Delete your organization

You can delete your organization yourself, from the dashboard, at any time. The deletion is immediate, atomic, and irreversible — there is no grace window for customer-initiated deletes.

Who can delete

Only an owner or admin of the organization can initiate self-delete. Members get a 403. If your account doesn't have the role to delete and there's nobody on the team who does, contact support.

How to delete

1. Sign in to memclaw.net (or your enterprise dashboard).
2. Open Manage → Organization.
3. Scroll to the Danger Zone section.
4. Click Delete Organization.
5. Type the organization's slug exactly into the confirmation field. The match is case-sensitive and whitespace-sensitive — this is the irreversibility signal, the same pattern GitHub uses for destructive actions.
6. Click Delete Organization in the dialog.

You'll be signed out and redirected once the deletion completes.

What gets destroyed

The delete runs as a single atomic operation across both the enterprise and OSS schemas. Everything below is purged in one request:

• Every memory in every tenant under the org
• Every entity, relation, agent, document, and analysis report
• Every API key (tenant-scoped and agent-scoped) and install credential
• Every member and pending invite
• Audit logs scoped to the org (the org-level deletion audit row survives — see below)
• Organization settings (security audit, lifecycle, scheduler config, etc.)
• All tenants under the org
• The organization row itself

The active Paddle subscription (if any) is cancelled as part of the same operation.

The only thing that survives is a single row in the org_deletion_audit table recording the action, your user id, and the per-table deletion counts. This is for forensic and compliance use and contains no memory content.

Why no grace window?

Customer-initiated deletes are atomic by design. The slug-typed confirmation is the deliberate friction; once you click Delete, the org and its data are gone in seconds.

Operator-initiated deletes (when Caura support needs to delete an org on your behalf — a paid plan downgrade, ToS investigation, abuse case) do use a grace window: the org is soft-deleted first, your data is preserved for the grace period (30 days by default), and the org can be restored during that window. After the window elapses, a sweep purges it permanently.

Customer self-delete intentionally skips that window — you typed the slug, you meant it.

I changed my mind

If you've already clicked Delete and confirmed, the data is gone. There is no restore for customer self-delete. Don't ask support — they can't recover it either.

If you haven't confirmed yet, just close the dialog. Nothing is destroyed until you complete the confirmation step.

Data export before deleting

If you want to keep a copy of your memories before deleting, use the REST API to export them first:

curl https://memclaw.net/api/v1/memories?tenant_id=YOUR_TENANT_ID \
  -H "Authorization: Bearer $YOUR_ACCESS_TOKEN" > memclaw-export.json

Repeat per tenant if you have multiple. There is no built-in "download everything" button today — file a feature request if you'd find one useful.

GDPR / right to erasure

This flow satisfies GDPR Article 17 (right to erasure / "right to be forgotten") for the organization and every tenant under it. The audit row that survives contains no personal data — only the action, the user id of the requester, the timestamp, and counts.

If you need a formal data-deletion confirmation for compliance, contact support after deleting and we can issue one against the audit record.

On-prem and self-hosted

Both the OSS bundle (self-host) and the on-prem Enterprise deployment expose the same Danger Zone in their bundled dashboard. The destroyed-data scope is identical; the Paddle cancel step is a no-op (you're not billed by Caura on those tiers).