GDPR Compliant erasure requests

2026-01-26 13:50:21 +00:00
parent 548681face
commit e693a7616c
6 changed files with 354 additions and 11 deletions
--- a/app/apps/accounts/templates/accounts/profile.html
+++ b/app/apps/accounts/templates/accounts/profile.html
@@ -45,5 +45,60 @@
      </div>
    </div>
  </div>
-{% endblock %}

+  <div class="mt-6 rounded-xl border border-gray-200 bg-white p-6 shadow-sm sm:p-8">
+    <h2 class="text-base font-semibold tracking-tight text-gray-900">Data erasure request</h2>
+    <p class="mt-2 text-sm text-gray-600">
+      Submit a GDPR erasure request to anonymize your account data. An administrator
+      must review and approve the request before processing.
+    </p>
+
+    {% if erasure_request %}
+      <div class="mt-4 rounded-lg border border-gray-200 bg-gray-50 p-4 text-sm text-gray-700">
+        <div class="flex flex-wrap items-center gap-2">
+          <span class="font-semibold">Status:</span>
+          <span class="inline-flex items-center rounded-full bg-gray-200 px-2.5 py-1 text-xs font-semibold text-gray-700">
+            {{ erasure_request.status|capfirst }}
+          </span>
+          <span class="text-gray-500">Requested {{ erasure_request.requested_at|date:"M j, Y H:i" }}</span>
+        </div>
+        {% if erasure_request.decided_at %}
+          <p class="mt-2 text-gray-600">
+            Decision {{ erasure_request.decided_at|date:"M j, Y H:i" }}.
+            {% if erasure_request.decision_reason %}
+              Reason: {{ erasure_request.decision_reason }}
+            {% endif %}
+          </p>
+        {% endif %}
+        {% if erasure_request.status == "processed" %}
+          <p class="mt-2 text-gray-600">
+            Your account has been anonymized. Access has been revoked and SSH keys disabled.
+          </p>
+        {% endif %}
+      </div>
+    {% endif %}
+
+    {% if not erasure_request or erasure_request.status != "pending" %}
+      <form method="post" class="mt-4 space-y-3">
+        {% csrf_token %}
+        <div>
+          <label for="{{ erasure_form.reason.id_for_label }}" class="block text-sm font-medium text-gray-700">
+            Reason for request
+          </label>
+          <div class="mt-1">
+            {{ erasure_form.reason }}
+          </div>
+          {% if erasure_form.reason.errors %}
+            <p class="mt-1 text-sm text-red-600">{{ erasure_form.reason.errors|striptags }}</p>
+          {% endif %}
+        </div>
+        {% if erasure_form.non_field_errors %}
+          <p class="text-sm text-red-600">{{ erasure_form.non_field_errors|striptags }}</p>
+        {% endif %}
+        <button type="submit" class="inline-flex items-center rounded-md bg-purple-600 px-4 py-2 text-sm font-semibold text-white shadow hover:bg-purple-700 focus:outline-none focus-visible:ring-2 focus-visible:ring-purple-600">
+          Submit erasure request
+        </button>
+      </form>
+    {% endif %}
+  </div>
+{% endblock %}