Skip to content

Feat: new analytics privacy controller #7643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
NicolasMassart wants to merge 21 commits into
base: main
Choose a base branch
from
Open

Feat: new analytics privacy controller #7643

NicolasMassart wants to merge 21 commits into from

Conversation

@NicolasMassart
Copy link
Contributor

@NicolasMassart NicolasMassart commented Jan 15, 2026
edited by cursor bot
Loading

Explanation

This PR introduces a new @metamask/analytics-privacy-controller package that provides GDPR/CCPA data deletion functionality for analytics data. The package allows to extract the logic from the mobile app (and will be compatible with extension too)

Current state: MetaMask mobile app currently has a dedicated mechanism to handle user data deletion requests for analytics data in compliance with GDPR and CCPA regulations.

Solution: This package introduces:

  • AnalyticsPrivacyController: A controller that manages the lifecycle of data deletion requests, tracks whether new data has been recorded since the last deletion request, and stores deletion regulation metadata (ID and timestamp)
  • AnalyticsPrivacyService: A service that communicates with Segment's Regulations API via a proxy endpoint to create deletion tasks and check their status
  • State management: Tracks dataRecorded flag, deleteRegulationId, and deleteRegulationTimestamp to support compliance workflows
  • Selectors: Provides reusable selectors for accessing controller state

Implementation details:

  • The controller calls AnalyticsController:getState to retrieve the user's analytics ID
  • It delegates to AnalyticsPrivacyService to make HTTP requests to Segment's Regulations API
  • The service uses createServicePolicy from @metamask/controller-utils for retry logic and error handling
  • State is persisted and can be used to determine if new analytics events have been recorded since the last deletion request
  • The package includes comprehensive test coverage (100% branch, function, line, and statement coverage)

References

see also MetaMask/metamask-mobile#22016

Fixes #7618

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed
  • I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

Note

Adds a new package to centralize analytics privacy and data deletion workflows for use across clients.

  • Introduces @metamask/analytics-privacy-controller with AnalyticsPrivacyController (state: dataRecorded, deleteRegulationId, deleteRegulationTimestamp; methods/events for creating and tracking deletion tasks)
  • Adds AnalyticsPrivacyService to call a proxy for Segment Regulations API with retry/circuit-breaker via createServicePolicy; defines action types and constants
  • Provides selectors and public types/exports; comprehensive tests for controller and service; jest config enforces 100% coverage
  • Updates monorepo plumbing: README package list/graph, CODEOWNERS, teams.json, tsconfig references, yarn.lock

Written by Cursor Bugbot for commit 282ec85. This will update automatically on new commits. Configure here.

NicolasMassart and others added 6 commits January 15, 2026 14:21
@NicolasMassart
feat: initial analytics privacy controller
bc4da88
@NicolasMassart
Merge branch 'main' into feat/7618_analytics_privacy_controller
e5c9e36
@NicolasMassart
refactor: update analytics privacy controller to use timestamps inste…
69d0fb0 
…ad of dates

- Changed `deleteRegulationDate` to `deleteRegulationTimestamp` in the state and related methods to store timestamps in milliseconds since epoch.
- Updated relevant methods and tests to reflect the new timestamp format.
- Removed date formatting logic and adjusted selectors accordingly.
- Added new dependencies for testing and updated the test suite to ensure proper functionality with the new timestamp format.

This change enhances consistency in handling date-related data within the analytics privacy controller.
@NicolasMassart
Merge branch 'main' into feat/7618_analytics_privacy_controller
77e4c0e
@NicolasMassart
fix: format and lint
59e2701
@NicolasMassart
Merge branch 'main' into feat/7618_analytics_privacy_controller
96b0a0b
@NicolasMassart NicolasMassart self-assigned this Jan 15, 2026
@socket-security
Copy link

socket-security bot commented Jan 15, 2026
edited
Loading

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

@NicolasMassart NicolasMassart marked this pull request as draft January 15, 2026 18:17
cursor[bot]
cursor bot reviewed Jan 15, 2026
View reviewed changes
NicolasMassart and others added 3 commits January 16, 2026 11:06
@NicolasMassart
Merge branch 'main' into feat/7618_analytics_privacy_controller
9cb64ec
@NicolasMassart
fix: update DataDeleteResponseStatus and DataDeleteStatus enums to us…
9a658ba 
…e PascalCase

- Refactored enum values in `DataDeleteResponseStatus` and `DataDeleteStatus` to follow PascalCase naming convention.
- Updated all references in the codebase and tests to ensure consistency with the new enum values.
- This change enhances code readability and aligns with common TypeScript practices.
@NicolasMassart
refactor: improve test descriptions for clarity and consistency
c552c66
NicolasMassart and others added 9 commits January 16, 2026 13:56
@NicolasMassart
fix: rename DataDeleteResponseStatus enum values and fix duplicate te…
2cf8942 
…st title

