Delete user's files to be GDPR compliant

If a user deletes his account, I delete his User and other types associated to this specific user (I already have the workflow ready for this). However, is there a way to delete ALL the files corresponding to a specific user (for example, the files uploaded to a Wishlist linked to a User) to be GDPR compliant? I see there’s a way to delete one file, but if we really want to solve this problem in an automated way, we would need to delete all the files that were uploaded by a certain user. Looking forward for options! :smiley: Thanks!

Hi @eurogar :slight_smile: I’m not sure if this is the best way, but one way could be to set up an API workflow with the delete file action, and then schedule that API workflow on the list(s) of files that a User has created. So the way to delete an account would first be to run the delete file API workflows on the lists of files a User has created, make sure those files are all deleted, and then delete the User thing and the other types associated with that User?


Hi @fayewatson! Thanks for the answer :slight_smile: Indeed, that would be a nice option if there would be a way to “delete list of uploaded files” (and the option to select all the files created by a User). However, with respect to files, you can only delete one single file by using the URL of that file. Since the files in my system can be in many different places and I don’t want to get crazy building many many different connections (that will change along time), I’d need to refer to a list of files to delete that were create by a specific User. But this option is not available (right…?)

Even if you go to the File Manager (to search and delete files manually), you can only search files by name of the file (something that in general I don’t know), while what I need is to search by User (using the unique_id). So at the end, the only option I can come up with is requesting Bubble to manually delete all the files created by a specific User (once the User has been deleted) every time a User requires me to delete all his/her data. I see a huge bottleneck here to be fully data protection compliant :frowning:

I haven’t done much with files but I can think of two possible options:

  1. If you know the different data types your users can upload files to, can you not use merged search results to build a list of file URLs for deletion when the user deletes their account? You could then run an api workflow on that list to delete each file. So let’s say a user can upload multiple certificates to a Certificate data type, but they can also upload several audio files and images against Note records. The idea is to run an API workflow on a list that is of type text and is made up by merging search results of certificate URLs, Note audio URLs and Note image URLs. Your API workflow will take a text parameter which you would set as the URL for deletion in the delete uploaded file action.
  1. Every time a file is uploaded, add its filename to an ‘uploaded files’ list of texts field on the User’s record. Then when they delete their account, first run an API workflow on the uploaded files list.

That looks like an intelligent idea! I’m definitely going to try the point 2 first :slight_smile: Love it! Thanks a lot, @louisadekoya !


This topic was automatically closed after 70 days. New replies are no longer allowed.