How a safety-focused community app implemented rate-limited export requests, background archive generation, and expiry cleanup for privacy operations.
Context
A safety-focused community app needed a reliable way for users to request account data exports without creating a manual operations burden. The requirement was straightforward from a user perspective, request data, wait, and receive a download link, but the backend needed to gather data across profile, contacts, chats, albums, and media while keeping the API responsive.
The project already had account APIs, query modules, and background task infrastructure. The implementation goal was to convert a traditionally manual support process into a self-service pipeline with clear lifecycle states and cleanup rules.
Challenge
Privacy export jobs are expensive compared to standard API calls. They require cross-domain data aggregation, archive generation, storage, and delivery. Running that work inline would create timeouts and unstable user experience.
There were also operational guardrails to enforce. Repeated requests in a short window can waste resources, and completed archives should not stay accessible forever. Without lifecycle controls, support and engineering teams end up managing export artifacts manually.
Approach
The app store added a dedicated action to request data download and handled rate-limit responses explicitly so users got immediate feedback instead of generic failure states. The API endpoint created a request row, enforced a 24-hour limit on non-failed requests, and triggered background orchestration through a state machine execution.
The export processor then handled the heavy work asynchronously. It marked each request as processing, collected account data bundles, and streamed a ZIP archive directly to object storage using multipart upload. The archive included structured JSON files for account and social data, chat payloads, album data, and additional entities like blocked and report-related records. It also attempted to include ready media assets where available.
Security and lifecycle behaviour were built into the flow. Export objects were stored with server-side encryption, a time-limited download URL was generated for delivery, and completion metadata stored the expiry timestamp. If the account had a valid email, the system sent a ready notification automatically.
A scheduled purge task handled data hygiene by removing expired exports from storage and deleting corresponding database rows. That kept retention bounded and removed the need for routine manual cleanup. The repository includes tests around request rate-limiting, export processing, and purge behaviour, which makes this privacy-critical pipeline safer to maintain.
Outcome
The outcome was lower manual overhead and a more predictable privacy workflow. Users can request exports through product UI, the backend runs heavy processing in the background, and delivery happens through expiring links rather than one-off support handling.
From an engineering operations perspective, the export system now has explicit status transitions, guardrails for over-requesting, and scheduled cleanup for expired artifacts. That made compliance handling more repeatable while reducing ad hoc intervention from the team.
Key takeaway
Privacy features become much more sustainable when request intake, background processing, and retention cleanup are designed as one continuous lifecycle.