code418 · code418 · Apr 24, 2026 · Apr 24, 2026 · Apr 24, 2026 · Apr 24, 2026
diff --git a/docs/plans/delete-user-data-extension.md b/docs/plans/delete-user-data-extension.md
@@ -0,0 +1,55 @@
+# Plan — GDPR "Delete User Data" Firebase Extension
+
+- **Status:** Proposed
+- **Effort:** Small
+- **Firebase services:** Extensions (`firebase/delete-user-data`), Auth, Firestore, Storage, RTDB
+
+## Overview
+
+Installing the official "Delete User Data" extension gives the project a compliant, auditable path for "right to be forgotten" requests. It deletes all of a user's data across Firestore, Storage, and RTDB when the user deletes their Firebase Auth account.
+
+## Configuration
+
+- **Firestore paths to delete** (use `{UID}` substitution):
+  - `users/{UID}`
+  - `users/{UID}/friends/{DOC}` (if migrated to a subcollection; currently an array on the user doc — no extra config needed)
+  - `fcmTokens/{UID}`
+  - `claims` — **do not hard-delete**; anonymise instead (see below).
+  - `recaps/{UID}/periods/{DOC}`
+- **Storage paths to delete:**
+  - `claims-photos/{UID}/`
+  - `james-audio/` — not user data, do not touch.
+- **RTDB paths:**
+  - `/status/{UID}` (presence plan).
+
+## Claim anonymisation (extra Function)
+
+Hard-deleting claims would corrupt leaderboards historically. Instead:
+
+- Add a Firestore-triggered Function `onUserDeleted` that rewrites the user's claims to `{ uid: "deleted", displayName: "Deleted user" }` before the extension runs. Triggered by `onAuthUserDeleted` and completes within the retry window.
+
+## In-app path
+
+- Add "Delete my account" button in Settings.
+- Confirmation dialog + re-authentication (Firebase requires recent sign-in for `User.delete()`).
+- Call `FirebaseAuth.instance.currentUser!.delete()`. The extension + Function fan-out does the rest.
+
+## Audit trail
+
+- Extension writes an audit log by default — keep it.
+- Add a simple Firestore doc `deletions/{YYYY-MM-DD}` with counts for internal visibility.
+
+## Rollout
+
+- Install extension in a staging project first.
+- Manually trigger an account deletion; verify every listed path is cleared.
+- Promote to production.
+
+## Risks
+
+- Paths misconfigured → partial deletions leaving dangling references. Mitigated by staging dry-run.
+- Re-auth failures — document a manual admin path for edge cases.
+
+## Testing
+
+- Integration test in staging: create test user with claims, photos, friends; delete; assert no residuals.
diff --git a/lib/claim.dart b/lib/claim.dart
@@ -125,11 +125,14 @@ class _ClaimState extends State<Claim> with TickerProviderStateMixin {
         postboxes[entry.key as String] =
             Map<String, dynamic>.from(entry.value as Map);
       }
+      // Cloud Functions serialise JS numbers as either int or double;
+      // assigning a double to a typed int field throws, so normalise via num.
+      int asInt(dynamic v) => (v as num?)?.toInt() ?? 0;
       setState(() {
-        _count = counts['total'] ?? 0;
-        _maxPoints = points['max'] ?? 0;
-        _minPoints = points['min'] ?? 0;
-        _claimedToday = counts['claimedToday'] ?? 0;
+        _count = asInt(counts['total']);
+        _maxPoints = asInt(points['max']);
+        _minPoints = asInt(points['min']);
+        _claimedToday = asInt(counts['claimedToday']);
         _postboxes = postboxes;
         currentStage = _count > 0 ? ClaimStage.results : ClaimStage.empty;
       });

diff --git a/lib/nearby.dart b/lib/nearby.dart
@@ -113,23 +113,26 @@ class _NearbyState extends State<Nearby> {
       final claimedCompass = data['claimedCompass'] != null
           ? Map<String, dynamic>.from(data['claimedCompass'] as Map)
           : <String, dynamic>{};
+      // Cloud Functions serialise JS numbers as either int or double; assigning
+      // a double to a typed int field throws, so normalise every count via num.
+      int asInt(dynamic v) => (v as num?)?.toInt() ?? 0;
       setState(() {
-        _count = counts['total'] ?? 0;
-        _maxPoints = pts['max'] ?? 0;
-        _minPoints = pts['min'] ?? 0;
+        _count = asInt(counts['total']);
+        _maxPoints = asInt(pts['max']);
+        _minPoints = asInt(pts['min']);
         currentStage = NearbyStage.results;
         for (final dir in const [
           'N', 'NNE', 'NE', 'ENE', 'E', 'ESE',
           'SE', 'SSE', 'S', 'SSW', 'SW', 'WSW',
           'W', 'WNW', 'NW', 'NNW',
         ]) {
-          _compassCounts[dir] = compass[dir] ?? 0;
-          _claimedCompassCounts[dir] = claimedCompass[dir] ?? 0;
+          _compassCounts[dir] = asInt(compass[dir]);
+          _claimedCompassCounts[dir] = asInt(claimedCompass[dir]);
         }
-        _claimedToday = counts['claimedToday'] ?? 0;
+        _claimedToday = asInt(counts['claimedToday']);
         for (final cipher in MonarchInfo.all) {
-          _cipherTotals[cipher] = counts[cipher] ?? 0;
-          _cipherClaimed[cipher] = counts['${cipher}_claimed'] ?? 0;
+          _cipherTotals[cipher] = asInt(counts[cipher]);
+          _cipherClaimed[cipher] = asInt(counts['${cipher}_claimed']);
         }
         _lastScanned = DateTime.now();
       });

