ViewJump Data Deletion Policy for Social Logins

Overview

This document outlines ViewJump's policy for handling the deletion of user data for accounts created via social logins (Facebook, Apple, and Google). This policy is designed to comply with the data deletion requirements of each platform and integrates with our existing backend processes using AWS Cognito.

Data Collected

When a user registers for ViewJump using any of the supported social login providers, we collect and store the following data from their respective accounts:

  • Provider-specific User ID

  • Email Address

  • First Name

  • Last Name

  • Profile Picture URL

The Data Deletion Process

A user can request the deletion of their data in one of two ways:

Option 1: Deletion from Within the ViewJump App

Users can initiate the deletion process directly from their ViewJump profile page. This action triggers our existing Backend: User Account Deletion API & Logic as outlined in a previous ticket.

  • API Trigger: The mobile app calls the DELETE /v1/users/profile endpoint.

  • Cognito Action: Our backend logic, integrated with AWS Cognito, will delete the user's profile and all associated data within our system. This includes the user's unique Cognito User ID and all related profile information.

  • Data Deletion: Upon a successful deletion from Cognito, our system will proceed to delete all user-related data as per our Data Retention Policy, including:

    • Profile information (first name, last name, email, etc.)

    • Videos they have streamed

    • Token history

    • Any other user-specific data.

Option 2: Social Login Provider Callback URL (Manual Request)

For users who no longer have the ViewJump app or prefer to manage their data directly from the social provider, we provide a Data Deletion Request Callback URL.

  1. Request Submission: A user can go to their settings within their social login provider's platform (e.g., Facebook App Settings, Apple ID settings, Google account settings), find the ViewJump application, and submit a data deletion request.

  2. Provider Callback: When a user submits this request, the social login provider will send an authenticated request to our designated Data Deletion Request Callback URL.

  3. Backend Processing: Our backend will receive this request. The system will use the provider-specific User ID to locate the corresponding user in our AWS Cognito User Pool.

  4. Data Deletion: Once the Cognito User ID is found, the system will trigger the same deletion process as in Option 1, ensuring all user data is removed from our database.

  5. Confirmation: The backend will return a 200 OK status to the social login provider to confirm that the deletion request has been successfully received and is being processed.

Data Deletion Request Callback URL

Our designated Data Deletion Request Callback URL is: https://[YOUR_DOMAIN]/v1/auth/[PROVIDER_NAME]/data-deletion-callback

This endpoint must be registered within the respective Developer Console for each social login provider (e.g., Facebook Developer Console, Apple Developer Portal).

Data Retention

All user data will be permanently deleted from our primary databases within [insert number] days of receiving a valid deletion request. Temporary backups may exist for a limited period for disaster recovery purposes but will be permanently destroyed within [insert number] days.

Security

The data deletion process is secure and complies with AWS Cognito standards. All communication between the social login providers and our backend will be authenticated to prevent unauthorized requests.

Policy Updates

This policy will be reviewed and updated as needed to ensure ongoing compliance with the requirements of our social login providers and other relevant data protection laws. Any changes will be communicated via app alerts or our main privacy policy.