User Workflows

Planned: DeleteUserDataWorkflow — permanently removes all data for a user after the 7-day grace period.

SendVerificationEmailActivity

Planned — not yet live.

Type: Single activity dispatched directly from the API — no multi-step workflow needed.

Trigger: Enqueued by:

• POST /user/:id/alt when a valid email field is provided
• POST /user/:id/verify-email (resend)

Steps:

1. Query verificationTokens for an existing unused, non-expired token for userId + type: "email" — reuse the existing token if found (resend path, same link is re-sent)
2. Otherwise: generate a 64-char nanoid token; write to verificationTokens/{token} with type: "email", value: <email>, expiresAt: now + 72h, usedAt: null
3. Send email via Resend with the verification link https://95octane.com/verify-email?token=<token>

Retry policy: maximumAttempts: 3, initialInterval: 30s, backoffCoefficient: 2

Timeout: activityStartToCloseTimeout: 30s

DeleteUserDataWorkflow

Planned — not yet live. The current DELETE /user/:id endpoint sets status: "deleted" and revokes Firebase Auth sessions. This workflow handles permanent removal after the grace period.

Trigger: 7 days after a user document's status is set to "deleted" (keyed on deletedAt)

Activities:

1. deleteUserRides — delete all rides where the user is the creator
2. removeUserFromRidesAndGroups — remove the user's membership records from all rides and groups where they are an admin or member
3. deleteUserVerificationTokens — delete all verificationTokens docs where userId matches (both used and unused, as each doc contains PII in the value field)
4. deleteUserBuddyData — delete all buddyRequests docs on both sides (sender and recipient) and all buddies docs for this user
5. deleteUserDocument — delete the user's Firestore document and all subcollections

Retry policy: maximumAttempts: 3, initialInterval: 30s, backoffCoefficient: 2

Timeout: workflowRunTimeout: 10m, activityStartToCloseTimeout: 60s