15 lines
928 B
Markdown
15 lines
928 B
Markdown
# Automated account deletion
|
|
|
|
Per GDPR legislation, accounts should be automatically deleted after a period of inactivity. We discern between two different types of accounts:
|
|
|
|
1. Without verified email: should be deleted after 30 days without being activated
|
|
2. With verified email: should be deleted after 2 years of inactivity
|
|
|
|
Some services hold on to a session for a very long time. We'll have to query their APIs to see if the account is still in use:
|
|
|
|
* Matrix via the admin api: https://matrix-org.github.io/synapse/v1.48/admin_api/user_admin_api.html#query-current-sessions-for-a-user
|
|
* Mastodon via the admin api: https://docs.joinmastodon.org/methods/admin/accounts/#200-ok
|
|
* Nextcloud only gives the last login, not the last active time like a sync via `nextcloud-occ user:lastseen`
|
|
* Keycloak
|
|
* We can ignore Forgejo, since the sessions there are valid for a maximum of one year, regardless of how they got created
|