diff --git a/lib/wear/wear_claim_page.dart b/lib/wear/wear_claim_page.dart
@@ -52,8 +52,10 @@ class _WearClaimPageState extends State<WearClaimPage> {
       });
       if (!mounted) return;
       final counts = result.data['counts'] ?? {};
-      final total = (counts['total'] as int?) ?? 0;
-      final claimed = (counts['claimedToday'] as int?) ?? 0;
+      // Cloud Functions serialise JS numbers as either int or double; `as int?`
+      // would throw on a double, so normalise via num.
+      final total = (counts['total'] as num?)?.toInt() ?? 0;
+      final claimed = (counts['claimedToday'] as num?)?.toInt() ?? 0;
       _postboxes = Map<String, dynamic>.from(result.data['postboxes'] ?? {});
       setState(() {
         _count = total;

diff --git a/lib/wear/wear_compass_page.dart b/lib/wear/wear_compass_page.dart
@@ -75,8 +75,13 @@ class _WearCompassPageState extends State<WearCompassPage> {
       final counts = result.data['counts'] ?? {};
       final compassRaw = result.data['compass'] ?? {};
       setState(() {
-        _totalCount = (counts['total'] as int?) ?? 0;
-        _compassCounts = Map<String, int>.from(compassRaw);
+        // Cloud Functions serialise JS numbers as either int or double;
+        // `as int?` would throw on a double, so normalise via num.
+        _totalCount = (counts['total'] as num?)?.toInt() ?? 0;
+        _compassCounts = {
+          for (final e in (compassRaw as Map).entries)
+            e.key as String: (e.value as num).toInt(),
+        };
         _stage = _CompassStage.results;
       });
       // Haptic pulse to signal scan complete.
@@ -206,7 +211,13 @@ class _WearCompassPageState extends State<WearCompassPage> {
               angle: -rotation,
               child: CustomPaint(
                 size: Size(size, size),
-                painter: FuzzyCompassPainter(sectors: sectorValues),
+                // Pass rotation so the painter counter-rotates the 'N' label;
+                // otherwise it spins with the canvas and is unreadable whenever
+                // the watch is not pointing north.
+                painter: FuzzyCompassPainter(
+                  sectors: sectorValues,
+                  rotation: rotation,
+                ),
               ),
             ),
             // Centre count overlay (doesn't rotate)

diff --git a/lib/wear/wear_status_page.dart b/lib/wear/wear_status_page.dart
@@ -18,10 +18,14 @@ class WearStatusPage extends StatefulWidget {
 class _WearStatusPageState extends State<WearStatusPage> {
   final StreakService _streakService = StreakService();
   late final Stream<int?> _streakStream = _streakService.streakStream();
+  // Cache so the StreamBuilder doesn't re-subscribe (and briefly show empty
+  // stats) on every rebuild. Computed once in initState from the uid at mount.
+  late final Stream<DocumentSnapshot<Map<String, dynamic>>>? _userDocStream =
+      _buildUserDocStream();
 
   String? get _displayName => FirebaseAuth.instance.currentUser?.displayName;
 
-  Stream<DocumentSnapshot<Map<String, dynamic>>>? _userDocStream() {
+  Stream<DocumentSnapshot<Map<String, dynamic>>>? _buildUserDocStream() {
     final uid = FirebaseAuth.instance.currentUser?.uid;
     if (uid == null) return null;
     return FirebaseFirestore.instance.collection('users').doc(uid).snapshots();
@@ -71,7 +75,7 @@ class _WearStatusPageState extends State<WearStatusPage> {
 
               // Lifetime points
               StreamBuilder<DocumentSnapshot<Map<String, dynamic>>>(
-                stream: _userDocStream(),
+                stream: _userDocStream,
                 builder: (context, snap) {
                   final data = snap.data?.data();
                   final lifetimePoints =