Delete Account Policy

Sudo is a non-custodial Web3 messenger. We do not create an account for you in the traditional sense — your identity is your blockchain wallet. "Deleting your account" on Sudo therefore covers two distinct actions, which you can perform independently:

• Off-chain deletion. Removing the optional metadata, profile and routing information that Sudo Labs stores on its servers about your wallet (display name, avatar, push tokens, relay routing hints, anti-spam reputation cache).
• On-chain disassociation. Severing the link between your wallet and the Sudo profile contract by burning the on-chain profile NFT or rotating to a new wallet. The wallet itself remains on the blockchain — we cannot erase it.

You may perform either action without the other. Most users who request deletion want both, and the in-app flow guides you through them together.

The fastest and most secure way to delete is from the signed-in client, because the request is signed by your Wallet and we can verify it instantly:

• Open Sudo and go to Settings → Account → Delete account.
• Choose the deletion scope: profile metadata only, on-chain profile NFT, or both.
• Read the confirmation screen, type the word DELETE into the confirmation box and sign the request with your Wallet.
• The signed request is broadcast to our deletion queue and, if applicable, the corresponding burn transaction is sent to the Sudo profile contract.

If you cannot sign in (lost device, broken build, etc.) you can still request deletion by sending a signed message from your Wallet:

• Sign the exact UTF-8 string SUDO::DELETE::v1followed by the current ISO-8601 date (e.g. SUDO::DELETE::v1::2026-04-29) using your Wallet's personal-sign function.
• Email the signature, the signing address and (if known) your Sudo username to privacy@su.dowith the subject line Account deletion request.
• We will verify the signature on-chain, confirm receipt within five (5) business days and complete deletion within thirty (30) days.

If you have lost access to the Wallet itself, we cannot authenticate the request and therefore cannot delete the associated profile — this is a deliberate consequence of self-custody and the inability for any third party (including Sudo Labs) to act on your behalf.

• Display name, bio, avatar URL and other profile fields you set.
• Push notification tokens and device identifiers used for delivery.
• Relay routing hints (which relay last saw a sealed envelope for your wallet).
• Anti-spam reputation cache, mute lists and contact suggestions.
• Optional metadata indexes (group memberships, message receipt timestamps).
• Account-related support tickets, feedback messages and survey responses linked to your wallet.
• Diagnostic logs that contain your wallet address, beyond what is needed for security audits.

The Sudo network sits on top of public, append-only blockchains. The following data is intentionally immutable; no party — including Sudo Labs — has the technical ability to delete it:

• Your Wallet address and its full transaction history, including any payments, escrow funding, mining claims or validator bonds.
• Sealed (end-to-end encrypted) message envelopes that were posted to the relay layer; the contents are unreadable to anyone without the recipient key, but the ciphertext itself remains.
• Smart-contract events emitted by your interactions (e.g. profile NFT mint or burn, escrow open or close, validator slash).
• Any NFT usernames or names you minted — ownership may transfer or expire, but the historical mint record persists on chain.

Burning the profile NFT removes the on-chain link between the human-readable username and your wallet, but does not erase the underlying transaction record.

Once a verified deletion request is received we follow the timeline below:

• Within 24 hours. Your profile is hidden from search, push notifications stop and any active sessions are revoked.
• Within 7 days. Off-chain profile and metadata records are deleted from primary databases and search indexes.
• Within 30 days. Records are purged from rolling backups and disaster-recovery snapshots.
• On request. A signed deletion certificate (JSON receipt) is issued by email, listing the categories of data removed and the timestamp.

We may retain a minimal subset of records beyond the normal deletion window where required by law or to protect users:

• Hashed wallet addresses associated with confirmed abuse, fraud or sanctions breaches, retained on a read-only block-list for up to seven (7) years.
• Tax, accounting and audit records linked to fees you paid Sudo Labs, retained for the period required by applicable tax law (typically 5–10 years).
• Records preserved under a binding legal hold, court order or law-enforcement preservation request, until the hold is lifted.

Where retained, this data is access-controlled, encrypted and never used for marketing or analytics.

• You will no longer appear in user search or contact suggestions.
• Other users will see “Unknown wallet” in place of your former Sudo username.
• Existing message threads remain on recipients' devices because they are end-to-end encrypted; we cannot reach into another user's device.
• Active escrow contracts continue to execute on chain — you should resolve or refund them before deleting.
• Mining rewards and validator bonds continue to be controlled by your wallet; if you intend to abandon the wallet entirely, withdraw or transfer them first.

Reconnecting the same Wallet after deletion creates a fresh, empty profile — no previous metadata, contacts or settings are restored. If you previously held an NFT username and burned it, you may re-mint it only if it has not been claimed by another wallet in the meantime.

Sudo is not directed at children under the age of digital consent in their jurisdiction. If you believe an account belonging to a child has been created without parental consent, please contact privacy@su.do from a verifiable address and we will prioritise deletion regardless of whether a Wallet signature can be produced.

Depending on where you live (e.g. under the EU GDPR, UK GDPR, California CCPA/CPRA, Brazilian LGPD or similar regimes) you may have additional rights, including the right to access, rectify, port and object to processing of your personal data. Those rights are described in our Privacy Policy and may be exercised in parallel with the deletion process described here.

If anything in this policy is unclear, or if your deletion request appears stuck, please reach out via the feedback page or email privacy@su.do. Jurisdiction-specific addenda (GDPR, CCPA, LGPD, PDPA-SG) form part of this policy where applicable and are published alongside it on the Sudo Trust Center.