super_admin and are not surfaced anywhere in the platform UI — they are intentionally API-only so that fulfilment steps are auditable and controlled.
Self-export is allowed: a
super_admin may export their own data. Self-delete is not allowed: an admin cannot delete their own account through this endpoint to prevent accidental loss of the last admin.Export user data — GET /users/{id}/data-export
Returns a ZIP archive containing every personal-data record held for the target user. The archive includes:
Request
Response
200 application/zip — the export archive.
Error responses
Delete user — DELETE /users/{id}
Hard-deletes the target user and all personally identifiable data in a single database transaction. The following records are removed atomically:
- Messages and agent sessions.
- Feedback, prompt favourites, and usage tracking.
- RBAC entries (role assignments, team memberships, project access).
- The users row itself.
user_{id}/ are deleted in a best-effort sweep. S3 failures are logged but do not roll back the database transaction; the user record is gone regardless.
Request
Response
204 No Content on success.
Error responses
Recommended workflow
- Receive a data-subject request (access or erasure).
- Find the user’s numeric ID from the admin user list or database.
- For access requests — call
GET /users/{id}/data-exportand send the resulting ZIP to the data subject. - For erasure requests — verify no legal hold applies, then call
DELETE /users/{id}. Retain the HTTP 204 response timestamp for your compliance record.
Related pages
Users and access
Managing users, roles, and teams in the admin area.
REST introduction
Authentication details and endpoint overview.