Account deletion is the one feature that is tempting to fake. A button that signs you out and flips a deleted flag passes a quick glance and even passes review more often than it should. It also makes your privacy policy untrue, which is the part I care about.

What deletion actually has to touch

A real delete in my stack has to clear three places at once. Miss any one and you have left personal data on a server that the user asked you to forget.

  • Firestore: every document scoped to that user's UID, including subcollections.
  • Storage: uploaded images and files under the user's path.
  • Auth: the Firebase Auth record itself, so the identity is gone, not just orphaned.
If the delete button leaves the auth record alive, you did not delete the account. You hid it.Every privacy policy I write

It has to be server-side

The client cannot be trusted to delete another user's data or to remove an auth record, and it should not be able to. So the button calls a Cloud Function. The function verifies the caller, fans out across Firestore and Storage, removes the Auth user last, and only then reports success back to the app. The user sees a clear confirmation, and what they were told happened is what actually happened.

A laptop showing lines of code on a wooden desk
One Cloud Function, three systems cleared, run in an order that cannot leave an orphaned record behind.

Account deletion review checklist

  • The button lives in the app, reachable in a tap or two
  • Firestore data and subcollections are gone
  • Storage files under the user's path are gone
  • The Auth record is removed, last, server-side
  • The privacy policy describes exactly this

It is maybe an hour of work to do properly, and it is the difference between a legal page that is marketing and one that is true. I would rather ship the true one.