GDPR Data Erasure
Open Astra supports the GDPR Right to Erasure (Article 17). A single API call purges all user data across every data tier in the system. Users can only delete their own data.
Purging user data
bash
# GDPR Right to Erasure — purge all data for a user
curl -X DELETE http://localhost:3000/memory/user/uid_alice \
-H "Authorization: Bearer ${JWT_TOKEN}"
# Response
{
"purged": true,
"tiers": [
"session_messages",
"sessions",
"daily_memory",
"user_profiles",
"graph_edges",
"graph_entities",
"procedural_memory",
"embedding_cache",
"semantic_cache",
"refresh_tokens",
"revoked_tokens",
"login_attempts",
"agent_traces",
"billing_usage",
"audit_log"
]
}Data tiers purged
The purge deletes data from 15 tables in dependency order (child rows first, then parent rows):
| # | Table | Description |
|---|---|---|
| 1 | session_messages | All conversation messages |
| 2 | sessions | Session records |
| 3 | daily_memory | Tier 2 daily notes |
| 4 | user_profiles | Tier 3 user profile |
| 5 | graph_edges | Tier 4 knowledge graph edges |
| 6 | graph_entities | Tier 4 knowledge graph entities |
| 7 | procedural_memory | Tier 5 procedural memory |
| 8 | embedding_cache | Cached embeddings |
| 9 | semantic_cache | Semantic response cache |
| 10 | refresh_tokens | Active refresh tokens |
| 11 | revoked_tokens | Revoked token records |
| 12 | login_attempts | Login attempt history |
| 13 | agent_traces | Agent execution traces |
| 14 | billing_usage | Billing and usage records |
| 15 | audit_log | Audit entries (purge event is recorded before deletion) |
ℹA
gdpr.data_purge audit event is recorded before the audit log entries are deleted, ensuring there is always a record that a purge occurred.Safety
- Users can only purge their own data — the
:uidparameter must match the authenticated user - Tables that don't exist yet (e.g., before first migration) are skipped gracefully
- The operation is transactional — if any tier fails, the entire purge is rolled back