Delete your Malgeum account and data
Last updated July 16, 2026 · 한국어
If you can use the App
- Open Settings in Malgeum.
- Under About, select Delete account and data.
- Review the scope and confirm deletion.
This is the fastest path because the App can verify account ownership directly. It deletes the Firebase anonymous account, Malgeum backend user, push token, stored current location, invitations, connections, server messages, device-linked records, and local App data.
If you cannot open the App
Email us with the subject “Malgeum data deletion.” Malgeum accounts are anonymous and are not linked to the email address or phone number sending the request, so an email address alone cannot identify a backend record. Include only information you already know:
- whether you used iOS or Android;
- the approximate last-use date and approximate place last used in the App; and
- if you used invitations, a six-character invite code or the connection nickname shown in the App.
Do not send passwords, government IDs, complete payment-card numbers, or the App's recovery token. The recovery token is an account credential.
To avoid deleting another person's anonymous data, we must verify a link to the record. If the supplied information cannot safely identify it, we may be unable to complete deletion and will reply with available verification options and the expected handling time. If the operating system retains the recovery credential and restores the anonymous record, you may also use in-app deletion. Android removes that credential when the App is uninstalled, so recovery after reinstall is not guaranteed.
Information that may remain
- The recovery token is deleted with local data. The App stores a content-free local marker containing only cleanup status, a random operation generation, and a random deletion receipt used to confirm server completion. This prevents automatic anonymous-account recreation and resumes interrupted cleanup. After cleanup completes on a later launch, new non-account settings and weather cache selected by the user may be stored again.
- For idempotent deletion confirmation and to prevent reactivation of a deleted anonymous account, an irreversible, server-keyed HMAC deletion fingerprint and deletion timestamp are retained for as long as that protection is needed. The record contains no raw UID, profile, or activity content. If Firebase account deletion temporarily fails, the raw UID retry list is retained only until success or for at most 30 days, then cleared with the identity links.
- Apple or Google store subscriptions must be canceled separately.
- Minimum records strictly required for law, accounting, disputes, security, or fraud prevention may be retained for the applicable purpose and period.
- Information already processed by payment, advertising, analytics, AI, or error-service providers is retained and deleted under their policies and applicable agreements.
See the Privacy Policy for details.
Contact
Supervillain Labs Inc. · contact@supervlabs.io