feat: add GDPR account management methods (Article 17 & 20)

safenestdev · safenestdev · commit fbeaf48ff038 · 2026-02-11T19:15:50.000+01:00
Add delete_account_data() and export_account_data() for Right to Erasure
and Right to Data Portability. Bump version to 1.1.0.
diff --git a/README.md b/README.md
@@ -327,6 +327,30 @@ async def check_message(message: str):
 
 ---
 
+## Best Practices
+
+### Message Batching
+
+The **bullying** and **unsafe content** methods analyze a single `text` field per request. If your platform receives messages one at a time (e.g., a chat app), concatenate a **sliding window of recent messages** into one string before calling the API. Single words or short fragments lack context for accurate detection and can be exploited to bypass safety filters.
+
+```python
+# Bad — each message analyzed in isolation, easily evaded
+for msg in messages:
+    client.detect_bullying(text=msg)
+
+# Good — recent messages analyzed together
+window = " ".join(recent_messages[-10:])
+client.detect_bullying(text=window)
+```
+
+The **grooming** method already accepts a `messages` list and analyzes the full conversation in context.
+
+### PII Redaction
+
+Enable `PII_REDACTION_ENABLED=true` on your SafeNest API to automatically strip emails, phone numbers, URLs, social handles, IPs, and other PII from detection summaries and webhook payloads. The original text is still analyzed in full — only stored outputs are scrubbed.
+
+---
+
 ## Support
 
 - **API Docs**: [api.safenest.dev/docs](https://api.safenest.dev/docs)
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "safenest"
-version = "1.0.1"
+version = "1.1.0"
 description = "Official Python SDK for SafeNest - AI-powered child safety API"
 readme = "README.md"
 license = "MIT"
diff --git a/safenest/__init__.py b/safenest/__init__.py
@@ -40,6 +40,9 @@
     ActionPlanResult,
     ReportResult,
     Usage,
+    # Account types (GDPR)
+    AccountDeletionResult,
+    AccountExportResult,
 )
 from safenest.errors import (
     SafeNestError,
@@ -52,7 +55,7 @@
     NetworkError,
 )
 
-__version__ = "1.0.0"
+__version__ = "1.1.0"
 __all__ = [
     # Client
     "SafeNest",
@@ -84,6 +87,9 @@
     "ActionPlanResult",
     "ReportResult",
     "Usage",
+    # Account types (GDPR)
+    "AccountDeletionResult",
+    "AccountExportResult",
     # Errors
     "SafeNestError",
     "AuthenticationError",
diff --git a/safenest/client.py b/safenest/client.py
@@ -16,6 +16,8 @@
     ValidationError,
 )
 from safenest.models import (
+    AccountDeletionResult,
+    AccountExportResult,
     ActionPlanResult,
     AnalysisContext,
     AnalyzeEmotionsInput,
@@ -469,6 +471,28 @@ async def generate_report(
         data = await self._request("POST", "/api/v1/reports/incident", body)
         return ReportResult.from_dict(data)
 
+    # =========================================================================
+    # Account Management (GDPR)
+    # =========================================================================
+
+    async def delete_account_data(self) -> AccountDeletionResult:
+        """Delete all account data (GDPR Article 17 — Right to Erasure).
+
+        Returns:
+            AccountDeletionResult with deletion confirmation.
+        """
+        data = await self._request("DELETE", "/api/v1/account/data")
+        return AccountDeletionResult.from_dict(data)
+
+    async def export_account_data(self) -> AccountExportResult:
+        """Export all account data as JSON (GDPR Article 20 — Right to Data Portability).
+
+        Returns:
+            AccountExportResult with full data export.
+        """
+        data = await self._request("GET", "/api/v1/account/export")
+        return AccountExportResult.from_dict(data)
+
     # =========================================================================
     # Private Methods
     # =========================================================================
diff --git a/safenest/models.py b/safenest/models.py
@@ -411,3 +411,42 @@ def from_dict(cls, data: dict[str, Any]) -> "ReportResult":
             external_id=data.get("external_id"),
             metadata=data.get("metadata"),
         )
+
+
+# =============================================================================
+# Account Management (GDPR)
+# =============================================================================
+
+
+@dataclass
+class AccountDeletionResult:
+    """Result from account data deletion (GDPR Article 17)."""
+
+    message: str
+    deleted_count: int
+
+    @classmethod
+    def from_dict(cls, data: dict[str, Any]) -> "AccountDeletionResult":
+        """Create from API response dictionary."""
+        return cls(
+            message=data["message"],
+            deleted_count=data["deleted_count"],
+        )
+
+
+@dataclass
+class AccountExportResult:
+    """Result from account data export (GDPR Article 20)."""
+
+    user_id: str
+    exported_at: str
+    data: dict[str, Any]
+
+    @classmethod
+    def from_dict(cls, data: dict[str, Any]) -> "AccountExportResult":
+        """Create from API response dictionary."""
+        return cls(
+            user_id=data["userId"],
+            exported_at=data["exportedAt"],
+            data=data["data"],
+        )
