> ## Documentation Index
> Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Scoped soft-delete of personal data

> Atomic per-class soft-delete. At least one of `dialogues` / `vault` must be true. Personal-scope only — institution rows are filtered out before any mutation. Idempotent: re-running returns zeros once everything is already soft-deleted. Vault deletes go through `rag.fileDelete` to clear embeddings + KAG cascade + physical file before flipping `status='deleted'` and stamping `deleted_at`. Per-upload failures from rag.fileDelete are collected in `uploadsFailed` and the status flip is skipped on those rows so a retry can re-attempt the physical removal.



## OpenAPI

````yaml /mdx/api-reference/runtime/runtime-api.json delete /api/user/data
openapi: 3.0.0
info:
  title: Pria Runtime API
  version: 2.0.1
  description: >-
    Pria API Documentation Praxis's developer platform is a core part of our
    mission to empower organizations to grow better. Our APIs are designed to
    enable teams of any shape or size to build robust integrations that help
    them customize and get the most value out of Pria. All Pria APIs are built
    using REST conventions and designed to have a predictable URL structure.
    <br/>  <br/>They use many standard HTTP features, including methods (POST,
    GET, PUT, DELETE) and error response codes.  <br/> <br/>All API calls are
    made under https://hiimpria.ai/api and all responses return standard JSON.
    In these docs, you'll find lists of all available endpoints for a given API,
    along with interactive code blocks for building requests. For walkthroughs
    of basic usage for these APIs, check out the API guides.
servers:
  - url: https://pria.praxislxp.com
    description: Pria API Server
security: []
tags:
  - name: Authentication
    description: User authentication, registration, and password management (/api/auth)
  - name: OAuth
    description: OAuth authentication providers - Google, GitHub, SSO (/api/auth/oauth)
  - name: User
    description: User profile management and account operations (/api/user)
  - name: User Institutions
    description: User institution memberships and switching (/api/user/institution)
  - name: User Tools
    description: Available tools for authenticated users (/api/user/tools)
  - name: Institutions
    description: Institution settings and configuration (/api/user/institution)
  - name: Conversation
    description: AI conversation and Q&A endpoints (/api/ai)
  - name: Realtime
    description: Real-time voice AI and WebRTC sessions (/api/ai/rt)
  - name: Assistant
    description: AI assistant configuration and management (/api/user/assistant)
  - name: History
    description: Conversation history and favorites (/api/user/history)
  - name: RAG
    description: >-
      Document upload, embedding, and retrieval-augmented generation
      (/api/user/files, /api/user/rag)
  - name: Setting
    description: Instance variables and settings management (/api/user/setting)
  - name: Branding
    description: Digital twin branding and customization (/api/agent/branding)
  - name: Agent
    description: Agent engagement and session management (/api/agent)
  - name: SDK Launch
    description: >-
      SDK launch token signing and verification for secure iframe embedding
      (/api/auth/sdk-sign, /api/auth/sdk-verify)
  - name: Testing
    description: Health checks, diagnostics, and test endpoints (/api/test)
  - name: Admin Accounts
    description: Account management for super admins (/api/admin/account)
  - name: Admin Institutions
    description: Institution management for admins (/api/admin/institution)
  - name: Admin Users
    description: User management for admins (/api/admin/user)
  - name: Admin Entitlements
    description: >-
      User-institution relationships and permissions
      (/api/admin/userInstitution)
  - name: Admin Sessions
    description: Session management for admins (/api/admin/session)
  - name: Admin Histories
    description: Conversation history management and analytics (/api/admin/history)
  - name: Admin Assistants
    description: AI assistant management for admins (/api/admin/assistant)
  - name: Admin Questions
    description: Institution question and prompt management (/api/admin/question)
  - name: Admin Tools
    description: Tool configuration management (/api/admin/tool)
  - name: Admin AI Models
    description: AI model configuration (/api/admin/aimodel)
  - name: Admin MCP Servers
    description: Model Context Protocol server management (/api/admin/mcpserver)
  - name: Admin Feedbacks
    description: User feedback management (/api/admin/feedback)
  - name: Admin Uploads
    description: Upload management (/api/admin/upload)
  - name: Admin Charts
    description: Analytics and visualization chart management (/api/admin/chart)
  - name: Audio Notes
    description: Capture and ingest spoken notes into the personal vault
  - name: Memory
    description: User-facing memory parameters (personal + shared instance memory).
  - name: My Data
