To help you help your users control their data, the Firebase team created a library that simplifies two common user data processes:
clearData: deletes a user's data from specific Firebase services (currently Realtime Database, Firestore, and Storage) when they delete their account through Firebase Authentication.exportData: saves a copy of a user's data from Firebase services to a JSON string, and uploads it to Cloud Storage so they can easily download it for themselves.
Keep reading to find out how to add the functions to your app, or jump right in to the code at the Firebase user privacy GitHub repo.
Add clearData or exportData to your app
The clearData and exportData functions in the library are implemented as Cloud Functions that operate on data in Realtime Database, Cloud Storage, and Cloud Firestore. Adding the functions in your own app is a three step process:
- Edit the library's
user_privacy.jsonfile to reflect your app's Realtime Database, Cloud Firestore, and Cloud Storage schema. - Deploy
clearDataandexportDataas Cloud Functions. - Implement triggers for the functions in your app.
- Secure
clearDatadata with storage rules.
Edit the library's user_privacy.json file
To get started, clone or download the Firebase user privacy GitHub repo.
When you've done that, open functions/user_privacy.json in a text editor. The json file has a series of customizable paths that the clearData and exportData functions use to find your app's data in Realtime Database, Cloud Firestore, and Cloud Storage. If your app only uses one or two of those services, start by deleting the JSON objects associated with the unused services.
With the objects gone, you can begin to replace the remaining services' placeholder values with the actual data structures your app uses.
Add Realtime Database paths to user data
To customize user_privacy.json for your app's Realtime Database instance, replace the list of placeholder strings under "database" with actual paths to user data:
... "database": { "clear": [ "/users/UID_VARIABLE", // Replace with your "/admins/UID_VARIABLE" // actual RTDB paths ], "export": [ "/users/UID_VARIABLE", // Replace with your "/admins/UID_VARIABLE" // actual RTDB paths ] }, ...
If you only want to add one of the functions to your app, you can delete the other function's object, instead of filling it in with your data.
Add Cloud Firestore objects containing user data
To customize user_privacy.json for your app's Cloud Firestore instance, replace the list of placeholder objects under "firestore" with actual Cloud Firestore objects containing user data:
... "firestore": { "clear": [ {"collection": "users", "doc": "UID_VARIABLE", "field": "name"}, {"collection": "users", "doc": "UID_VARIABLE"}, // Replace with your {"collection": "admins", "doc": "UID_VARIABLE"} // actual Firestore paths ], "export": [ {"collection": "users", "doc": "UID_VARIABLE", "field": "name"}, {"collection": "users", "doc": "UID_VARIABLE"}, // Replace with your {"collection": "admins", "doc": "UID_VARIABLE"} // actual Firestore paths ] }, ...
If you only want to add one of the functions to your app, you can delete the other function's object, instead of filling it in with your data.
Add the Cloud Storage bucket and file name with user data
To customize user_privacy.json for your app's Cloud Storage instance, replace the placeholder storage bucket and file name under "storage" with the actual values:
... "storage": { "clear": [ // Replace with your actual storage data ["clear-export.appspot.com", "UID_VARIABLE/sample_data.json"], ["clear-exportappspot.com", "UID_VARIABLE"] ], "export": [ // Replace with your actual storage data ["clear-export.appspot.com", "UID_VARIABLE/sample_data.json"] ] }, ...
If you only want to add one of the functions to your app, you can delete the other function's object, instead of filling it in with your data.
Deploy clearData and exportData as Cloud Functions
If you're not familiar with Cloud Functions yet, read up on how to use them in the Cloud Functions Get Started guide.
Once you're comfortable with Cloud Functions, add the clearData and exportData functions to your project:
- Copy your customized
user_data.jsonto yourfunctionsdirectory. - Copy code from the user privacy library's
index.jsto your project'sindex.js.- If you're not using
clearData, omit theclearData,clearDatabaseData,clearFirestoreData, andclearStorageDatafunctions. - If you're not using
exportData, omit theexportData,exportDatabaseData,exportFirestoreData, andexportStorageDatafunctions.
- If you're not using
- Deploy your functions.
Implement triggers for clearData and exportData
Each function requires a different trigger:
clearData: triggered when a user deletes their account through Authentication.exportData: triggered by an HTTP request.
Implement a clearData trigger
To trigger a clearData event, you need to use a method from Authentication. If you
haven't done it yet, add Authentication to your app: Apple platforms, Android, or web.
Then, add a way to invoke the Authentication SDK's delete method for your platform:
iOS+
FirebaseAuth.User.delete { error in
if let error = error {
print("Error deleting user: \(error)")
}
}
Android
FirebaseAuth.getCurrentUser().delete();
Web
firebase.auth().currentUser.delete().catch(function(error) {
if (error.code === 'auth/requires-recent-login') {
window.alert('Please sign-in and try again.');
firebase.auth().signOut();
}
});
Implement an exportData trigger
To implement an exportData trigger, add a button or link to your app that invokes
the function via an HTTP request. Read more about invoking functions
over HTTP in Call functions via HTTP requests.
Request details:
- Type:
POST - URL:
https://us-central1-<var>PROJECT-ID<.var>.cloudfunctions.net/exportData - Body:
<var>CURRENT_USER'S_UID</var>
Invoke the function directly in Firebase Hosting
If your app is a web app hosted on Firebase Hosting, you can invoke your
clearData function through a rewrite entry in the site's firebase.json file:
"hosting": {
"rewrites": [
{"source": "/exportData", "function": "exportData"}
]
}
Secure exportData data with storage rules
To keep your users' exported data private, add Cloud Storage rules that restrict access to the exporting user.
- Visit Storage in the Firebase console.
- Open the Rules tab.
- Paste the following rule, then click Publish:
service firebase.storage {
match /b/{bucket}/o {
match /exportData {
// Only allow access to the user who requested the export
match /{uid} {
allow read, write: if request.auth.uid == uid
}
match /{uid}/{path=**} {
allow read, write: if request.auth.uid == uid
}
}
// Other application rules...
}
}