- Rename Error to Failure (and Ok to Success) for clearer naming
- Fix duplicate test title in AnalyticsPrivacyController.test.ts
- Update all references across the codebase
@NicolasMassart
Merge branch 'main' into feat/7618_analytics_privacy_controller
e38d28f
@NicolasMassart
format: revert line end of file removed by IDE
e594c7c
@NicolasMassart
feat: add analytics-privacy-controller to team ownership and update C…
89948a2 
…ODEOWNERS
@NicolasMassart
Merge branch 'main' into feat/7618_analytics_privacy_controller
3a4b19c
@NicolasMassart
fix: update @metamask/controller-utils
9398fc1
@NicolasMassart
feat: extend AnalyticsPrivacyService exports with new action and even…
c32cd48 
…t types
@NicolasMassart
fix(analytics-privacy-controller): export enums as runtime values ins…
4bdc42b 
…tead of type-only
@NicolasMassart
fix: update lock file
fa81dff
@NicolasMassart NicolasMassart marked this pull request as ready for review January 16, 2026 14:32
@NicolasMassart NicolasMassart requested a review from a team as a code owner January 16, 2026 14:32
Copilot AI reviewed Jan 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a new @metamask/analytics-privacy-controller package that provides GDPR/CCPA data deletion functionality for analytics data, extracting logic from the mobile app for reuse across MetaMask clients.

Changes:

  • New controller package with AnalyticsPrivacyController for managing data deletion state (tracks dataRecorded, deleteRegulationId, and deleteRegulationTimestamp)
  • AnalyticsPrivacyService for communicating with Segment's Regulations API via proxy endpoint with retry/circuit-breaker logic
  • Comprehensive test coverage (100% branch, function, line, and statement coverage) and selector utilities for state access

Reviewed changes

Copilot reviewed 24 out of 26 changed files in this pull request and generated no comments.

Show a summary per file
File Description
packages/analytics-privacy-controller/src/AnalyticsPrivacyController.ts Main controller implementation managing deletion request lifecycle and state
packages/analytics-privacy-controller/src/AnalyticsPrivacyService.ts Service for HTTP communication with Segment Regulations API via proxy
packages/analytics-privacy-controller/src/types.ts Type definitions for deletion statuses and API responses
packages/analytics-privacy-controller/src/selectors.ts Reusable state selectors
packages/analytics-privacy-controller/src/constants.ts Segment API constants
packages/analytics-privacy-controller/package.json Package configuration with dependencies
packages/analytics-privacy-controller/*.test.ts Comprehensive test suites for controller and service
yarn.lock Lockfile updates for new package dependencies
tsconfig.json, tsconfig.build.json TypeScript project references
teams.json, .github/CODEOWNERS Team ownership configuration
README.md Documentation updates including package in list and dependency graph

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-project-automation github-project-automation bot moved this to Needs dev review in PR review queue Jan 19, 2026
@NicolasMassart
Copy link
Contributor Author

