GDPR and Data Subject Request compliance: export user data, delete user data with audit trail.
# Export all data for a user (GDPR Article 15 / 20)
nself gdpr export usr_abc123 --out ./export-usr_abc123.ndjson
# Initiate a data deletion with the default grace period
nself gdpr delete usr_abc123
# Check pending and completed DSR operations
nself gdpr statusnself gdpr export <USER_ID> [FLAGS]
nself gdpr delete <USER_ID> [FLAGS]
nself gdpr status [FLAGS]
nself gdpr schedule <USER_ID> <DATE> [FLAGS]nself gdpr handles Data Subject Requests (DSRs) — the formal GDPR/CCPA/PDPA mechanism by which users can request access to or deletion of their personal data. All operations produce a structured audit log entry innp_audit_log so you have a verifiable record for regulatory purposes.
Export collects all rows across np_* tables where the user_id matches, serializes them as NDJSON (one record per line), and writes the file locally. You are responsible for securely delivering the export to the user.
Delete schedules a multi-phase deletion: the user account is suspended immediately, personal data fields are nulled or pseudonymized after the configured grace period (default 30 days), and backup retention data is purged after the backup retention window. This matches the deletion flow described in /docs/compliance/data-deletion.
Schedule lets you defer a deletion to a specific future date — useful when you need to complete a contractual hold period before deleting data.
Generate a GDPR data export for the specified user. The export includes allnp_* table rows referencing the user, plus any plugin tables registered with the nSelf data registry.
nself gdpr export usr_abc123
# Exporting data for usr_abc123...
# Tables scanned: 14
# Records found: 312
# Written to: ./nself-export-usr_abc123-2026-05-07.ndjson
nself gdpr export usr_abc123 --out /secure/exports/usr_abc123.ndjsonInitiate a GDPR deletion for the specified user. The user account is suspended immediately. Personal data is deleted after the grace period. Use --grace-days 0to delete immediately (no grace period — irreversible).
nself gdpr delete usr_abc123
# Account suspended. Deletion scheduled for 2026-06-06 (30-day grace period).
# Audit log entry: dsr-del-usr_abc123-20260507
nself gdpr delete usr_abc123 --grace-days 0 --confirm
# Immediate deletion — no grace period. Requires --confirm.List all pending and completed DSR operations with their current phase and timeline.
nself gdpr status
# USER_ID TYPE PHASE SCHEDULED
# usr_abc123 delete grace-period 2026-06-06
# usr_def456 export completed 2026-05-01
# usr_ghi789 delete purge-pending 2026-05-10Schedule a deletion for a specific future date. DATE is inYYYY-MM-DD format. Useful for legal hold periods.
nself gdpr schedule usr_abc123 2026-12-31
# Deletion scheduled for 2026-12-31 (end of legal hold period)| Flag | Type | Default | Description |
|---|---|---|---|
--out | string | cwd/nself-export-<id>-<date>.ndjson | Output path for export |
--grace-days | int | 30 | Grace period in days before personal data is deleted |
--confirm | bool | false | Required for immediate deletion (--grace-days 0) |
--json | bool | false | Output status as JSON |
--env | string | active | Target environment |
--include-plugins | bool | true | Include data from plugin tables in export/delete |
# 1. Generate the export
nself gdpr export usr_abc123 --out ./dsr-exports/usr_abc123.ndjson
# 2. Verify the file
wc -l ./dsr-exports/usr_abc123.ndjson
head -1 ./dsr-exports/usr_abc123.ndjson | jq .
# 3. Securely deliver to the user (your responsibility)nself gdpr delete usr_abc123
# Suspension is immediate; data deleted after 30 days# DSR operations in grace-period phase can be cancelled via Hasura
nself exec db psql -U postgres -c "UPDATE np_dsr_requests SET status='cancelled' WHERE user_id='usr_abc123' AND status='grace-period';"nself gdpr status --json | jq '[.[] | select(.type=="delete" and .phase=="completed")]'nself gdpr schedule usr_legacy999 2026-12-31NSELF_ENV — default target environmentNSELF_GDPR_GRACE_DAYS — override the default grace period (default: 30)0 — success1 — generic error (user not found, database error)2 — invalid arguments3 — confirmation required but --confirm not passed