Bridge Server Policies
Direct approval from the Director of Technology Services must be obtained to delete data associated with any externally-supported Sage project. The Director will coordinate with the Sage President and other Leadership Team members to ensure Sage's responsibilities for deleting study data are understood by the company.
Bridge server engineers may independently delete studies or data associated with studies that are generated by the engineering team for testing purposes only.
Engineering Process
The following instructions detail how to destroy a study and all the data and users that were created as part of this study.
Please note that all of this is permanent and cannot be undone, not even with backups. To do this you must have administrative access to Stormpath as well as administrative access to the Bridge server.
First, we recommend that you alert users of the application that the application will no longer supported (unless it will work without getting back activities and surveys from the server). In the researcher UI, set the minimum supported app version for the study on each platform. Set this to a higher-than-released version number for each platform. If you do this in far advance of deleting the study as possible, users should get some idea that the app will go away, but note that right now, we have no way to message message why the the user is being locked out. This may need to be combined with other forms of messaging. This step will ensure there is a long lag time (ideally at least a week) between when the server becomes inactive and when the study and associated user data is permanently deleted.
Please note that this next step is permanent and cannot be undone, not even with backups. To do this you must have administrative access to Stormpath as well as administrative access to the Bridge server.
Then, delete all the users in the study. Currently this requires writing a script that connects to Stormpath and iterates through the users in the study's directory (the HREF for this directory is stored as the stormpathHref in the study, but this is not exposed through the API). Iterate through the users, and collect all their email addresses. Then call the BridgePF admin API to delete each user (using the email address). This deletion through the API physically deletes the user's consents, health data records, scheduled activities, survey responses and other participant option information like sharing options, as well as deleting the user record at Stormpath. Basically we will have nothing on the user by the time this is done.
Once this is done, you can delete the study through the administrative Bridge API, and this will delete the study.
Finally, the Synapse projects project(s) that contain the exported scientific data will may need to be deleted, depending on retention policies for the coded study data for a particular project (please refer to the Synapse documentation on how to do this).
...