    description: >-
      GDPR controls — personal-scope counts, async ZIP-by-email export, and
      scoped soft-delete. Every endpoint pins `user = req.user._id` AND
      `institution: null`; institution-scoped data is governed by the
      institution's own retention policy and never reached from here.
  - name: Questions
    description: >-
      User-facing read of the onboarding question bank used by the "create a
      digital twin" wizard.
  - name: Transcription
    description: >-
      One-shot speech-to-text for in-place dictation. Audio blob in, transcript
      out — no Upload / History / RAG embeddings are persisted. Use
      `/audio-notes` for anything durable.
paths:
  /api/user/data:
    delete:
      tags:
        - My Data
      summary: Scoped soft-delete of personal data
      description: >-
        Atomic per-class soft-delete. At least one of `dialogues` / `vault` must
        be true. Personal-scope only — institution rows are filtered out before
        any mutation. Idempotent: re-running returns zeros once everything is
        already soft-deleted. Vault deletes go through `rag.fileDelete` to clear
        embeddings + KAG cascade + physical file before flipping
        `status='deleted'` and stamping `deleted_at`. Per-upload failures from
        rag.fileDelete are collected in `uploadsFailed` and the status flip is
        skipped on those rows so a retry can re-attempt the physical removal.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MyDataDeleteRequest'
      responses:
        '200':
          description: Counts of what was deleted
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MyDataDeleteResponse'
        '400':
          description: Neither dialogues nor vault was true
        '401':
          description: Authentication required
        '500':
          description: Mongo update / rag.fileDelete fatal error
      security:
        - apiKeyAuth: []
components:
  schemas:
    MyDataDeleteRequest:
      type: object
      description: >-
        At least one of `dialogues`, `vault`, `memory`, `assistants`,
        `feedback`, or `sessions` must be true.
      properties:
        dialogues:
          type: boolean
          description: >-
            Flip personal History.forgotten to true (records survive for billing
            aggregates). Cascades: historyCompactionCache rows derived from
            these dialogues are hard-deleted.
        vault:
          type: boolean
          description: >-
            Soft-delete personal uploads (status='deleted'), remove embeddings +
            physical file
        memory:
          type: boolean
          description: >-
            Hard-delete the user's personal Memory rows (institution:null).
            Mirrors DELETE /api/user/memory/personal scope semantics.
        assistants:
          type: boolean
          description: >-
            Soft-delete the user's personal Assistant rows (status ->
            'deleted'). Rows survive for historical references (audit,
            conversation backfill) but are hidden from the chooser.
        feedback:
          type: boolean
          description: >-
            Soft-delete Feedback rows authored by the user (status ->
            'deleted'). Scope is `user` only — institutional context at
            submission time is ignored.
        sessions:
          type: boolean
          description: >-
            Hard-delete login session records (IP / browser / device
            fingerprints). Does NOT log the user out of other tabs — the JWT
            cookie is independent of these audit rows.
    MyDataDeleteResponse:
      type: object
      properties:
        success:
          type: boolean
          example: true
        dialoguesForgotten:
          type: integer
        uploadsDeleted:
          type: integer
        bytesFreed:
          type: integer
        memoryDeleted:
          type: integer
          description: Personal Memory rows hard-deleted by this request
        assistantsDeleted:
          type: integer
          description: Personal Assistant rows soft-deleted by this request
        feedbackDeleted:
          type: integer
          description: Feedback rows soft-deleted by this request
        sessionsDeleted:
          type: integer
          description: Session records hard-deleted by this request
        compactionCachePurged:
          type: integer
          description: >-
            HistoryCompactionCache rows hard-deleted as a cascade from dialogues
            delete
        uploadsFailed:
          type: array
          items:
            type: object
            properties:
              uploadId:
                type: string
              error:
                type: string
          description: >-
            Per-upload failures from the rag.fileDelete call (status flip is
            skipped on these so a retry can re-attempt)
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: x-access-token
      description: JWT token passed in x-access-token header

````