Provide an easy way to close your account and delete all your data

[floehopper]

I've spun this out of #119 with the idea of doing something very basic. I'm imagining doing something like the following:

• On the "My account" page, add a new link to a new "Close account" page
• On the "Close account" page:
  • Explain what data will be deleted:
    • All PII, purchase data, payout data
    • All artists, their albums, their tracks - list them
  • Explain that it will happen immediately
  • Explain that it will be permanent, i.e. impossible to undo the action
  • Explain that they will be logged out
  • Possibly give them the option to explain why they are leaving (or maybe do this after the deletion?)
  • Possibly give them the option to download all their purchases as a zip file?
  • Possibly require some kind of confirmation, e.g. reauthenticate with password, enter a fixed string like "permanently-delete-me"
  • Offer the option to cancel / go back to the "My account" page
• On clicking the button:
  • Maybe some kind of "Are you really sure" step?
  • Delete their artists and associated records if appropriate
    • Do we need to expunge the ActiveStorage objects from the CDN or any other caches?
  • Delete their user and thus all the dependent records
  • Log them out
  • Confirm that deletion succeeded

@chrislo:

• Does this all make sense to you as a first step?
• Have I missed anything?
• I noticed that User#artists is not marked as dependent: :destroy and Artist#user is marked as optional: true. Was this intentional? Should we offer the option to leave the artists, etc in place? It doesn't seem to make much sense to me.
• Where would you put this functionality? Initially I imagined adding UsersController#delete & UsersController#destroy, but then I noticed the controllers in the Identity namespace. Would it make sense to have something like an Identity#DeletionsController...?
• Future improvements might include:
  • A way to temporarily suspend/deactivate your account, so you could come back to it
  • A way to export your artists, albums, tracks, etc
  • A way to transfer an artist to another user

[chrislo]

This all sounds good to me as a first step! I think the issue I have is related to the dependent: :destory of Artists. I'm not sure what the right thing to do is with regards to Purchases that a User has already made of music that an Artist wants to delete. I can see two conflicting ethical considerations:

• As an Artist it's my music, so I want to delete it.
• As a listener, I've paid for the music so I want to keep it.

I think there's arguments on boths sides, and I've certainly come across people getting upset with Bandcamp because some of their purchased music has disappeared.

I appreciate it's some extra work but I wonder if an option here is to add something to the "are you really sure" step that gives the option to the artist to allow their listeners to keep the music? Perhaps, if we wanted to make sure all the data was eventually destroyed, we could send an email to anyone who has purchased giving them a grace period to download the files?

Otherwise, I think baking in the ability to delete your data from the beginning is the right thing to do and it'll make it easier for us to make sure we always allow data to be deleted.

[floehopper]

We should also look at using Postmark's Data Removal API to remove the relevant data from Postmark.

[chrislo]

An artist contacted me directly today to ask for their account/music to be deleted. They had no purchases so we didn't have the issue discussed above, but it's a useful indication that this feature would be useful.