Danger Zone: Why Destructive Settings Now Live Behind a Confirmation Step
Danger Zone: Why Destructive Settings Now Live Behind a Confirmation Step
Release: v0.1.341
Overview
As of v0.1.341, the Danger Zone — which contains account deletion, organisation reset, and data purge actions — has been moved out of the main Settings tab bar and into its own dedicated route with a required confirmation step.
This change affects all users who manage settings in the platform dashboard.
What's different
Before
The Settings page displayed six tabs in a single tab bar:
- Profile
- Organisation
- Appearance
- Reminders
- Integrations
- Danger Zone
Although the Danger Zone tab was visually de-emphasised when inactive, it was one click away from any other settings tab — normalising its presence alongside routine configuration options.
After
The Settings page now displays five tabs:
- Profile
- Organisation
- Appearance
- Reminders
- Integrations
At the very bottom of the Settings page, below all tab content, there is a small red Danger Zone text link. Clicking it navigates to /dashboard/settings/danger.
Before any destructive actions are shown, users must complete a confirmation step: typing their organisation name into a prompt. Only after confirming does the Danger Zone content become visible.
The confirmation-gated route
Route: /dashboard/settings/danger
On arrival at this route, users are presented with a confirmation gate before any destructive controls are rendered. The gate requires the user to type their exact organisation name to proceed.
This means:
- Destructive actions are not visible without an affirmative, deliberate step.
- Accidental navigation (e.g. tab-clicking through settings) cannot inadvertently expose deletion controls.
- The confirmation requirement is separate from — and in addition to — any confirmation dialogs on the destructive actions themselves.
Destructive actions covered
The following actions remain available within the Danger Zone, accessible only after the confirmation step:
- Account deletion — permanently removes the user account.
- Organisation reset — resets the organisation back to its initial state.
- Data purge — permanently deletes stored data associated with the account.
None of these actions have changed in behaviour. Only their accessibility path has changed.
Design rationale
This pattern is consistent with how other platforms handle destructive settings:
| Platform | Approach |
|---|---|
| GitHub | Danger Zone at bottom of repo settings, confirmation-gated |
| Vercel | Destructive project actions on a separate, scrolled-to section with typed confirmation |
| Stripe | Destructive account actions behind explicit typed confirmation |
The core principle: requiring confirmation to view is a stronger guard than requiring confirmation only to execute. By the time a user sees a 'Delete account' button, the act of navigating there should itself have been intentional.
Summary of changes
| What | Before | After |
|---|---|---|
| Danger Zone location | Settings tab bar (6th tab) | Separate route /dashboard/settings/danger |
| Access method | Click tab | Click red text link at bottom of Settings page |
| Confirmation requirement | Only on destructive action execution | Required to enter the route, plus on execution |
| Tab bar tab count | 6 | 5 |