Nirmal Raj - June 22, 2026
BlueFunda-AI: Account Deletion, Content Reporting, and Getting the Details Right
Apple’s App Store guidelines are clear: if your app lets people create an account, it has to let them delete it too. BlueFunda-AI has supported sign-in since launch, but until this week, there was no way to remove your account from within the iOS app. That’s now fixed โ along with a set of compliance additions and a behind-the-scenes problem that would have made deletion silently fail for a significant chunk of users.
You Can Now Delete Your Account
Open Settings in the iOS app and you’ll find a new Delete Account option at the bottom. Tap it, confirm through a dialog, and the app sends a deletion request to the server. Your Keycloak identity is removed, your local session is wiped, and you’re routed back to the login screen.
This satisfies App Store Guideline 5.1.1(v), which requires apps with account creation to offer account deletion through the same interface. It’s a straightforward feature on the surface, but the implementation touched multiple layers: the iOS app needed a new API call, the backend needed a deletion endpoint, and the authentication gateway needed to forward the right credentials.
The deletion is permanent. There’s no recovery window or undo. The confirmation dialog makes this clear before you proceed.
The Fix That Made Deletion Actually Work
Here’s where it gets interesting. Account deletion shipped and worked correctly in testing โ but only for users in the default realm.
BlueFunda-AI supports multiple authentication realms. Most users sign in through the main “trm” realm, but individual accounts, partner organizations, and other groups each have their own. The API gateway was hardcoding X-Realm: trm on all requests routed to the backend. So when an individual-realm user hit Delete Account, the backend looked for their user ID in the trm realm, didn’t find it, returned a 404 โ and the gateway treated that 404 as a success.
The account appeared to delete. It didn’t. The user could sign right back in with the same credentials, none the wiser.
Two changes closed this gap. First, the gateway template was updated to stop overriding the realm header, letting the actual realm from the user’s JWT pass through. Second, the iOS app was updated to send the authorization token in the standard Authorization: Bearer header instead of a custom access-token header, so the gateway’s auth validator could properly authenticate the request.
This is the kind of bug that unit tests won’t catch because each component was doing its job correctly in isolation. The gateway forwarded the request. The backend processed it. The response came back. Nobody checked whether the request targeted the right user in the right realm โ because the realm was always being silently replaced before it got there.
Content Reporting and Legal Links
Two more additions bring the app in line with App Store content guidelines:
Report Suspicious Content is now available in Settings. Tapping it opens a pre-filled email to info@bluefunda.com. This satisfies Guideline 1.2’s requirement that apps with user-generated content provide a way to report objectionable material.
Privacy Policy and Terms of Service links are now in Settings under a Legal section. They open bluefunda.com/privacy and bluefunda.com/terms in Safari. These were already linked on the website but weren’t accessible from within the app itself.
An AI-generated content disclaimer now appears below the chat input, making it clear that responses come from an AI model and should be verified independently.
As part of this same change, the Upgrade Plan button that previously appeared in the sidebar has been removed. It linked to an external web checkout page, which creates a risk under Guideline 3.1.1 โ Apple’s rules around in-app purchases. Removing it simplifies the app and avoids a potential rejection during review.
Cleaning Up After Yourself
One more fix that came out of the account deletion work: after deleting your account and signing back in โ whether with a fresh account or different credentials โ old conversations from the deleted account no longer reappear.
The issue was that the app wasn’t clearing its in-memory state on disconnect. Conversation data, the current chat, MCP server subscriptions, and rate limit info all persisted in memory even after the session ended. When a new session started, the app merged fresh server data with the stale local state, and ghost conversations from the old account showed up in the sidebar.
The fix clears all user-specific state when the connection drops, so any new session starts clean. This matters beyond the deletion scenario โ it also prevents stale data from leaking between logout-and-login cycles during normal use.
What Changed
| Change | What It Does |
|---|---|
| Account Deletion | Delete your BlueFunda-AI account from iOS Settings |
| Content Reporting | Report objectionable content via email from Settings |
| Legal Links | Privacy Policy and Terms of Service accessible from within the app |
| AI Disclaimer | Visible notice that responses are AI-generated |
| State cleanup | No more ghost conversations after account deletion or logout |
Why This Matters
None of these changes add new capabilities to BlueFunda-AI. You can’t do anything with the app today that you couldn’t do last week. But that’s not the point.
Account deletion and content reporting are table stakes for a production iOS app. Getting them right โ including the realm-routing fix that would have made deletion silently fail for some users โ is the difference between checking a compliance box and actually honoring the commitment behind it.
If you’re on the iOS app, the update is available now. And if you ever need to use that Delete Account button, it’ll do what it says.
Ready to transform your SAP experience?
Join thousands of developers using BlueFunda AI tools.