diff --git a/pkg/service/proto/admin.pb.go b/pkg/service/proto/admin.pb.go
new file mode 100644
index 0000000..bcc7681
--- /dev/null
+++ b/pkg/service/proto/admin.pb.go
@@ -0,0 +1,203 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.15.5
+// source: pkg/service/proto/admin.proto
+
+package admin
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type DeleteDataRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	TenantId string `protobuf:"bytes,1,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"`
+}
+
+func (x *DeleteDataRequest) Reset() {
+	*x = DeleteDataRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pkg_service_proto_admin_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DeleteDataRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteDataRequest) ProtoMessage() {}
+
+func (x *DeleteDataRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_pkg_service_proto_admin_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteDataRequest.ProtoReflect.Descriptor instead.
+func (*DeleteDataRequest) Descriptor() ([]byte, []int) {
+	return file_pkg_service_proto_admin_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *DeleteDataRequest) GetTenantId() string {
+	if x != nil {
+		return x.TenantId
+	}
+	return ""
+}
+
+type DeleteDataResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+}
+
+func (x *DeleteDataResponse) Reset() {
+	*x = DeleteDataResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_pkg_service_proto_admin_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DeleteDataResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteDataResponse) ProtoMessage() {}
+
+func (x *DeleteDataResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_pkg_service_proto_admin_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteDataResponse.ProtoReflect.Descriptor instead.
+func (*DeleteDataResponse) Descriptor() ([]byte, []int) {
+	return file_pkg_service_proto_admin_proto_rawDescGZIP(), []int{1}
+}
+
+var File_pkg_service_proto_admin_proto protoreflect.FileDescriptor
+
+var file_pkg_service_proto_admin_proto_rawDesc = []byte{
+	0x0a, 0x1d, 0x70, 0x6b, 0x67, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x05, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x22, 0x30, 0x0a, 0x11, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65,
+	0x44, 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x74,
+	0x65, 0x6e, 0x61, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+	0x74, 0x65, 0x6e, 0x61, 0x6e, 0x74, 0x49, 0x64, 0x22, 0x14, 0x0a, 0x12, 0x44, 0x65, 0x6c, 0x65,
+	0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0x4c,
+	0x0a, 0x05, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x12, 0x43, 0x0a, 0x0a, 0x44, 0x65, 0x6c, 0x65, 0x74,
+	0x65, 0x44, 0x61, 0x74, 0x61, 0x12, 0x18, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x44, 0x65,
+	0x6c, 0x65, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x19, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x61,
+	0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x0f, 0x5a, 0x0d,
+	0x2e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x62, 0x06, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_pkg_service_proto_admin_proto_rawDescOnce sync.Once
+	file_pkg_service_proto_admin_proto_rawDescData = file_pkg_service_proto_admin_proto_rawDesc
+)
+
+func file_pkg_service_proto_admin_proto_rawDescGZIP() []byte {
+	file_pkg_service_proto_admin_proto_rawDescOnce.Do(func() {
+		file_pkg_service_proto_admin_proto_rawDescData = protoimpl.X.CompressGZIP(file_pkg_service_proto_admin_proto_rawDescData)
+	})
+	return file_pkg_service_proto_admin_proto_rawDescData
+}
+
+var file_pkg_service_proto_admin_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_pkg_service_proto_admin_proto_goTypes = []interface{}{
+	(*DeleteDataRequest)(nil),  // 0: admin.DeleteDataRequest
+	(*DeleteDataResponse)(nil), // 1: admin.DeleteDataResponse
+}
+var file_pkg_service_proto_admin_proto_depIdxs = []int32{
