Goodbye Should Mean Goodbye
I was updating Wizzle’s password flow when I hit a wall: account deletion didn’t exist.
It seemed like such an obvious thing in hindsight, one of those features that just should be there. But it wasn’t. Not because I didn’t care about it, but because in the flurry of building, testing, coding, and shipping, the basic idea of how someone might leave quietly got overlooked.
Why Account Deletion Matters to Me
Account deletion isn’t just a feature - it’s a statement of respect.
I've signed up for too many services over the years, only to find out I can’t actually delete my account. At best, they let me “deactivate” it. At worst, they ghost me, leaving my email, preferences, and sometimes even my personal data floating in some database I’ll never have access to again. That loss of control never sits right with me.
That’s why, with Wizzle, I’m building from the opposite mindset: you should be in control. Your data, your identity, your presence on the platform belong to you. And if you decide to leave, you should be able to do so fully, not just be hidden or put on pause.
But it’s more than just a principle. It’s a commitment to trust.
If Wizzle is to grow into something meaningful, users need to trust it - not just to work, but to treat their information ethically. And that means giving them a clear, irreversible way to leave.
Now, in reality, full hard deletion is sometimes messy. Systems often need to retain certain records for integrity, like purchase histories or gift list stats, especially when those records impact other users (e.g. friends, shared wishlists). So the approach I took is a hybrid: personal identifiable information is erased, the user’s presence is anonymized, friendships are severed, and the account is rendered inaccessible. It’s not quite deletion from the database, but from a user’s point of view: they’re gone. As they should be.
This isn't just a checkbox feature I rushed in. Ironically, it wasn’t even in my original build. AI and I overlooked it during one of our early sessions, which made me laugh when I realized how fundamental it is. But once I recognized it was missing, I knew I had to get it right.
Account deletion matters because respecting users matters. And I Wizzle, at its core, to be built on that kind of care.
What Wizzle does
I've implemented a clear, privacy-respecting approach to account deletion. It's not a vague deactivation.
It's a deliberate process that prioritizes both the user's right to be forgotten and the long-term integrity of shared data.
When a user deletes their account, a method called anonymize! runs. Here's what it looks like in code:
def anonymize!
transaction do
update!(
email: "deleted_user_#{id}@wizzle.gifts",
name: nil,
encrypted_password: SecureRandom.hex,
remember_token: SecureRandom.hex,
birthday: nil,
notify_friend_invite: false,
notify_wishlist_question: false,
notify_question_reply: false
)
# Break all friendships
friendships.destroy_all
# Anonymize wishlists
wishlists.update_all(title: "Deleted Wishlist", description: nil)
end
end
So, what does this really mean?
First and foremost, personally identifiable information is deleted. The user's name, birthday, and email are wiped or replaced. Their password and tokens are randomized to ensure no one - not even the user - can ever log back in. I also make sure they’re unsubscribed from all notifications.
Next, we sever social ties. All friendships, connections, and social interactions are destroyed. I want to prevent lingering traces of a user’s identity or activity from showing up in someone else’s experience.
What remains is data disconnected from any individual identity.
I do, however, keep the user’s wishlists anonymized. Titles are renamed to “Deleted Wishlist,” and descriptions are wiped. Why? Because Wizzle is about gifting. A wishlist isn’t always just a personal tool - it might be part of a gift someone’s already bought or a shared community experience.
Keeping anonymized wishlists allows us to preserve shared value. If someone already purchased a gift from that list, I don’t want to retroactively remove that context. And as I build future features - like historical gifting stats or community trends - retaining non-personal data in a safe, disconnected way will help me provide insight without compromising privacy.
In short: when someone deletes their account, Wizzle makes sure they’re not just gone — they’re untied, unreachable, and respected.
Why Not Just Hard Delete?
At first glance, hard deletion feels like the cleanest, most ethical option. Just wipe the user’s record completely. They asked to leave, so let them leave, entirely. It’s appealing in its moral clarity.
But in practice, hard deletion can come with unintended consequences, especially in a product like Wizzle, where data is interconnected and collaborative by design.
The Temptation of Moral Simplicity
There’s a certain emotional satisfaction in the idea of total deletion. No trace left behind. The user vanishes from the database, their ID gone, every relation purged. And ethically, that aligns with the kind of respect for user autonomy I want Wizzle to stand for.
But building real software isn’t always as black-and-white. Especially when the platform is social or shared.
Broken Features, Broken References
Wizzle is built on relationships: friends, shared wishlists, invites, and questions. If I simply deleted the user’s record, many of those references would break:
Shared wishlists would suddenly have no owner.
Past activity like comments or questions would become orphaned.
Friend connections would point to a null record or error.
Anonymization gives us a middle ground. I strip away identity, personally identifiable information, and any trace of the user’s presence - but we maintain structural integrity. Wishlists remain useful. Past actions remain informative. Nothing breaks. Nothing is confusing or error-prone. Just… quiet traces, scrubbed of identity.
It’s not perfect. But it’s thoughtful. And it balances respect for privacy with respect for data integrity.