Firebase Authentication
Start from the agreed user record and stable project identifiers. Provider profiles and application records may require separate mapping.
Firebase DSAR · Pilot mapping
A Firebase access request can cross Authentication, Firestore, Realtime Database, Cloud Storage and your own backend. Trace’s proposed pilot maps those links into one review-ready case—without pretending every project has the same schema.
The Firebase request surface
Firebase Authentication exposes a user account, but application data is usually modelled separately. The pilot begins with a verified identifier map, not a broad project export.
Start from the agreed user record and stable project identifiers. Provider profiles and application records may require separate mapping.
Locate in-scope documents, subcollections or JSON paths using the customer’s actual schema and security model.
Use an agreed object manifest or scoped retrieval path. A database reference does not by itself prove file coverage.
Document where events or exports flow outside Firebase, including billing, support and separate application backends.
Flag records that cannot be reliably linked rather than silently treating the search as complete.
Put third-party data, retention, disclosure scope and any proposed action in front of an authorised reviewer.
Proposed pilot workflow
Access requests are not deletion scripts. Article 15 describes the right of access. Any erasure action is a separate decision with its own legal and operational analysis.
Official product references: Firebase Authentication users and Firestore and Realtime Database. Legal reference: Article 15 GDPR.
Security boundary
Firebase server access can be powerful. The pilot must document exactly what can be read, for how long, by whom and how access is revoked.
Projects, collections, identifiers, permissions, output fields and transfer route are agreed before live retrieval.
Remove temporary access, confirm package delivery and apply the accepted retention and deletion procedure.
Project-specific by design
Collection structure and access rules are customer-specific, so readiness is confirmed before a service promise is accepted.
A controlled first request
Trace will assess whether the proposed pilot can be delivered before access, terms or payment are agreed.