+	0, // 0: admin.Admin.DeleteData:input_type -> admin.DeleteDataRequest
+	1, // 1: admin.Admin.DeleteData:output_type -> admin.DeleteDataResponse
+	1, // [1:2] is the sub-list for method output_type
+	0, // [0:1] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_pkg_service_proto_admin_proto_init() }
+func file_pkg_service_proto_admin_proto_init() {
+	if File_pkg_service_proto_admin_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_pkg_service_proto_admin_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DeleteDataRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_pkg_service_proto_admin_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DeleteDataResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_pkg_service_proto_admin_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_pkg_service_proto_admin_proto_goTypes,
+		DependencyIndexes: file_pkg_service_proto_admin_proto_depIdxs,
+		MessageInfos:      file_pkg_service_proto_admin_proto_msgTypes,
+	}.Build()
+	File_pkg_service_proto_admin_proto = out.File
+	file_pkg_service_proto_admin_proto_rawDesc = nil
+	file_pkg_service_proto_admin_proto_goTypes = nil
+	file_pkg_service_proto_admin_proto_depIdxs = nil
+}
diff --git a/pkg/service/proto/admin.pb.micro.go b/pkg/service/proto/admin.pb.micro.go
new file mode 100644
index 0000000..615dd18
--- /dev/null
+++ b/pkg/service/proto/admin.pb.micro.go
@@ -0,0 +1,93 @@
+// Code generated by protoc-gen-micro. DO NOT EDIT.
+// source: pkg/service/proto/admin.proto
+
+package admin
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
+
+import (
+	context "context"
+	api "github.com/micro/micro/v3/service/api"
+	client "github.com/micro/micro/v3/service/client"
+	server "github.com/micro/micro/v3/service/server"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
+var _ context.Context
+var _ client.Option
+var _ server.Option
+
+// Api Endpoints for Admin service
+
+func NewAdminEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
+// Client API for Admin service
+
+type AdminService interface {
+	DeleteData(ctx context.Context, in *DeleteDataRequest, opts ...client.CallOption) (*DeleteDataResponse, error)
+}
+
+type adminService struct {
+	c    client.Client
+	name string
+}
+
+func NewAdminService(name string, c client.Client) AdminService {
+	return &adminService{
+		c:    c,
+		name: name,
+	}
+}
+
+func (c *adminService) DeleteData(ctx context.Context, in *DeleteDataRequest, opts ...client.CallOption) (*DeleteDataResponse, error) {
+	req := c.c.NewRequest(c.name, "Admin.DeleteData", in)
+	out := new(DeleteDataResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// Server API for Admin service
+
+type AdminHandler interface {
+	DeleteData(context.Context, *DeleteDataRequest, *DeleteDataResponse) error
+}
+
+func RegisterAdminHandler(s server.Server, hdlr AdminHandler, opts ...server.HandlerOption) error {
+	type admin interface {
+		DeleteData(ctx context.Context, in *DeleteDataRequest, out *DeleteDataResponse) error
+	}
+	type Admin struct {
+		admin
+	}
+	h := &adminHandler{hdlr}
+	return s.Handle(s.NewHandler(&Admin{h}, opts...))
+}
+
+type adminHandler struct {
+	AdminHandler
+}
+
+func (h *adminHandler) DeleteData(ctx context.Context, in *DeleteDataRequest, out *DeleteDataResponse) error {
+	return h.AdminHandler.DeleteData(ctx, in, out)
+}
diff --git a/pkg/service/proto/admin.proto b/pkg/service/proto/admin.proto
new file mode 100644
index 0000000..bd3e723
--- /dev/null
+++ b/pkg/service/proto/admin.proto
@@ -0,0 +1,16 @@
+syntax = "proto3";
+
+package admin;
+
+option go_package = "./proto;admin";
+
+service Admin {
+  rpc DeleteData(DeleteDataRequest) returns (DeleteDataResponse) {}
+
+}
+
+message DeleteDataRequest {
+  string tenant_id = 1;
+}
+
+message DeleteDataResponse {}
diff --git a/user/domain/domain.go b/user/domain/domain.go
index ea358d2..5f1b31b 100644
--- a/user/domain/domain.go
+++ b/user/domain/domain.go
@@ -556,3 +556,17 @@ func (domain *Domain) CacheReadToken(ctx context.Context, token string) (string,
 
