Right to delete UX
A frictionless account-deletion flow that satisfies GDPR/CCPA while keeping the door open for reactivation. No dark patterns, no retention tricks — just clean, respectful UX.
Entry point
Place a single “Delete account” link in account settings. No nesting behind modals or confirmation walls. One click lands the user on a dedicated deletion page.
The page
- State clearly what will be deleted and when.
- Offer a data-export button before deletion.
- Show a 7-day grace period with automatic reversal.
- Require password re-entry — no one-click oops.
- Confirm with a single, unambiguous CTA.
After deletion
Send one confirmation email. Do not send “we miss you” drip campaigns. If the user returns within the grace period, restore their account with a single click and a brief toast.
Compliance notes
Log the deletion request timestamp and IP (hashed). Retain the deletion audit record for 24 months as required by GDPR Art. 17(3) for legal claims. Purge all PII from primary stores at the end of the grace period.
Meridian tip: A respectful deletion flow builds more trust than a retention hack ever will. Users who leave on good terms come back.