Handling Account Deletion

This week has been busy with some less glamorous but incredibly important aspects of the service layer: handling account deletion. Regardless of the reason that a user may choose to delete their account, we firmly believe that control over your data is crucial to building a relationship of trust between Tower and its users.

Account deletion can take place in two ways: user-initiated in the app and by revoking authorization to the application via your social login provider (Sign in with Apple, etc.) While the method in which the workflow is triggered can vary, the actual workflow for account deletion itself is consistent.

Though the actual details of how we handle deletion, including any changes to data, are confidential, the gist of the decision making is: the account remains intact in order to ensure continued data validity, but its association with any particular human is erased. Additionally, any existing session or auth tokens are also invalidated at that moment and access to the system is terminated in whole. This means that the original “model” of a user exists, but we no longer have any idea who that user belonged to.

If a user deletes their account they can create a new account at any time but we will not be able to re-associate a user to previously connected account. In this case their account will be a brand new account with no chat history or ratings.

Additionally, because account deletion is an extremely sensitive area, we’ve added an array of alerting and in-house notifications should any part of the deletion process fail. In the event that our automated deletion system has a failure, our alerting system will notify us and the deletion will be performed manually.

So there it is. Our “not as shiny” but incredibly important updates this week.