0

I’m implementing Firebase Auth in a mobile health tracking app to allow Google/Apple login alongside existing email/password, plus anonymous usage for basic features.

Context: The app helps users track cycles, health symptoms, and provides community features. Since it deals with sensitive health data, privacy and data retention are critical.

Current Setup:

  • Frontend: React Native (mobile)
  • Backend: NestJS + MongoDB (Mongoose)
  • Auth: Email/password with mandatory email verification
  • Adding: Firebase Auth for Google/Apple OAuth + anonymous auth
  • Goal: Anonymous users can use basic features, premium features require authentication

Architecture:

// MongoDB stores all user data
// Firebase Auth provides UID
const user = {
  firebaseUid: "anonymous_abc123",
  cycleData: [...],
  notes: [...],
  settings: {...}
};

Concern: If a user uses the app anonymously for weeks and then deletes it, their data remains in MongoDB indefinitely. Over time, this creates unnecessary data growth.

Question: How can I detect and clean up anonymous user data in MongoDB when:

  1. An anonymous user deletes the app from device
  2. Anonymous data is no longer associated with an active user
Improve this question

2 Answers 2

Reset to default
1

If your project is on the Identity Platform variant of Firebase Authentication, Firebase will automatically delete the accounts of users that haven't been used 30 days.

You can then write a Cloud Function that responds to the deletion of the user record and in there clean up the user's data in your Mongo database.

Even when you don't have auto-cleanup on your project, you can simulate its behavior yourself by:

  1. using the Firebase Admin SDK to list all users, then
  2. checking the user metadata to see when they last signed in, and
  3. if this is longer than you deem reasonable, delete their account, which
  4. will then also trigger the Cloud Function from before.

In both above scenarios, if the user simply decided to not use the app in a while and restarts it after the 30 day period, their data will be gone and they'll be treated as a new user.

If this is unwanted behavior, you should either keep your project off of Identity Platform, turn off the auto-deletion, or require your users to sign in with a non-anonymous account before their account gets auto-deleted.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

An anonymous user deletes the app from device

It's impossible to know with certainty that this happened, for the same reasons that you can't know if the user lost their device or performed a factory reset. The user is simply not obliged to report these events, and there is nothing on reputable devices that will "spy" on their behavior to report this information to you automatically.

Anonymous data is no longer associated with an active user

This is really no different in practice than the first situation.

The only realistic way to know if a user is "gone" from your app is to:

  1. Write code to make your own records of when a user has actively used your app, by whatever definition of "active" that you choose.

  2. Define a period of time of no usage that you would consider the user to be fully "inactive".

  3. On your backend, write code to periodically scan those records to find users that meet the criteria in #2, then delete whatever data is associated with that user.

This is not unique to Firebase Authentication. Any auth system likely has the same requirements, unless it is going to be opinionated about #2 and automatically implement #3 (which I don't think any generalized auth system will do). In short, there is no easy way to do what you're asking - you need to define the required behavior and implement it yourself.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.