search

getsentry / sentry

Developer-first error tracking and performance monitoring
https://sentry.io
Other
38.36k stars 4.11k forks source link

Sunset inactive accounts #24647

Open chadwhitacre opened 3 years ago

chadwhitacre commented 3 years ago

Summary

Sometimes users sign up, and they start using Sentry right away. A year later they are happy customers. Other times, it takes a few months for them to get going. And then sometimes a user signs up, and drifts away, never to return. It can be a signal that we're in charge of our situation if we deactivate or delete these accounts after a year or two.

Motivation

Not sure how much this matters in terms of resource consumption or security surface, and how much is simply hygiene and projection of with-it-ness.

Additional Context

I'm ticketing this from a Twitter thread where a user with a six-year-old inactive account is wondering why we never cleaned up.

chadwhitacre commented 3 years ago

Ping @getsentry/enterprise @bowencai8 @jusigler ... fielded this idea from a[n inactive] user via Twitter. Thoughts? Something we have or want to consider?

bowencai8 commented 3 years ago

Six years of inactivity is certainly a long time, but I don't see a compelling reason to close inactive accounts as they could restart usage at any point.

leedongwei commented 3 years ago

Deactivating accounts would require us to build a login path to let them reactivate accounts if they come back, so I'm not too keen on doing that. Deleting accounts would not be good as there are apps in maintenance mode that the devs infrequently check on.

I'm trying to understand if the general complaint is due to Sentry sending them a weekly email about their usage even though they are inactive, or if it's about data privacy.

romantomjak commented 3 years ago

Hey 👋 I'm the customer from the Twitter thread. I signed up for Sentry many, many years ago and I can't quite remember why it didn't work out at the time, but this week I was again in the market for an error tracking product and I stumbled upon Sentry. I was very surprised when I already had an account even though I did not remember signing up. I searched my email and turns out I did sign up ~6 years ago! 🧙‍♂️

My account was completely abandoned - I did not use API keys, no logins, no errors tracked, nothing. I would be very happy if I'd receive an email that my account was marked for deletion after about a year of no activity whatsoever.

Netflix does something similiar - they send out emails to customers who have stopped watching for more than a year asking to confirm if they want to keep the subscription. If no confirmation is received, they cancel the subscription and another year later they delete the account. Customer can "recover" their account anytime between when the email was sent and the actual deletion of the account 🚀

This might seem like a thing not worth the effort, but I really think it would show that you care about your customers and their data and that you don't hold on to the data forever ❤️

BYK commented 3 years ago

Hey @romantomjak, thanks for bringing this up and then following up on the issue here!

@leedongwei I think implementing something like this would be good for security too as stale accounts are more vulnerable and they may cause damage to both Sentry and the account owner. Pinging @getsentry/security for assesment here.

chadwhitacre commented 3 years ago

Circling back from private Slack ... sounds like this is something we want to do, for security and other reasons. Thanks for the report, @romantomjak! :)