Clear and export end-user data

To help you help your users control their data, the Firebase team created a library that simplifies two common user data processes:

• clearData: deletes a user's data from specific Firebase services (currently Realtime Database, Firestore, and Storage) when they delete their account through Firebase Authentication.

• exportData: saves a copy of a user's data from Firebase services to a JSON string, and uploads it to Cloud Storage so they can easily download it for themselves.

Keep reading to find out how to add the functions to your app, or jump right in to the code at the Firebase user privacy GitHub repo.

Add clearData or exportData to your app

The clearData and exportData functions in the library are implemented as Cloud Functions that operate on data in Realtime Database, Cloud Storage, and Cloud Firestore. Adding the functions in your own app is a three step process:

1. Edit the library's user_privacy.json file to reflect your app's Realtime Database, Cloud Firestore, and Cloud Storage schema.
2. Deploy clearData and exportData as Cloud Functions.
3. Implement triggers for the functions in your app.
4. Secure clearData data with storage rules.

Edit the library's user_privacy.json file

To get started, clone or download the Firebase user privacy GitHub repo.

When you've done that, open functions/user_privacy.json in a text editor. The json file has a series of customizable paths that the clearData and exportData functions use to find your app's data in Realtime Database, Cloud Firestore, and Cloud Storage. If your app only uses one or two of those services, start by deleting the JSON objects associated with the unused services.

With the objects gone, you can begin to replace the remaining services' placeholder values with the actual data structures your app uses.

Add Realtime Database paths to user data

To customize user_privacy.json for your app's Realtime Database instance, replace the list of placeholder strings under "database" with actual paths to user data:

...
  "database": {
    "clear": [
      "/users/UID_VARIABLE",    // Replace with your
      "/admins/UID_VARIABLE"    // actual RTDB paths
    ],
    "export": [
      "/users/UID_VARIABLE",    // Replace with your
      "/admins/UID_VARIABLE"    // actual RTDB paths
    ]
  },
...

If you only want to add one of the functions to your app, you can delete the other function's object, instead of filling it in with your data.

Add Cloud Firestore objects containing user data

To customize user_privacy.json for your app's Cloud Firestore instance, replace the list of placeholder objects under "firestore" with actual Cloud Firestore objects containing user data:

...
  "firestore": {
    "clear": [
      {"collection": "users", "doc": "UID_VARIABLE", "field": "name"},
      {"collection": "users", "doc": "UID_VARIABLE"},    // Replace with your
      {"collection": "admins", "doc": "UID_VARIABLE"}    // actual Firestore paths
    ],
    "export": [
      {"collection": "users", "doc": "UID_VARIABLE", "field": "name"},
      {"collection": "users", "doc": "UID_VARIABLE"},    // Replace with your
      {"collection": "admins", "doc": "UID_VARIABLE"}    // actual Firestore paths
    ]
  },
...

If you only want to add one of the functions to your app, you can delete the other function's object, instead of filling it in with your data.

Add the Cloud Storage bucket and file name with user data

To customize user_privacy.json for your app's Cloud Storage instance, replace the placeholder storage bucket and file name under "storage" with the actual values:

...
  "storage": {
    "clear": [    // Replace with your actual storage data
      ["clear-export.appspot.com", "UID_VARIABLE/sample_data.json"],
      ["clear-exportappspot.com", "UID_VARIABLE"]
    ],
    "export": [    // Replace with your actual storage data
      ["clear-export.appspot.com", "UID_VARIABLE/sample_data.json"]
    ]
  },
...

If you only want to add one of the functions to your app, you can delete the other function's object, instead of filling it in with your data.

Deploy clearData and exportData as Cloud Functions

If you're not familiar with Cloud Functions yet, read up on how to use them in the Cloud Functions Get Started guide.

Once you're comfortable with Cloud Functions, add the clearData and exportData functions to your project:

1. Copy your customized user_data.json to your functions directory.
2. Copy code from the user privacy library's index.js to your project's index.js.
   • If you're not using clearData, omit the clearData, clearDatabaseData, clearFirestoreData, and clearStorageData functions.
   • If you're not using exportData, omit the exportData, exportDatabaseData, exportFirestoreData, and exportStorageData functions.
3. Deploy your functions.

Implement triggers for clearData and exportData

Each function requires a different trigger:

• clearData: triggered when a user deletes their account through Authentication.
• exportData: triggered by an HTTP request.

Implement a clearData trigger

To trigger a clearData event, you need to use a method from Authentication. If you haven't done it yet, add Authentication to your app: Apple platforms, Android, or web.

Then, add a way to invoke the Authentication SDK's delete method for your platform:

FirebaseAuth.User.delete { error in
  if let error = error {
    print("Error deleting user: \(error)")
  }
}

FirebaseAuth.getCurrentUser().delete();

firebase.auth().currentUser.delete().catch(function(error) {
  if (error.code === 'auth/requires-recent-login') {
    window.alert('Please sign-in and try again.');
    firebase.auth().signOut();
  }
});

Implement an exportData trigger

To implement an exportData trigger, add a button or link to your app that invokes the function via an HTTP request. Read more about invoking functions over HTTP in Call functions via HTTP requests.

Request details:

• Type: POST
• URL: https://us-central1-<var>PROJECT-ID<.var>.cloudfunctions.net/exportData
• Body: <var>CURRENT_USER'S_UID</var>

Invoke the function directly in Firebase Hosting

If your app is a web app hosted on Firebase Hosting, you can invoke your clearData function through a rewrite entry in the site's firebase.json file:

  "hosting": {
    "rewrites": [
       {"source": "/exportData", "function": "exportData"}
    ]
  }

Secure exportData data with storage rules

To keep your users' exported data private, add Cloud Storage rules that restrict access to the exporting user.

1. Visit Storage in the Firebase console.
2. Open the Rules tab.
3. Paste the following rule, then click Publish:

service firebase.storage {
  match /b/{bucket}/o {
    match /exportData {
      // Only allow access to the user who requested the export
      match /{uid} {
        allow read, write: if request.auth.uid == uid
      }
      match /{uid}/{path=**} {
        allow read, write: if request.auth.uid == uid
      }
    }
    // Other application rules...
  }
}