# Delete My Account

**ID:** EU-006
**Priority:** Medium
**Status:** Planned

## User Story
As an end user, I want to permanently delete my account and all associated data so that I can exercise my right to be forgotten (GDPR compliance).

## Acceptance Criteria
- [ ] User can request account deletion from settings
- [ ] Deletion requires password confirmation or 2FA
- [ ] User sees summary of what will be deleted
- [ ] Grace period (e.g., 30 days) before permanent deletion
- [ ] User receives email confirmation of deletion request
- [ ] User can cancel deletion during grace period
- [ ] All personal data is removed after grace period
- [ ] User is removed from all organizations they belong to

## Technical Notes
- `suspendUser` and `deleteSuspendedUser` endpoints exist in admin context
- Need user-facing self-service deletion flow
- Consider soft delete with scheduled hard delete
- Must handle organization ownership transfer if user owns orgs
- Audit log should retain anonymized record for compliance

## Related TODOs
- New feature - builds on existing suspension infrastructure