Account Deletion Policy

There are three ways to delete your account:

1. Self-service (recommended): Dashboard → Settings → Privacy → "Permanently delete account".
2. Email: Write to thmenu@synaltix.io from your registered email with subject "Account deletion request".
3. Post: Synaltix LLC, Albuquerque NM, USA.

We send an email verification link within 24 hours.

When you click the link in the confirmation email you are taken to a confirmation page where, after re-authenticating, you must press "Delete my account" to actually start the deletion. We deliberately separate the email link (a GET that renders a form) from the deletion action (a POST that the form submits) so email-prefetching crawlers cannot trigger unintentional deletion (RFC 9110 §9.2.1). After you press the button, a 30-day grace period begins.

Sign in again during this window and the deletion is automatically cancelled — your account is fully restored. After 30 days, deletion is irreversible.

After 30 days the following is permanently erased:

• User profile (name, email, phone)
• Restaurant records (name, address, description)
• Menus, categories, products
• Product photos (including Cloudflare R2)
• Order history (except anonymized aggregate stats)
• Customer feedback, likes
• Staff records, audit log
• Stripe Customer ID (your Stripe Connect account is untouched — you close it yourself)
• Affiliate referral records

The following is retained for fixed periods under law (the longest applicable period applies):

• Invoices / payment records: 7 years (US IRS / state); up to 10 years (EU VAT and Turkish TTK Art. 82 commercial books / VUK Art. 253 tax records)
• Tax documents: 7 years (W-9, W-8BEN, 1099-NEC, etc.)
• Legal-proceedings records: until any active matter is closed and the applicable statute of limitations has run
• Anonymised aggregate analytics: indefinitely (no personal data)

This data lives in an access-restricted archive and is deleted when its retention period expires.

If you have an affiliate account: pending commissions for your referrals are settled before deletion. If you have a pending payout, deletion runs after the final payout is sent.

If there is an active contract / proposal / MoU, related data is kept until the contract expires or is terminated.

When we receive your deletion request, we also trigger deletion at:

• Stripe: Customer record is deleted (Stripe keeps transaction history for 7 years — they're required to)
• Supabase Auth: User record is deleted
• Cloudflare R2: All your uploaded images are deleted
• Resend: Email send logs auto-delete in 30 days anyway
• PostHog/Sentry: User ID is anonymized

Per GDPR Article 17(2) we notify these parties of your erasure request.

Deletion requests are sensitive — we use two-factor verification:

1. Request must come from the registered email
2. Email verification link (valid 24 h)
3. 30-day grace period — gives you a second chance to sign in

A third party (e.g. former co-founder) cannot delete on your behalf — you must control the registered email.

thMenu does not serve users under 16. If you become aware that a child has registered, email thmenu@synaltix.io — we delete the account immediately, no verification needed.

Questions or complaints about deletion:

• Email: thmenu@synaltix.io
• EU: your local DPA (data protection authority)
• Turkey: KVKK Board — kvkk.gov.tr
• US: California residents — same address for CCPA rights.