My ex-friend threatened to sue me over my app

Kelvin Graddick · 3 minute read ·     

Lessons from an early app misstep

When I first started building mobile and web apps, I was focused on shipping features and getting people to use them. I did not really understand all the laws or compliance features you are supposed to have. I remember building one of my first social media type sites and having friends and family help with beta testing. Everyone was on there helping me find issues and test things out.

Then one of those friends and I fell out badly. He wanted to immediately cut ties with me and delete his user account, but he could not because I never built the delete‑user feature. I had not even thought about it at the time. He contacted me completely upset, threatening to get the app taken down and talking about suing and legal action because he could not delete his account and fully disconnect.

That situation taught me a valuable lesson: building products is more than writing code. We have an obligation to respect our users’ autonomy and the laws that protect them. Here are some of the lessons I learned.

Why account deletion matters

Users expect control over their data. My ex‑friend’s anger was not just about our personal falling out; it was about feeling trapped inside a system that would not let him leave. Today this expectation is enshrined in law. For example, Apple’s App Store rules require any app that allows account creation to give users an in‑app way to initiate deletion of their account and all associated data. Apple also advises developers to make the deletion option easy to find and to delete the entire account record, not just deactivate it.

Regulations enforce the “right to be forgotten.” The European Union’s General Data Protection Regulation (GDPR) gives individuals the right to have their personal data erased when it is no longer necessary or when consent is withdrawn. Organisations must take reasonable steps to inform other websites that an individual has requested erasure. California’s Consumer Privacy Act (CCPA) similarly grants residents the right to delete personal information collected from them and obliges businesses to respond to such requests. These laws apply broadly and demonstrate that account deletion is not optional—it is a fundamental privacy right.

Platform policies are tightening. Google Play’s user‑data policy now requires that apps providing account creation must also provide in‑app deletion of the account and associated data. Developers who fail to comply may see their apps removed after enforcement deadlines. Failing to build these features is not just poor user experience—it can jeopardise your entire business.

Lessons learned for builders

  • Design for full account lifecycle. Think beyond onboarding and feature development. From the first day you allow users to create an account, you need a plan for how they can delete it. This includes handling user‑generated content, linked subscriptions and authentication tokens.

  • Stay up‑to‑date with regulations. Laws like the GDPR, CCPA and new “Delete Acts” in various jurisdictions evolve quickly. Subscribe to industry newsletters, follow official documentation and consult legal counsel to make sure your app complies. Ignorance is not a defence when regulators come calling.

  • User trust is priceless. My ex‑friend’s threat may have been overblown, but his frustration was valid. By giving users transparent control over their data and respecting their decisions to leave, you build trust. That trust translates into long‑term loyalty and reduces the risk of public complaints or lawsuits.

Moving forward

At first, I thought the missing delete‑account feature was a small oversight. It turned out to be a big risk. Building apps today requires more than just coding skills; it requires an understanding of privacy, data protection and user rights. If you are working on an app that collects any personal data, take the time to implement a proper account deletion flow and document how you will handle user data. Protecting your users protects you.

For more information, check the App Store account deletion guidance, Google Play’s account deletion requirements, learn about California’s right to delete under the CCPA and revisit the GDPR’s right to be forgotten. These resources will help you design compliant, user‑friendly deletion processes and avoid the mistakes I made.

Want to share this?       

Software Developer.
App + Website Maker.
Content Creator.

Hi. I'm Kelvin Graddick also known as KG.codes. I'm a software developer / programmer, app + website developer, and content creator. I'm all about digital creation.

Home    Coding    Blog    Contact