Under a client profile page there is a delete client option for staff, that requires ACL permissions to access. This option only works if the client has no invoices, services, or transactions, including cancelled or paid invoices.

This option should be updated to delete all of the client's data, so long as the following conditions are met:

• No open invoices
• No recurring invoices
• No active services

The action should delete:

• All invoices belonging to this client
• All services, including service meta data for this client
• All transactions for this client
• All contacts (The primary client contact, and all other types) belonging to this client
• The client's email logs
• The client's "Set Packages" for restricted packages.
• The client's contact update logs
• The client's authentication logs
• The client's client settings
• The client's custom contact fields
• The client's notes (staff notes for the client)
• The client's payment accounts (CC & ACH)
• The client's tickets (If the Support Manager is installed)
• The client's orders (If the Order Manager is installed)

Regarding the last item, it may be necessary to add an optional method or event for plugins to delete client specific data.

Essentially, there should be no record of the client.

There may be evidence in the module log for services provisioned, if they have not yet been rotated out, but we do not need to touch this. It's up to each company to have a proper rotation policy in place to delete logs that would normally be rotated by Blesta.

Message should say something about this being permanent, and the staff member must enter their password.
This should all happen in a transaction via events