Skip to content

feat: add GDPR consent checkbox and data processing notice #232

@fpindej

Description

@fpindej

Summary

Add GDPR-compliant consent gate at registration and a visible data processing notice page.

Since the demo app lets anyone register and switch to admin role (exposing other users' data), we need to:

  1. Require explicit consent to data processing at registration time
  2. Provide a visible data processing notice page explaining what data is collected, why, and users' rights
  3. Add a "Your Data" info card on the settings page

Tasks

Backend

  • Add ConsentGiven required boolean property to RegisterRequest
  • Add FluentValidation rule requiring ConsentGiven == true
  • Update existing registration tests to include ConsentGiven
  • Add test for ConsentGiven = false rejection

Frontend — Privacy Page

  • Create /privacy route (accessible regardless of auth state)
  • Content sections: What We Collect, Purpose, Storage & Sharing, Your Rights, Contact
  • Links to Profile (view/edit data), Settings (delete account), and contact email
  • Language selector + theme toggle, back-to-login link

Frontend — Registration Form

  • Add consent checkbox between Turnstile widget and submit button
  • Link to /privacy page (opens in new tab)
  • Wire consentGiven to API request body
  • Disable submit when consent not given
  • Reset consent on form reset (don't persist in draft)
  • Display backend validation errors for consentGiven

Frontend — Settings Page

  • Add "Your Data" info card between Activity Log and Danger Zone
  • Shield icon, description of stored data, link to privacy notice

i18n

  • Add all privacy/consent keys to en.json and cs.json

Verification

  • Backend build + tests pass
  • Frontend format + lint + check pass
  • Regenerate API types (pnpm run api:generate)

Context

The registration audit event timestamp already serves as the consent record — no additional database changes needed. The consent is a gate-check at the API boundary only.

Metadata

Metadata

Assignees

No one assigned

    Labels

    backendBackend (.NET)enhancementNew feature or requestfrontendFrontend (SvelteKit)

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions