduling: Allow scheduling deletions for specific times
  5. Enhanced Reporting: Detailed deletion reports for compliance audits

Monitoring Recommendations:

  1. SLA Tracking: Monitor 30-day deadline compliance
  2. Error Rate Monitoring: Track deletion failure rates
  3. Admin Activity Logging: Enhanced audit trails
  4. Performance Metrics: Deletion process timing and efficiency

Conclusion

This user data deletion process provides comprehensive SOC2 compliance through:

  • Formal request process with clear user consent
  • Administrative oversight with proper access controls
  • Comprehensive data deletion across all systems
  • Complete audit trail through Asana ticket system
  • SLA compliance with 30-day processing deadline
  • Error handling and logging for process integrity

The process ensures that user data deletion requests are handled professionally, securely, and in compliance with SOC2 requirements while maintaining full auditability and administrative control.