To help you help your users control their data, the Firebase team created a library that simplifies two common user data processes:
clearData
: deletes a user's data from specific Firebase services (currently Realtime Database, Firestore, and Storage) when they delete their account through Firebase Authentication.exportData
: saves a copy of a user's data from Firebase services to a JSON string, and uploads it to Cloud Storage so they can easily download it for themselves.
Keep reading to find out how to add the functions to your app, or jump right in to the code at the Firebase user privacy GitHub repo.
Add clearData
or exportData
to your app
The clearData
and exportData
functions in the library are implemented as Cloud Functions that operate on data in Realtime Database, Cloud Storage, and Cloud Firestore. Adding the functions in your own app is a three step process:
- Edit the library's
user_privacy.json
file to reflect your app's Realtime Database, Cloud Firestore, and Cloud Storage schema. - Deploy
clearData
andexportData
as Cloud Functions. - Implement triggers for the functions in your app.
- Secure
clearData
data with storage rules.
Edit the library's user_privacy.json
file
To get started, clone or download the Firebase user privacy GitHub repo.
When you've done that, open functions/user_privacy.json
in a text editor. The json file has a series of customizable paths that the clearData
and exportData
functions use to find your app's data in Realtime Database, Cloud Firestore, and Cloud Storage. If your app only uses one or two of those services, start by deleting the JSON objects associated with the unused services.
With the objects gone, you can begin to replace the remaining services' placeholder values with the actual data structures your app uses.
Add Realtime Database paths to user data
To customize user_privacy.json
for your app's Realtime Database instance, replace the list of placeholder strings under "database"
with actual paths to user data:
... "database": { "clear": [ "/users/UID_VARIABLE", // Replace with your "/admins/UID_VARIABLE" // actual RTDB paths ], "export": [ "/users/UID_VARIABLE", // Replace with your "/admins/UID_VARIABLE" // actual RTDB paths ] }, ...
If you only want to add one of the functions to your app, you can delete the other function's object, instead of filling it in with your data.
Add Cloud Firestore objects containing user data
To customize user_privacy.json
for your app's Cloud Firestore instance, replace the list of placeholder objects under "firestore"
with actual Cloud Firestore objects containing user data:
... "firestore": { "clear": [ {"collection": "users", "doc": "UID_VARIABLE", "field": "name"}, {"collection": "users", "doc": "UID_VARIABLE"}, // Replace with your {"collection": "admins", "doc": "UID_VARIABLE"} // actual Firestore paths ], "export": [ {"collection": "users", "doc": "UID_VARIABLE", "field": "name"}, {"collection": "users", "doc": "UID_VARIABLE"}, // Replace with your {"collection": "admins", "doc": "UID_VARIABLE"} // actual Firestore paths ] }, ...
If you only want to add one of the functions to your app, you can delete the other function's object, instead of filling it in with your data.
Add the Cloud Storage bucket and file name with user data
To customize user_privacy.json
for your app's Cloud Storage instance, replace the placeholder storage bucket and file name under "storage"
with the actual values:
... "storage": { "clear": [ // Replace with your actual storage data ["clear-export.appspot.com", "UID_VARIABLE/sample_data.json"], ["clear-exportappspot.com", "UID_VARIABLE"] ], "export": [ // Replace with your actual storage data ["clear-export.appspot.com", "UID_VARIABLE/sample_data.json"] ] }, ...
If you only want to add one of the functions to your app, you can delete the other function's object, instead of filling it in with your data.
Deploy clearData
and exportData
as Cloud Functions
If you're not familiar with Cloud Functions yet, read up on how to use them in the Cloud Functions Get Started guide.
Once you're comfortable with Cloud Functions, add the clearData
and exportData
functions to your project:
- Copy your customized
user_data.json
to yourfunctions
directory. - Copy code from the user privacy library's
index.js
to your project'sindex.js
.- If you're not using
clearData
, omit theclearData
,clearDatabaseData
,clearFirestoreData
, andclearStorageData
functions. - If you're not using
exportData
, omit theexportData
,exportDatabaseData
,exportFirestoreData
, andexportStorageData
functions.
- If you're not using
- Deploy your functions.
Implement triggers for clearData
and exportData
Each function requires a different trigger:
clearData
: triggered when a user deletes their account through Authentication.exportData
: triggered by an HTTP request.
Implement a clearData
trigger
To trigger a clearData
event, you need to use a method from Authentication. If you
haven't done it yet, add Authentication to your app: Apple platforms, Android, or web.
Then, add a way to invoke the Authentication SDK's delete
method for your platform:
iOS+
FirebaseAuth.User.delete { error in
if let error = error {
print("Error deleting user: \(error)")
}
}
Android
FirebaseAuth.getCurrentUser().delete();
Web
firebase.auth().currentUser.delete().catch(function(error) {
if (error.code === 'auth/requires-recent-login') {
window.alert('Please sign-in and try again.');
firebase.auth().signOut();
}
});
Implement an exportData
trigger
To implement an exportData
trigger, add a button or link to your app that invokes
the function via an HTTP request. Read more about invoking functions
over HTTP in Call functions via HTTP requests.
Request details:
- Type:
POST
- URL:
https://us-central1-<var>PROJECT-ID<.var>.cloudfunctions.net/exportData
- Body:
<var>CURRENT_USER'S_UID</var>
Invoke the function directly in Firebase Hosting
If your app is a web app hosted on Firebase Hosting, you can invoke your
clearData
function through a rewrite
entry in the site's firebase.json
file:
"hosting": {
"rewrites": [
{"source": "/exportData", "function": "exportData"}
]
}
Secure exportData
data with storage rules
To keep your users' exported data private, add Cloud Storage rules that restrict access to the exporting user.
- Visit Storage in the Firebase console.
- Open the Rules tab.
- Paste the following rule, then click Publish:
service firebase.storage { match /b/{bucket}/o { match /exportData { // Only allow access to the user who requested the export match /{uid} { allow read, write: if request.auth.uid == uid } match /{uid}/{path=**} { allow read, write: if request.auth.uid == uid } } // Other application rules... } }