GDPR Account Deletion + Data Export Kit (Supabase)
The in-app account deletion Apple and Google require, plus a GDPR data export. Two drop-in Supabase Edge Functions.
Get it on Gumroad — €19 Instant download
➜ tree what-you-get/
- ├── ✓ Two Supabase Edge Functions: delete-account and export-user-data
- ├── ✓ Deletes storage first, then the auth user, so nothing orphans and cascades handle the rows
- ├── ✓ Identity taken from the caller's JWT, so no one can delete or export another account
- └── ✓ Client helpers (deleteAccount, downloadMyData) and the foreign-key cascade setup
Apple’s review guideline 5.1.1(v) and Google Play both require an in-app way to delete an account, and the GDPR requires a data export. This is the real, working implementation from a production app, generalised: it wipes the user’s storage first (cascade never touches Storage), then deletes the auth user so the database cascades the rest, and it always acts on the id from the caller’s own token.
For any Supabase app heading to the app stores, or that just needs to be compliant, without spending a day getting the deletion order and the security right.