In some cases, an in-app account deletion button is required to allow your customers to quickly request deleting their accounts. In this article, we explain how to implement such a button with MineOS.
Background
Both the Apple App Store and Google Play Store have introduced new privacy requirements for apps published in their stores. While some differences exist between them, both require users to have a way to delete their accounts and any personal data.
Failure to meet these requirements can get your app removed from the store.
The Full Guidelines
Setting up
Step 1: Add an account deletion button in your app
Add a button to your App that will be used for account deletion. This button needs to call and endpoint in your app's backend that will in turn, call the MineOS API:
Security & Best Practices
- Place this button behind the login, such as the account settings page. Having the button behind a login ensures that when it's clicked, the app's developer has all the user details they need to create a request. This avoids situations when you need to display a form and verify the details entered.
- Properly communicate that account deletion cannot be undone. This can be achieved by showing a confirmation to the user and/or clearly marking this operation as irreversible.
- Prompt the user for his password when clicking the button. Since apps are mostly accessed from mobile devices that can be stolen, it's best practice to re-prompt the user for his password or OTP code if the current session is not new. This ensures the person making the request is the legitimate account owner.
- Never call the MineOS API from your app. Doing so requires you to distribute the MineOS API Key as part of your app bundle, which is insecure and creates maintenance difficulties.
Step 2: Call MineOS API to create a deletion request
Start by creating an API Key for your MineOS account: https://developers.mineos.ai/docs/authentication
Now, use the MineOS Request Creation API to create requests using the API Key you just created. Make sure to set the following fields:
- requestTypeId = 'delete'.
- Basic contact information such as firstName, lastName, email.
- The following fields are optional but are useful for working with DSR workflows: countryCode, state. Note: You don't need to get the user's current location; Using the locale from regional settings is enough for this case.
Examples:
iOS: getting the user's country code in Swift 3:
NSLocale.current.regionCode
Browser: Getting the user's country code in Javascript:
navigator.language.slice(-2)
Email notifications
Email communications with the requesting user use the templates selected when setting up the DSR workflow.
Custom Fields
Any additional identifiers or custom metadata that should be added to the request can be sent using the custom fields parameter of the Create Request API. Such identifiers usually include: user/account ID, app name etc.
For more information on this topic see:
Example API Call
curl --request POST \
--url 'https://api.portal.saymine.com/api/Ticket/Create/v2?test=false' \
--header 'Authorization: Bearer ****************' \
--header 'accept: application/json' \
--header 'content-type: application/*+json' \
--data '
{
"customFields": {
"$internalId": "53732298-98b8-4275-8983-93dc349f5bef",
"appName": "com.example.app"
},
"firstName": "John",
"lastName": "Doe",
"email": "johndoe@example.com",
"countryCode": "US",
"state": "CA",
"requestTypeId": "delete"
}
'
Step 3: Setting up a DSR workflow
- In your MineOS account, go to "DSR Handling -> DSR Setup" and make sure the "delete my data" right is enabled.
- Click 'Edit' to set the regions and workflows for handling the deletion request. When setting up a workflow, you also select an email template.
