exitpage
Create page
All guides

Data Retention and Deletion: How to Shut Down Responsibly

August 22, 2024·7 min read

User data is both your product's most valuable asset and its most sensitive liability. When you shut down, you need a clear plan for what happens to it.

This guide covers the practical and legal requirements around data handling at end-of-life — written for founders, not lawyers. But note: this isn't legal advice. Consult a lawyer if you're handling sensitive data or have users in regulated jurisdictions.

What "user data" actually means

When we talk about user data in a shutdown context, we mean:

  • Account information: Names, email addresses, passwords (hashed), profile data
  • Content: Files, documents, notes, messages, or anything users created in your product
  • Behavioral data: Usage logs, analytics, interaction history
  • Payment data: Billing history, transaction records (rarely stored directly — usually at Stripe or similar)
  • Derived data: Any analysis, models, or outputs derived from user inputs

Each category has different retention requirements and different user expectations.

Your legal obligations

GDPR (European Union)

If you have any users in the EU, GDPR applies to you regardless of where your company is incorporated.

Key requirements for shutdown:

  1. Inform users about the shutdown and data deletion timeline. This is required under Article 12 (transparent communication).
  2. Data portability: Users have the right to export their data before you delete it (Article 20).
  3. Deletion: You must delete personal data when there's no longer a lawful basis for processing it. Shutdown is explicitly one such case.
  4. Timeline: You should delete data within 30 days of your stated deletion date.
  5. Documentation: Keep a record of what you deleted and when, even if the data itself is gone.

CCPA (California)

California users have the right to know what data you have, request deletion, and opt out of data sales. A shutdown doesn't exempt you from honoring outstanding deletion requests.

Other jurisdictions

Canada (PIPEDA), Brazil (LGPD), and many other countries have similar frameworks. If you have a user base in any jurisdiction with data protection laws — which is now most of the world — you have obligations.

A practical shutdown data plan

Step 1: Data inventory (do this first)

Before you can handle data responsibly, you need to know what you have and where it lives:

  • What databases are you running and what's in them?
  • What third-party services have you shared user data with? (Analytics tools, CRMs, email providers, etc.)
  • Do you have backups? Where are they stored?
  • Is there any user data in logs?

Document all of this. You'll need it.

Step 2: Enable data export

Users should be able to export all their content before you delete it. This means:

  • Building or enabling a data export feature if you don't already have one
  • Making the export easy to find and use (not buried in settings)
  • Communicating the export option in every shutdown notification

For many SaaS products, a simple CSV export or a ZIP file of user content is sufficient. The goal is to make sure users can get their data out.

Step 3: Communicate the timeline clearly

Your shutdown communications should include:

  • The date service will end
  • The date user data will be deleted (this is different and often overlooked)
  • Clear instructions for exporting data before the deadline

Make the deletion date prominent. Don't bury it.

Step 4: Notify your third-party processors

Every service you've shared user data with needs to know about the shutdown. This typically includes:

  • Email marketing tools (delete your subscriber lists)
  • Analytics platforms (delete your properties and data)
  • CRM systems (delete contact records)
  • Support platforms (delete ticket history with personal information)
  • Cloud storage providers (delete user-uploaded files)

For GDPR compliance, you need to instruct your data processors to delete the data they hold on your behalf.

Step 5: Execute deletion

On the scheduled deletion date:

  1. Delete all user data from your primary databases
  2. Delete all backups that contain user data (or overwrite them)
  3. Revoke access to your databases from all systems
  4. Confirm deletion with your third-party processors
  5. Document the deletion with timestamps

Step 6: Post-deletion maintenance

After deletion, you may still need to retain:

  • Financial records: Most jurisdictions require 7 years of financial records. Transaction data, invoices, and payment records should be retained even after user data is deleted. Strip out PII where possible.
  • Legal holds: If you're in any legal proceedings, consult your lawyer before deleting anything.
  • Aggregated analytics: Non-personal, aggregated data (e.g., "we had 10,000 MAUs in 2023") is generally fine to retain.

What to tell your users

In your shutdown announcement, include a clear, plain-language description of your data handling plan:

"We will keep your data accessible and exportable until Date. On Date + 30 days, all user data will be permanently deleted from our servers and backups. You can export your data at link until Date."

Simple. Direct. Honest.

A proper exit page is part of responsible shutdown. ExitPage.one helps you communicate your shutdown clearly to every user who visits your domain — now and in the future.

Handle downtime
with grace.

Create a beautiful status page in minutes — for shutdowns, pauses, or maintenance. Free forever.

Create your page →