 	return email, nil
 }
+
+func (domain *Domain) DeleteTenantData(tenantID string) error {
+	keys, err := domain.store.List(store.ListPrefix(getStoreKeyPrefixForTenent(tenantID)))
+	if err != nil {
+		return err
+	}
+	for _, k := range keys {
+		if err := domain.store.Delete(k); err != nil {
+			return err
+		}
+	}
+	logger.Infof("Deleted %d keys for user %s", len(keys), tenantID)
+	return nil
+}
diff --git a/user/domain/store_key.go b/user/domain/store_key.go
index 8ee8166..b199667 100644
--- a/user/domain/store_key.go
+++ b/user/domain/store_key.go
@@ -14,9 +14,13 @@ func getStoreKeyPrefix(ctx context.Context) string {
 		tenantId = "micro"
 	}
 
-	tenantId = strings.Replace(strings.Replace(tenantId, "/", "_", -1), "-", "_", -1)
+	return getStoreKeyPrefixForTenent(tenantId)
+}
 
-	return fmt.Sprintf("user/%s/", tenantId)
+func getStoreKeyPrefixForTenent(tenantID string) string {
+	tid := strings.Replace(strings.Replace(tenantID, "/", "_", -1), "-", "_", -1)
+
+	return fmt.Sprintf("user/%s/", tid)
 }
 
 func generateAccountStoreKey(ctx context.Context, userId string) string {
diff --git a/user/handler/handler.go b/user/handler/handler.go
index 32ead74..c372939 100644
--- a/user/handler/handler.go
+++ b/user/handler/handler.go
@@ -1,7 +1,7 @@
 package handler
 
 import (
-	goctx "context"
+	"context"
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
@@ -10,11 +10,12 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+	"github.com/micro/micro/v3/service/auth"
 	"github.com/micro/micro/v3/service/errors"
 	"github.com/micro/micro/v3/service/logger"
 	"github.com/micro/micro/v3/service/store"
+	adminpb "github.com/micro/services/pkg/service/proto"
 	"golang.org/x/crypto/bcrypt"
-	"golang.org/x/net/context"
 
 	otp "github.com/micro/services/otp/proto"
 	"github.com/micro/services/user/domain"
@@ -408,7 +409,7 @@ func (s *User) ResetPassword(ctx context.Context, req *pb.ResetPasswordRequest,
 	return nil
 }
 
-func (s *User) List(ctx goctx.Context, request *pb.ListRequest, response *pb.ListResponse) error {
+func (s *User) List(ctx context.Context, request *pb.ListRequest, response *pb.ListResponse) error {
 	accs, err := s.domain.List(ctx, request.Offset, request.Limit)
 	if err != nil && err != domain.ErrNotFound {
 		return errors.InternalServerError("user.List", "Error retrieving user list")
@@ -507,3 +508,40 @@ func (s *User) VerifyToken(ctx context.Context, req *pb.VerifyTokenRequest, rsp
 
 	return nil
 }
+
+func (s *User) DeleteData(ctx context.Context, request *adminpb.DeleteDataRequest, response *adminpb.DeleteDataResponse) error {
+	if _, err := verifyMicroAdmin(ctx, "user.DeleteData"); err != nil {
+		return err
+	}
+
+	if len(request.TenantId) == 0 {
+		return errors.BadRequest("user.DeleteData", "Missing tenant ID")
+	}
+	return s.domain.DeleteTenantData(request.TenantId)
+}
+
+func verifyMicroAdmin(ctx context.Context, method string) (*auth.Account, error) {
+	acc, ok := auth.AccountFromContext(ctx)
+	if !ok {
+		return nil, errors.Unauthorized(method, "Unauthorized")
+	}
+	if err := doVerifyMicroAdmin(acc, method); err != nil {
+		return nil, err
+	}
+	return acc, nil
+}
+
+func doVerifyMicroAdmin(acc *auth.Account, method string) error {
+	errForbid := errors.Forbidden(method, "Forbidden")
+	if acc.Issuer != "micro" {
+		return errForbid
+	}
+
+	for _, s := range acc.Scopes {
+		if (s == "admin" && acc.Type == "user") || (s == "service" && acc.Type == "service") {
+			return nil
+		}
+	}
+	return errForbid
+
+}
diff --git a/user/main.go b/user/main.go
index a929446..8edab04 100644
--- a/user/main.go
+++ b/user/main.go
@@ -6,6 +6,7 @@ import (
 	"github.com/micro/micro/v3/service/store"
 
 	otp "github.com/micro/services/otp/proto"
+	adminpb "github.com/micro/services/pkg/service/proto"
 	"github.com/micro/services/pkg/tracing"
 	"github.com/micro/services/user/handler"
 	proto "github.com/micro/services/user/proto"
@@ -23,6 +24,7 @@ func main() {
 	)
 
 	proto.RegisterUserHandler(srv.Server(), hd)
+	adminpb.RegisterAdminHandler(srv.Server(), hd)
 	traceCloser := tracing.SetupOpentracing("user")
 	defer traceCloser.Close()