You now own the off-ramp. From Account → Privacy & Data, two new controls:
Export my data — we email you a confirmation and download a JSON file with everything we hold about you: profile, projects, files, messages, subscription history, audit trail. Five exports per day, no charge.
Delete my account — type DELETE to confirm, and your account moves into a thirty-day soft-delete window. During that window:
- You can sign back in any time and cancel the deletion — no questions asked.
- A sticky banner across every dashboard page reminds you of the scheduled date and how many days remain.
- Sensitive actions (billing changes, publishing, approving a site) are gated; messaging support stays open in case you change your mind.
- Any active subscription is scheduled to cancel at the end of the current billing period.
After thirty days, our nightly cleanup job permanently purges your profile, projects, files, messages, and subscription history. Audit logs are anonymised — we keep them for security but strip your identity from them.
This is all GDPR Article 15 (right of access) and Article 17 (right to erasure) by design. The privacy policy at /privacy walks through it in full.