# Delete a user's data

The right to be forgotten, in one call. forget() schedules a server-side purge and wipes the device clean — while the financial records you're legally required to keep, and a tamper-proof record of the erasure itself, are deliberately retained.

Source: https://cross-deck.com/university/delete-a-users-data/
Verified Crossdeck University lesson — prose plus real, runnable code.

## Complete erasure, lawful retention

When a user invokes their right to be forgotten, you need a way to do it that's both complete — the personal data actually goes — and lawful, because you're required to keep certain records (financial history) even after erasure. Getting one without the other is a compliance problem either way. Crossdeck gives you a single call that does both correctly.

## One call, every surface

All four SDK surfaces hit the same endpoint, POST /v1/identity/forget. On the web, it's one line:

```web
await Crossdeck.forget();
```

## Purge the person; keep the proof

forget() sends the strongest identity hint the SDK holds — customer ID, else user ID, else anonymous ID — to schedule the server-side deletion, then wipes all local state on the device: identity, entitlements, the event queue, super-properties, persistent stores. Crucially, that local wipe runs even if the server call fails — the person just asked to be forgotten, and refusing to clear their device over a network hiccup would be the wrong call. The failure is recorded in the SDK's debug stream so you can follow up server-side.

What's retained is as deliberate as what's purged. Financial records stay, because you're legally required to keep them. And a hash-chained audit trail of the erasure itself is preserved — so you can prove the deletion happened, without that proof being something anyone can quietly tamper with. The whole operation is idempotent: asking twice is safe.

## Forgotten, and provably so

After forget() resolves, the personal data is scheduled for purge and the device is clean — while the financial ledger and a tamper-evident record of the erasure remain. You've honoured the request fully and kept exactly what the law says you must.

purged · retained · provable
 Personal data scheduled for deletion, device wiped — financial records and a hash-chained erasure record kept. Complete and lawful, in one call.