Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mareaalcalina.com/llms.txt

Use this file to discover all available pages before exploring further.

ARCO procedures

Marea Alcalina is a Mexican corporation and is subject to LFPDPPP (Articles 16–18), the Mexican federal personal-data-protection statute. Every account holder has four enumerated rights — collectively ARCO:
RightSpanishWhat the user can do
AccesoAccesoAccess a copy of their personal data
RectificaciónRectificaciónCorrect inaccurate or incomplete data
CancelaciónCancelaciónDelete their account and all associated data
OposiciónOposiciónObject to specific processing of their data
Brazilian residents have a parallel set of rights under LGPD (Lei Geral de Proteção de Dados). The technical surfaces below honor both.

How users exercise ARCO

Access + Rectification (online, self-serve)

The dashboard at mareaalcalina.com/dashboard exposes:
  • Account email, displayName, language, currency, country, plan, verification status, tosAcceptedAt.
  • Every storefront the account owns + its products.
  • Each user key issued for the account (label, prefix, scopes, last used).
API equivalents (any verified user key):
EndpointReturns
GET /v1/meIdentity + plan + rate-limit window + dashboard links
GET /v1/storefronts/:storefrontIdA storefront the user owns
GET /v1/users/:userIdThe full user DTO (developer-key path)
Rectification of catalog data goes through PATCH /v1/storefronts/:storefrontId (deep-merge, see Storefronts).

Cancellation (hard delete)

Three paths trigger an LFPDPPP-compliant hard delete:
PathTriggered byIdempotent
Dashboard “Delete account” buttonUser (interactive)Yes
DELETE /public/v1/bootstrap/:previewToken (or two-step GET confirm flow)Bootstrap-email recipientYes
Scheduled cleanup (30d_unverified or 90d_no_tos)SystemYes
The public bootstrap-cancel endpoint is unauthenticated by API key — the preview token is the auth (256-bit random, 24h TTL, single-use). The link is embedded in every bootstrap verification email so a user who didn’t ask for an account can self-cancel without ever logging in. Hard delete removes, in this order:
  1. API keys — every apiKeys doc where ownerUid == :uid (batched, 500-per-batch).
  2. Verification codesapiVerificationCodes/{email}.
  3. Preview tokens — every apiPreviewTokens doc for this user.
  4. Storefronts + productsusers/{uid}/menus/** recursive delete.
  5. User document + subcollectionsusers/{uid} recursive delete.
  6. Audit trail — one append to tosAcceptanceLog recording reason + summary BEFORE the Auth delete.
  7. Firebase Auth userauth().deleteUser(uid). Frees the email for re-signup.
  8. Webhook fan-outuser.cancelled event (see Webhooks) with one of the locked reason values.
reason enum in the user.cancelled webhook:
ValueTriggered by
user_clicked_cancelPublic bootstrap-cancel endpoint
squatting_defenseEmail squatting defense (PRD-4)
30d_unverifiedScheduled cleanup — never verified within 30 days
90d_no_tosScheduled cleanup — verified but ToS not accepted within 90 days
key_revokedAll other administrative or revocation-cascading deletes

Opposition

To object to a specific processing activity (marketing, analytics, etc.) without cancelling the account, users may write to the contact channel below. Marea applies the change within the LFPDPPP-prescribed response window (20 business days from a verifiable request).

Retention

  • An active account is retained while it has a paid plan, has not invoked Cancelación, and has accepted ToS (or is within the 90-day window for agent-bootstrapped accounts).
  • A hard-deleted account is removed from Firestore + Firebase Auth within the same job invocation. Orphan Cloud Logging entries decay per Google Cloud’s standard retention (default 30 days).
  • A revoked API key stops authenticating within ~60 seconds end-to-end and is retained server-side for audit purposes only (the keyHash is kept; the raw key was never stored).

Contact channel

LFPDPPP / LGPD requests not satisfied by the self-serve paths above should be sent to the contact email on the dashboard footer. Marea’s response SLA matches LFPDPPP statutory timelines (20 business days; 15 days for follow-ups).

What an agent should know

  • Never create an account on behalf of a user who has not authorized it. The cancel hatch protects misuse, but the user-rights regime treats unauthorized creation as a violation by the creating party.
  • If the agent receives user.cancelled (any reason) for a user it bootstrapped, the agent must stop all downstream automation for that user and delete any local cached state.
  • The agent cannot accept the ToS on the user’s behalf. See ToS jurisdiction for the 451 flow.

Verification in code

  • src/api/public/bootstrap.cancel.ts — public unauthenticated cancellation endpoint (preview-token auth).
  • src/api/services/account-delete.service.tshardDeleteUserAccount ordering + audit-log write.
  • src/api/scheduled/CleanupUnverifiedAccounts.ts — 30d / 90d sweep policy.
  • src/api/services/webhooks.service.tsuser.cancelled event + CancelReason enum.