Private data per local account

I am working on an app that requires the ability to support multiple local users, logged in with different credentials. Part of the data managed by Couchbase Lite/Sync Gateway includes private user information that I don’t want held locally once the user logs out. There is a lot of other data that is not sensitive and should remain after a logout, lets say data specific to the device rather than the individual user.

Some advice I’ve seen for this scenario is to delete the database and have a newly created Couchbase Lite database each time a new user logs in, but this is less than ideal in this case, as I lose all the other data that isn’t sensitive, and in fact causes major complications in the general operation of the app which relies on this data being available.

I had thought about separating the data locally into sensitive and not-sensitive, and setting up pull replication for each scenario separately, allowing me to delete the sensitive data from device on logout, and have Sync Gateway re-sync the new user’s sensitive data when they login. However, the Sync Gateway pull filters don’t seem to be flexible enough to support this, only allowing filter by channel, and then not allowing “all channels except…” filters, so I can’t have one pull to a database pull everything except the sensitive documents, and another pull to another database pull the sensitive data.

Another possible solution was to purge the sensitive document types from the local database on logout, leaving the remaining intact. However, the data is never then re-synced by the Sync Gateway should that user log back in again, only when the sensitive data changes, which is pretty much never.

My only other idea is to actually separate the data at the server side, producing separate sensitive and non-sensitive databases and Sync Gateway setups to avoid the lack of sync filtering on the client side.

Would appreciate any thoughts on this, if anyone else has overcome a similar requirement, or if there are any best practices that the community can point me towards.

All this is iOS BTW, in case it matters.

Create a separate database for each user. You can create another shared database for the non-sensitive stuff if you want avoid the overhead of having copies of it in each user database.