When https://meta.codidact.com/posts/286332 was asked, profile deletions were destructive hard deletes and we rightly wanted to build protections. Now, we have soft-deletes for profiles, and we get requests from people to delete their profiles that require manual work including confirming identity, and we should make this easier.

Proposal:

Add a "delete this profile" option somewhere in account settings.

Require the user to re-enter the password to proceed.

Show explanation about the effects of deletion. Ask user to choose: this community only, all communities.

Confirmation step: "your profile will be deleted on (list of communities); your posts will remain and no longer be attributed to you", require approval.

Soft-delete and log the event as an annotation.

Send email confirming the deletion, with instructions on how to undelete and a deadline (?). To protect people from having other people undelete their accounts, I think undeletion should require both a key that we include in that email and the password. If the first version of this feature doesn't implement undelete and that has to be manual, that's ok -- it's a rare case, but one we should handle at some point.

I don't know if we actually need a deadline. If somebody who was in good standing comes back six months later and says "I'd like to return", why not? We're never going to hard-delete the account, so it can stay soft-deleted forever, right?