This document specifies the /.well-known/delete-account URI, a well-known URI designed to provide users with direct access to account deletion functionality. This specification aims to improve user experience and reduce the implementation of dark patterns that make account deletion unnecessarily complicated.
The purpose of this specification is to:
- Define the /.well-known/delete-account URI
- Establish implementation guidelines for service providers
- Outline expected behavior for clients
- Promote user rights and control over their accounts
The well-known URI for account deletion follows this structure:
https://<domain>/.well-known/delete-account
Where <domain> is the domain name of the website or service.
- The path segment "/.well-known/" MUST be used.
- The identifier "delete-account" MUST be used exactly as specified.
- The URI MUST be case-insensitive.
This document defines the “.well-known” URI delete-account. This registration will be submitted to the IESG for review, approval, and registration with IANA using the template defined in WELL-KNOWN as follows:
| URI suffix | /delete-account |
| Change controller | Rishabh B. (https://github.com/rsb-23/) |
| Specification document(s) | Specification. 🔗 |
| Related information: | None |
- The /.well-known/delete-account URI MUST redirect to the account deletion page or process.
- The redirect SHOULD be a direct link to initiate the account deletion process.
- If additional verification is required, it SHOULD be handled on the destination page.
- The destination MUST NOT be a general account settings page unless the delete option is immediately visible.
- The account deletion process SHOULD be straightforward and free of unnecessary obstacles.
- Clients MAY use this URI to provide users with a direct link to delete their account.
- Clients SHOULD handle 404 responses gracefully, as not all services will implement this URI.
- Clients MAY inform users if a service does not support this well-known URI.
Given an origin, clients generate a delete account url by running these steps:
-
If origin is not a potentially trustworthy origin, return failure.
-
Let url be a new URL with values set as follows:
scheme origin’s scheme host origin’s host port origin’s port path ../.well-known/delete-account -
Return url.
The delete account url for origin https://example.com/ will be https://example.com/.well-known/delete-account.
- The account deletion page SHOULD be accessible and usable by each user.
- Clear instructions SHOULD be provided in plain language.
- A confirmation step MAY be included to prevent accidental deletions.
- Any confirmation step SHOULD be simple and direct.
- Clear information SHOULD be provided about what data will be deleted or retained.
- Options for data export MAY be offered before deletion, where applicable.
- Implementation MUST ensure that only authenticated and authorized users can delete their own accounts.
- HTTPS MUST be used to protect the user's privacy and security.
- Services SHOULD implement appropriate measures to prevent unauthorized bulk account deletions.
The /.well-known/delete-account URI aims to:
- Empower users to easily exercise their right to delete their accounts
- Simplify the account deletion process for users
- Discourage dark patterns in account management
- Standardize the location of account deletion functionality across services
- Enable password managers and similar tools to incorporate account deletion features, enhancing user control over their digital presence
Correct implementation:
https://example.com/.well-known/delete-account
-> Redirects to https://example.com/accounts/delete
Incorrect implementation:
https://example.com/.well-known/delete-account
-> Redirects to https://example.com/account-settings
- RFC 8615: Well-Known Uniform Resource Identifiers (URIs)
- Article 17 of GDPR: Right to erasure ('right to be forgotten')
- Version 0.1: Initial specification (Date: 25th September 2024)