Immutable append only persistent log doesn't imply store everything _forever_.
If you want to remove something you could add a tombstone record (like Cassandra) and eventually remove the original entry during routine maintenance operations like repacking into a more efficient format, archival into cold storage, TTL handling etc.
Best method is to encrypt data with a per user key so you if you delete the encryption key that customer's data cannot be read. You can create a new customer key at a fixed time interval to make deletion more granular.
Things like types that encode what events are legal in a log, first class support for data versions, fast file read and writes, etc