Andrei aa1ebf51e6 Add GDPR & COPPA compliance features ...

Implements full regulatory compliance for data privacy and child protection:

**GDPR Compliance (Right to Data Portability & Right to Erasure):**
- Data export API endpoint (GET /compliance/data-export)
- Exports all user data across 7 entities in JSON format
- Account deletion with 30-day grace period
- POST /compliance/request-deletion
- POST /compliance/cancel-deletion
- GET /compliance/deletion-status
- Scheduled job runs daily at 2 AM to process expired deletion requests
- Audit logging for all compliance actions

**COPPA Compliance (Children's Online Privacy Protection):**
- Age verification during signup (blocks users under 13)
- Parental consent requirement for users 13-17
- Database fields: date_of_birth, coppa_consent_given, parental_email
- Audit logging for consent events

**Technical Implementation:**
- Created ComplianceModule with service, controller, scheduler
- V015 migration: deletion_requests table
- V016 migration: COPPA fields in users table
- Updated User entity and RegisterDto
- Age calculation helper in AuthService
- Installed @nestjs/schedule for cron jobs

All endpoints secured with JwtAuthGuard. Backend compiles with 0 errors.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-02 15:32:24 +00:00

9.9 KiB

Raw Blame History

View Raw