NicolasMassart commented Jan 19, 2026

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

github-actions bot commented Jan 19, 2026

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions. 
{
  "@metamask-previews/account-tree-controller": "4.0.0-preview-fa81dffb",
  "@metamask-previews/accounts-controller": "35.0.2-preview-fa81dffb",
  "@metamask-previews/address-book-controller": "7.0.1-preview-fa81dffb",
  "@metamask-previews/analytics-controller": "1.0.0-preview-fa81dffb",
  "@metamask-previews/analytics-privacy-controller": "0.0.0-preview-fa81dffb",
  "@metamask-previews/announcement-controller": "8.0.0-preview-fa81dffb",
  "@metamask-previews/app-metadata-controller": "2.0.0-preview-fa81dffb",
  "@metamask-previews/approval-controller": "8.0.0-preview-fa81dffb",
  "@metamask-previews/assets-controller": "0.0.0-preview-fa81dffb",
  "@metamask-previews/assets-controllers": "95.3.0-preview-fa81dffb",
  "@metamask-previews/base-controller": "9.0.0-preview-fa81dffb",
  "@metamask-previews/bridge-controller": "64.5.1-preview-fa81dffb",
  "@metamask-previews/bridge-status-controller": "64.4.3-preview-fa81dffb",
  "@metamask-previews/build-utils": "3.0.4-preview-fa81dffb",
  "@metamask-previews/chain-agnostic-permission": "1.4.0-preview-fa81dffb",
  "@metamask-previews/claims-controller": "0.4.1-preview-fa81dffb",
  "@metamask-previews/composable-controller": "12.0.0-preview-fa81dffb",
  "@metamask-previews/connectivity-controller": "0.1.0-preview-fa81dffb",
  "@metamask-previews/controller-utils": "11.18.0-preview-fa81dffb",
  "@metamask-previews/core-backend": "5.0.0-preview-fa81dffb",
  "@metamask-previews/delegation-controller": "2.0.0-preview-fa81dffb",
  "@metamask-previews/earn-controller": "11.1.0-preview-fa81dffb",
  "@metamask-previews/eip-5792-middleware": "2.1.0-preview-fa81dffb",
  "@metamask-previews/eip-7702-internal-rpc-middleware": "0.1.0-preview-fa81dffb",
  "@metamask-previews/eip1193-permission-middleware": "1.0.3-preview-fa81dffb",
  "@metamask-previews/ens-controller": "19.0.2-preview-fa81dffb",
  "@metamask-previews/error-reporting-service": "3.0.1-preview-fa81dffb",
  "@metamask-previews/eth-block-tracker": "15.0.1-preview-fa81dffb",
  "@metamask-previews/eth-json-rpc-middleware": "23.0.0-preview-fa81dffb",
  "@metamask-previews/eth-json-rpc-provider": "6.0.0-preview-fa81dffb",
  "@metamask-previews/foundryup": "1.0.1-preview-fa81dffb",
  "@metamask-previews/gas-fee-controller": "26.0.2-preview-fa81dffb",
  "@metamask-previews/gator-permissions-controller": "1.0.0-preview-fa81dffb",
  "@metamask-previews/json-rpc-engine": "10.2.1-preview-fa81dffb",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.8-preview-fa81dffb",
  "@metamask-previews/keyring-controller": "25.0.0-preview-fa81dffb",
  "@metamask-previews/logging-controller": "7.0.1-preview-fa81dffb",
  "@metamask-previews/message-manager": "14.1.0-preview-fa81dffb",
  "@metamask-previews/messenger": "0.3.0-preview-fa81dffb",
  "@metamask-previews/multichain-account-service": "5.0.0-preview-fa81dffb",
  "@metamask-previews/multichain-api-middleware": "1.2.6-preview-fa81dffb",
  "@metamask-previews/multichain-network-controller": "3.0.2-preview-fa81dffb",
  "@metamask-previews/multichain-transactions-controller": "7.0.0-preview-fa81dffb",
  "@metamask-previews/name-controller": "9.0.0-preview-fa81dffb",
  "@metamask-previews/network-controller": "29.0.0-preview-fa81dffb",
  "@metamask-previews/network-enablement-controller": "4.1.0-preview-fa81dffb",
  "@metamask-previews/notification-services-controller": "21.0.0-preview-fa81dffb",
  "@metamask-previews/permission-controller": "12.2.0-preview-fa81dffb",
  "@metamask-previews/permission-log-controller": "5.0.0-preview-fa81dffb",
  "@metamask-previews/phishing-controller": "16.1.0-preview-fa81dffb",
  "@metamask-previews/polling-controller": "16.0.2-preview-fa81dffb",
  "@metamask-previews/preferences-controller": "22.0.0-preview-fa81dffb",
  "@metamask-previews/profile-metrics-controller": "2.0.0-preview-fa81dffb",
  "@metamask-previews/profile-sync-controller": "27.0.0-preview-fa81dffb",
  "@metamask-previews/ramps-controller": "3.0.0-preview-fa81dffb",
  "@metamask-previews/rate-limit-controller": "7.0.0-preview-fa81dffb",
  "@metamask-previews/remote-feature-flag-controller": "4.0.0-preview-fa81dffb",
  "@metamask-previews/sample-controllers": "4.0.2-preview-fa81dffb",
  "@metamask-previews/seedless-onboarding-controller": "7.1.0-preview-fa81dffb",
  "@metamask-previews/selected-network-controller": "26.0.2-preview-fa81dffb",
  "@metamask-previews/shield-controller": "5.0.0-preview-fa81dffb",
  "@metamask-previews/signature-controller": "39.0.1-preview-fa81dffb",
  "@metamask-previews/storage-service": "0.0.1-preview-fa81dffb",
  "@metamask-previews/subscription-controller": "5.4.0-preview-fa81dffb",
  "@metamask-previews/token-search-discovery-controller": "4.0.0-preview-fa81dffb",
  "@metamask-previews/transaction-controller": "62.9.2-preview-fa81dffb",
  "@metamask-previews/transaction-pay-controller": "11.0.2-preview-fa81dffb",
  "@metamask-previews/user-operation-controller": "41.0.2-preview-fa81dffb"
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@NicolasMassart NicolasMassart

Labels

enhancement New feature or request needs-dev-review no-changelog team-core-platform team-extension-platform team-mobile-platform

Projects

PR review queue
Status: Needs dev review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: create analytics data deletion controller

2 participants

@NicolasMassart