Delete account

Problem Context

• The account may own profile data, authentication credentials, posts, messages, files, projects, billing records, subscriptions, purchases, app data, linked apps, third-party sign-in tokens, organization memberships, child-account data, and audit records.
• The deletion may be immediate, scheduled, request-based, regulatorily constrained, support-assisted for highly regulated products, or partially blocked by legal, fraud, safety, billing, enterprise, or child-account requirements.
• Users may need to initiate deletion inside an app, through a direct web link after uninstall, or from an account settings surface.
• The product may need to distinguish whole-account deletion from deleting one service, removing an account from a device, signing out, disabling, deactivating, unsubscribing, or changing privacy settings.

Selection Rules

• Choose delete account when the user's goal is account-level closure and associated data deletion or erasure request.
• Use destructive action confirmation for one destructive object command; delete account is broader because it spans identity, personal data, linked services, retention, and account recovery.
• Use typed confirmation as an escalation inside delete account when the account email, username, workspace, or broad scope must be reproduced to prevent wrong-account deletion.
• Use data export before or near delete account when users may want a copy, but do not imply export deletes source data.
• Use settings management for ordinary account or privacy preferences that keep the account active.
• Use restore from trash only when the account or data can be recovered faithfully inside a stated window.
• Make the deletion option easy to find from account settings or an equivalent account-control surface.
• Name the exact account, provider, workspace, or child account before users confirm deletion.
• List affected services, associated data categories, retained data, subscriptions, linked apps, sign-in methods, recovery options, and request timing.
• If deletion cannot be self-serve because of regulated-industry, enterprise, legal, safety, fraud, or billing constraints, explain the required request or support path and status.

Required States

• Discoverable account deletion entry point in account settings or a direct web deletion resource.
• Account identity review state showing email, username, provider, workspace, organization, or child account.
• Data and service scope state listing deleted, retained, public, third-party, subscription, billing, and linked-service effects.
• Download or export data first state that clearly says export does not delete the account.
• Identity verification, reauthentication, or two-factor state before deletion request submission.
• Typed confirmation or acknowledgement state for severe account closure.
• Subscription, billing, purchase, entitlement, or app-store cancellation warning state.
• Legal retention, backup retention, fraud/safety log, public content, recipient notification, or refusal state.
• Scheduled deletion, pending request, processing, completed, canceled, expired recovery window, and failed request states.
• Wrong-account, support-required, enterprise-managed, child-account, and already-deleted recovery states.

Interaction Contract

• The product provides a direct, discoverable account deletion path when users can create an account.
• The flow identifies the account being deleted before any irreversible request is submitted.
• Deleting an account is never presented as the same action as sign out, remove from device, unsubscribe, data export, service deletion, or temporary deactivation.
• Users can review or download data before deletion without that export changing the deletion state.
• The final action remains unavailable until identity checks, acknowledgements, typed confirmation, blockers, or support requirements are satisfied.
• The UI states what data will be deleted, what may be retained, why, and whether backup or recipient erasure happens later.
• The account deletion request produces a durable status, request ID, notification, or receipt when completion is not immediate.
• Cancel, recover, or restore paths are shown only when they are genuinely available and include the time window.

Implementation Checklist

• Inventory account-owned data, service memberships, authentication providers, billing records, purchases, subscriptions, linked apps, organizations, public content, backups, and legal retention classes.
• Define whether deletion is immediate, scheduled, request-based, support-required, enterprise-managed, or blocked, and model each state explicitly.
• Provide a direct in-app entry point and public web deletion resource where platform policy or product context requires it.
• Show the signed-in account identity, affected services, retained data, and recovery window before the final confirmation.
• Offer data export before deletion while clearly separating export from erasure.
• Add reauthentication, two-factor, typed confirmation, or approval gates for severe scope or wrong-account risk.
• Handle active subscriptions, unpaid invoices, refunds, app-store billing, legal holds, fraud locks, child accounts, and enterprise ownership before commit.
• Generate a request ID or receipt and status updates for scheduled, pending, refused, partial, or completed deletion.
• Test wrong account, multiple accounts, SSO, deleted email address, app uninstall web path, mobile deep link, expired recovery window, backup retention, and screen-reader progress states.

Common Generated-UI Mistakes

• Offering only deactivate, disable, sign out, remove from device, unsubscribe, or contact support when users need account deletion.
• Hiding account deletion behind unrelated settings, FAQs, email support, a vague privacy page, or an unlabeled Delete button.
• Combining data export and account deletion into one ambiguous control.
• Failing to name the signed-in account, provider, child account, or workspace before deletion.
• Claiming immediate full erasure while retaining backups, legal records, invoices, fraud logs, public copies, or recipient copies without explanation.
• Deleting subscriptions, purchases, entitlements, or third-party tokens without explaining their separate cancellation or revocation path.
• Leaving users with no request ID, status, notification, or recovery information after a long-running deletion request.

Critique Questions

• Can users find the account deletion path from account settings or the required public web resource?
• What exact account, provider, workspace, or child account will be closed?
• Which data and services are deleted, retained, transferred, public, or outside the product's control?
• What billing, subscription, purchase, entitlement, linked-app, or sign-in-token consequences remain?
• Can users export data first without confusing export with deletion?
• What proof shows deletion was scheduled, completed, blocked, refused, canceled, or recoverable?
• What time window applies to request response, scheduled deletion, backup overwrite, and account recovery?