Thanks!
We are trying to take those stuff away from developers and have it built in the infrastructure - such as built-in RBAC, access logs in the backoffice, and integrations to s3 and GCS that are controllable at per-user level.
I think the sort of thing that would really help would be the ability to write data retention policies into the flow and have them enforced by the system.
For example, when adding a step that says the user needs to upload Photo ID, requiring the developer to set a retention policy on that, like 30 days, or minimum of 90 days and the time it's used, or retaining until the account is closed. Then automatically deleting after that point.
Being able to also generate a report of all of these policies, simplified down together, would be really handy. If you're updating a privacy policy you probably want to tell your lawyers how you handle data, and having the tool provide a summary of all the policies would be useful.
This only addresses the deletion and retention part. There's more around export and update, as users have the right to correct any data you hold about them if they believe it is incorrect or out of date. That could actually re-trigger the flows too!
