Account Deletion

Maintained by: Aether365 Team Audience: Tenant owners Scope: Self-service deletion of an Aether365 account, what gets removed, and how Microsoft access is revoked.

You can delete your Aether365 account at any time from the user app. Deletion is performed immediately and cannot be undone.

Where to Delete

1. Sign in to app.aether365.io.
2. Open Settings > Profile.
3. Scroll to the Danger Zone at the bottom of the page.
4. Click Delete account.
5. Type your account email exactly to confirm.
6. Click Delete forever.

You are signed out and redirected to the login screen as soon as the request completes.

What Happens

Deletion runs a single transactional flow on the API. The order is:

1. Microsoft service principal revocation (Microsoft-connected accounts only). We authenticate to Microsoft Graph in your tenant using our app's client credentials and call DELETE /servicePrincipals/{id} for the Aether365 application. This removes our consent grant immediately.
2. Scheduled scan removal. Any scheduled scan entries are removed so no future scans run.
3. Secrets cleanup. The per-tenant secret holding your stored credentials is permanently deleted.
4. Database scrub. Your tenant row is anonymized in place: email, full name, company, user identity ID, Stripe customer / subscription IDs are cleared, and deleted_at is set. Sensitive child rows are removed: tenant configuration, Microsoft connections, team members, API keys, SSO config, every per-test scan result.
5. Identity removal. Your sign-in account is removed from the identity service.

Aggregate scan rows are kept (scan id, status, scan type, started/completed timestamps, pass/fail counts) so platform analytics remain accurate. They are no longer attributable to you - the tenant id stays but every personally identifiable field is removed.

Microsoft Revocation - When It Cannot Run

The automatic Graph call requires the Aether365 application to hold the Application.ReadWrite.OwnedBy permission in your tenant. If consent for that permission is not present (older consent, restricted tenant policy, or a custom federation), the call returns ok: false and we surface a banner pointing you to myapps.microsoft.com where you can remove the Aether365 enterprise application manually.

The deletion of your Aether365 data still goes through regardless of the revocation outcome - the only thing the manual step controls is removing our service principal from your Entra tenant.

Email-Password Accounts

If you signed up with email + password (no Microsoft federation), the Microsoft revocation step is skipped automatically. Everything else - schedule deletion, secret cleanup, scrub, identity removal - runs identically.

Audit Log Entry

A final account.self_deleted entry is written to your audit log before the scrub runs, capturing the typed-confirmation email, the Microsoft tenant id we attempted to revoke, and the revocation outcome. Once the row is anonymized this entry is no longer accessible to you, but it remains in the platform's retention window for compliance reporting.

Recovery

There is no recovery path. Once the deletion endpoint returns success, the data is gone and the sign-in account is removed. To use Aether365 again you must register fresh with a new account.

API

For automation use:

curl -X DELETE https://api.aether365.io/tenants/me \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"confirmEmail": "you@example.com"}'

The confirmEmail body field must match your account email exactly (case-insensitive). The response body includes microsoftRevocation with attempted, ok, and an optional reason so callers can surface the manual-cleanup link when needed.