Delete your SkinID account

You can permanently remove your account and every credential, FIDO key, activity log entry, and device record we hold about you. This page explains how, what gets deleted, and when. Required disclosure under Google Play and App Store policies.

Quick path if you're already signed in: open the SkinID app or visit skinid.ch/management, scan your implant, then go to Settings → Delete account.

What happens when you click delete

You confirm with a fresh chip tap. SkinID requires your implant to be tapped within five minutes of the delete request, so a stolen long-lived session token alone cannot trigger deletion.
Your account is marked for deletion. All API access for the account is suspended immediately.
30-day grace window starts. If you change your mind, sign in again with your chip and call the in-app restore option (or visit skinid.ch/management) within the window to undo. We send you an email confirmation when the deletion is initiated.
Hard deletion runs daily at 03:00 UTC. Once your grace window has elapsed, our retention janitor wipes:
- your user record
- every saved credential ciphertext
- every passkey / FIDO blob
- your full activity log
- all chips registered to the account
- all bearer tokens and trusted devices
- recovery share metadata
Encrypted backups age out. Daily backups containing pre-deletion snapshots roll off automatically as new backups overwrite them. Within 90 days no backup contains your data.

What is kept (and why)

Two narrow categories of data are retained after deletion, both required by Swiss law:

Operator-side audit log entries that reference your former account ID. We need these to demonstrate accountability for staff actions on customer data; Swiss commercial-records norms require ~10-year retention. Your name and credential content are NOT in these entries.
Server access logs retained 30 days, rolled off automatically. These contain IP address + URL path + status code only; no token, no body, no credential payload.

Everything else (your owner display name, avatar, color, every credential, every passkey, your full activity log, all chips, all tokens) is gone.

If you can't sign in

If you have lost access to your chip and your printed Shamir recovery key, you cannot self-serve the deletion. Email support@skinid.ch from the email associated with your account; we will verify your identity manually and run the deletion on your behalf.

Before you delete: export your data

SkinID is built so you are never locked in. Before deleting, you can call skinid.ch/management → Settings → Download all my data to export everything we hold about you in a standard JSON format. The credentials are returned in their on-disk encrypted form; you can decrypt locally using your chip.

Children's accounts

SkinID does not intentionally hold accounts for children below the consent age in their jurisdiction. If you are a parent or guardian who believes a child has registered an account, contact support@skinid.ch and we will treat the deletion request as priority.

Other rights you have

Beyond deletion you have rights of access, rectification, restriction, portability, objection, and to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner. These are described in detail in our privacy policy.

Questions

Email support@skinid.ch. We acknowledge within 48 hours and resolve within 5 business days.