Even years later, Twitter doesn’t delete direct me...

[propogandist]

That may've been true before, but in a post-GDPR world, you better delete it (assuming you're serving European users) -- unless of-course there's a legal reason to hold onto the data.