Just discussing account deletion with rio, we need to avoid situations where users are banned for some reason, then simply delete their account and sign up again with new SteamID (I alluded to this here but didn't give much thought).
Simplest approach that's probably within bounds of GDPR is to store only their SteamID in a separate table DeletedSteamID table, and block account creation from IDs in that table. It's the absolutely minimum data we need to store to be able to do this, so I think it's probably acceptable with GDPR - could look into that more though, unsure how larger orgs handle similar issues.
Also, make the delete user warning popup even more aggressive, literally screaming at the user that they're effectively never allowed to play Momentum again - their main Steam account is permanently deleted, and we don't allow alts!
Just discussing account deletion with rio, we need to avoid situations where users are banned for some reason, then simply delete their account and sign up again with new SteamID (I alluded to this here but didn't give much thought).
Simplest approach that's probably within bounds of GDPR is to store only their SteamID in a separate table
DeletedSteamID
table, and block account creation from IDs in that table. It's the absolutely minimum data we need to store to be able to do this, so I think it's probably acceptable with GDPR - could look into that more though, unsure how larger orgs handle similar issues.Also, make the delete user warning popup even more aggressive, literally screaming at the user that they're effectively never allowed to play Momentum again - their main Steam account is permanently deleted, and we don't allow alts!