Docs / Security & privacy
Delete your tenant
Irreversible, with a 30-day grace period. Triggered from Admin → Privacy.
APP 13 gives you the right to ask us to delete your data. Here's how we execute it.
You file the request
Admin → Privacy → Delete your tenant. We require a reason (for our records and for the audit log) and the owner account. The request is recorded on the audit log and flipped to a pending state.
30-day grace period
Nothing destructive happens for 30 days. You can cancel the request at any point during this window from the same page. If you do, a data_deletion_cancelled audit entry lands on the chain.
After 30 days
Ops executes the destructive run:
- All tenant-scoped rows (orders, payments, staff, menu) are
deleted.
- The audit log for your tenant is preserved until its retention
window closes (7 years for AU).
- You receive a confirmation email when the run completes.
What we keep
- The tenant row itself, with
deleted_atset and PII
scrubbed. This is required to enforce the uniqueness of your ABN against future re-signups.
- The audit log until retention expires.