Complete erasure, lawful retention
When a user invokes their right to be forgotten, you need a way to do it that's both complete — the personal data actually goes — and lawful, because you're required to keep certain records (financial history) even after erasure. Getting one without the other is a compliance problem either way. Crossdeck gives you a single call that does both correctly.
One call, every surface
All four SDK surfaces hit the same endpoint, POST /v1/identity/forget. On the web, it's one line:
await Crossdeck.forget();Purge the person; keep the proof
forget() sends the strongest identity hint the SDK holds — customer ID, else user ID, else anonymous ID — to schedule the server-side deletion, then wipes all local state on the device: identity, entitlements, the event queue, super-properties, persistent stores. Crucially, that local wipe runs even if the server call fails — the person just asked to be forgotten, and refusing to clear their device over a network hiccup would be the wrong call. The failure is recorded in the SDK's debug stream so you can follow up server-side.
What's retained is as deliberate as what's purged. Financial records stay, because you're legally required to keep them. And a hash-chained audit trail of the erasure itself is preserved — so you can prove the deletion happened, without that proof being something anyone can quietly tamper with. The whole operation is idempotent: asking twice is safe.
Forgotten, and provably so
After forget() resolves, the personal data is scheduled for purge and the device is clean — while the financial ledger and a tamper-evident record of the erasure remain. You've honoured the request fully and kept exactly what the law says you must.
Personal data scheduled for deletion, device wiped — financial records and a hash-chained erasure record kept. Complete and lawful, in one call.