Account Deletion

EduShade supports both self-service account deletion and admin-initiated account deletion. All deletions are soft deletes, meaning your data is retained for a configurable period before permanent removal.

Self-Service Account Deletion

How to Delete Your Account

1. Go to Account Settings → Account Deletion (or navigate to /dashboard/profile/settings/deletion)
2. Review the warning about what happens when your account is deleted
3. Confirm that you want to delete your account
4. Your account is immediately soft-deleted

What Happens After Deletion

1. Account status changes to deleted
2. All active sessions are terminated — you are logged out everywhere
3. Your profile is no longer visible to other users
4. Login is disabled — you cannot log in with your credentials
5. Your data is retained according to the tenant's data retention policy
6. Unique indexes are freed — your email/phone can be used for a new account (after retention period)

Data Retention

Your data is not immediately erased. Instead:

• Data is retained for the tenant's configured retention period
• During this period, your account may be reactivatable (see below)
• After the retention period expires, data may be permanently purged
• This supports compliance with data protection regulations (e.g., GDPR)

Reactivating a Deleted Account

If you deleted your account and want to come back:

1. Navigate to the Registration page
2. Enter the same email/phone you used before
3. The system checks if your account is within the retention period
4. If yes, a verification code is sent to your original email/phone
5. Verify your identity to reactivate your account
6. Your previous data is restored

If the retention period has expired, you must create a new account.

Admin-Initiated Deletion

Admins have two ways to remove a user:

A. Hard-soft-delete via the Delete endpoint

1. Go to Admin → Users
2. Find the user to delete
3. Click Delete (requires user.delete permission)
4. Confirm the action
5. The user is soft-deleted (deleted_at set, status = "deleted") and all sessions are terminated

API: DELETE /v1/users/{user_id}.

B. Status change to deleted

Admins can also flip a user's status to deleted via the standard edit endpoint (PUT /v1/users/{user_id} with status: "deleted"). This produces the same observable outcome: the user can no longer log in. Use the dedicated Delete action when you also want to terminate sessions immediately.

Bulk User Deletion

1. Go to Admin → Users
2. Apply filters or select multiple users
3. Click Bulk Delete (requires user.delete permission)
4. Confirm the action
5. All matching users are soft-deleted

API: DELETE /v1/users/bulk/delete.

Effects of Account Deletion

Soft Delete (the default — and currently the only mode)

EduShade only performs soft deletes in the standard delete flows:

• Sets deleted_at timestamp on the user record
• Sets the user's status to deleted
• Data remains in the database
• Unique constraints use conditional indexes (WHERE deleted_at IS NULL), so the email/phone/username can be reused after the retention period
• Allows future reactivation within the retention window
• Supports data retention compliance

Hard Delete (Out-of-Band)

There is no hard-delete API endpoint today. Permanent erasure (e.g. for GDPR right-to-be-forgotten requests) is handled out-of-band by:

• A scheduled retention job that purges records past the tenant's retention period, or
• A direct database operation performed by a platform engineer

If you need a record permanently removed before the retention window elapses, raise a request with your platform team.

Troubleshooting